Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by DrH (2016-07-01 16:50:56)
Running from C:\Users\DrH\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-29 21:08:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2056519803-1839500514-3053012104-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2056519803-1839500514-3053012104-503 - Limited - Disabled)
DrH (S-1-5-21-2056519803-1839500514-3053012104-1001 - Administrator - Enabled) => C:\Users\DrH
Guest (S-1-5-21-2056519803-1839500514-3053012104-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.35.6237 - BlueStack Systems, Inc.)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metin2 (HKLM-x32\...\Metin2_US_is1) (Version: - Gameforge 4D GmbH)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2056519803-1839500514-3053012104-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {25F9CB08-5899-4618-96FE-EAF7BB71629A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {5927CC47-BA0D-4903-8019-A17C13B9F6AE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {905F40D3-FEC7-4C91-A732-26CDBA00A59E} - System32\Tasks\SafeZone scheduled Autoupdate 1467235451 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {AD3BD42F-7D4A-414F-B937-45F70AFB1D2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {CC86E3DE-8FB1-436F-8ABD-D6161AC3AA15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {EED27692-2A79-4527-83E8-B1A3C573203E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-30 00:41 - 2016-06-30 00:41 - 00959168 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-30 02:56 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-30 02:58 - 2016-04-23 07:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-06-30 00:13 - 2016-06-23 16:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-30 00:13 - 2016-06-23 16:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-06-30 02:59 - 2016-05-28 06:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-30 02:57 - 2016-05-28 06:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-30 02:58 - 2016-05-28 06:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-30 02:58 - 2016-05-28 06:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-01 11:58 - 2016-07-01 11:58 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070101\algo.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-30 00:41 - 2016-06-30 00:41 - 00679624 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-30 19:19 - 2016-03-09 09:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2056519803-1839500514-3053012104-1001\Control Panel\Desktop\\Wallpaper -> c:\users\drh\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\background.jpg
DNS Servers: 193.140.216.203 - 193.140.216.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{03CA4EB8-4EE3-4923-AAD1-2ED037FF41DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4708198A-F8F9-48E4-B408-77C5D41DE80E}] => (Allow) E:\GameforgeLive\gfl_client.exe
FirewallRules: [{C0CD5CCB-0F1E-4A4D-A6F1-D4BA3DE7364F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/01/2016 02:39:32 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (07/01/2016 02:39:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
Error: (07/01/2016 02:38:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2016 12:42:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/01/2016 12:42:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/01/2016 12:42:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
System errors:
=============
Error: (07/01/2016 04:50:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 03:43:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 03:10:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-06-30 09:24:48.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 03:04:23.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 00:25:32.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 00:04:54.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8080.36 MB
Available physical RAM: 4105.9 MB
Total Virtual: 10000.36 MB
Available Virtual: 5522.28 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:73.93 GB) NTFS
Drive e: () (Fixed) (Total:134.74 GB) (Free:130.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08B93E60)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=134.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by DrH (2016-07-01 16:50:56)
Running from C:\Users\DrH\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-29 21:08:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2056519803-1839500514-3053012104-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2056519803-1839500514-3053012104-503 - Limited - Disabled)
DrH (S-1-5-21-2056519803-1839500514-3053012104-1001 - Administrator - Enabled) => C:\Users\DrH
Guest (S-1-5-21-2056519803-1839500514-3053012104-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.35.6237 - BlueStack Systems, Inc.)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metin2 (HKLM-x32\...\Metin2_US_is1) (Version: - Gameforge 4D GmbH)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2056519803-1839500514-3053012104-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {25F9CB08-5899-4618-96FE-EAF7BB71629A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {5927CC47-BA0D-4903-8019-A17C13B9F6AE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)
Task: {905F40D3-FEC7-4C91-A732-26CDBA00A59E} - System32\Tasks\SafeZone scheduled Autoupdate 1467235451 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {AD3BD42F-7D4A-414F-B937-45F70AFB1D2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {CC86E3DE-8FB1-436F-8ABD-D6161AC3AA15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {EED27692-2A79-4527-83E8-B1A3C573203E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-30 02:58 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-30 00:41 - 2016-06-30 00:41 - 00959168 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-30 02:56 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-06-30 02:58 - 2016-04-23 07:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-06-30 00:13 - 2016-06-23 16:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-30 00:13 - 2016-06-23 16:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-06-30 02:59 - 2016-05-28 06:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-30 02:57 - 2016-05-28 06:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-30 02:58 - 2016-05-28 06:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-30 02:58 - 2016-05-28 06:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-01 11:58 - 2016-07-01 11:58 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070101\algo.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-30 01:15 - 2016-06-30 01:15 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-30 00:41 - 2016-06-30 00:41 - 00679624 _____ () C:\Users\DrH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-06-30 19:19 - 2016-03-09 09:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-06-30 00:22 - 2016-06-30 00:22 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2056519803-1839500514-3053012104-1001\Control Panel\Desktop\\Wallpaper -> c:\users\drh\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\background.jpg
DNS Servers: 193.140.216.203 - 193.140.216.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{03CA4EB8-4EE3-4923-AAD1-2ED037FF41DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4708198A-F8F9-48E4-B408-77C5D41DE80E}] => (Allow) E:\GameforgeLive\gfl_client.exe
FirewallRules: [{C0CD5CCB-0F1E-4A4D-A6F1-D4BA3DE7364F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/01/2016 02:39:32 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (07/01/2016 02:39:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (07/01/2016 02:39:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
Error: (07/01/2016 02:38:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (07/01/2016 12:42:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (07/01/2016 12:42:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/01/2016 12:42:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
System errors:
=============
Error: (07/01/2016 04:50:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 03:43:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 03:10:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_28f908f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:43:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/01/2016 12:04:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_140d1f9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-06-30 09:24:48.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 03:04:23.770
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 00:25:32.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 00:04:54.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8080.36 MB
Available physical RAM: 4105.9 MB
Total Virtual: 10000.36 MB
Available Virtual: 5522.28 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:73.93 GB) NTFS
Drive e: () (Fixed) (Total:134.74 GB) (Free:130.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08B93E60)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=134.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================