Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by Su (08-08-2018 22:08:34) Running from C:\Users\Su\Downloads Windows 10 Pro Version 1803 17134.191 (X64) (2018-08-04 22:26:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3916214333-3310981510-3962207731-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3916214333-3310981510-3962207731-503 - Limited - Disabled) Guest (S-1-5-21-3916214333-3310981510-3962207731-501 - Limited - Enabled) Su (S-1-5-21-3916214333-3310981510-3962207731-1001 - Administrator - Enabled) => C:\Users\Su WDAGUtilityAccount (S-1-5-21-3916214333-3310981510-3962207731-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1Password (HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 7.1.567 - AgileBits Inc.) Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.56.2162 - Electronic Arts) CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office Language Interface Pack 2007 - Tiếng Việt (HKLM-x32\...\{95120000-00FF-042A-0000-0000000FF1CE}) (Version: 12.0.4518.1067 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) NiceHash Miner 2 0.2.6 (only current user) (HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.6 - NiceHash d.o.o) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.24.5022 - Electronic Arts, Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0717.072014 - Razer Inc.) UsbFix Anti-Malware Premium (HKLM-x32\...\UsbFix) (Version: 10.0.2.1 - SOSVirus (SOSVirus.Net)) VietPN 1.3 (HKLM-x32\...\VietPN) (Version: 1.3 - ) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Su\AppData\Local\Microsoft\OneDrive\18.145.0719.0003\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Su\AppData\Local\Microsoft\OneDrive\18.145.0719.0003\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Su\AppData\Local\Microsoft\OneDrive\18.145.0719.0003\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-10] (Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-10] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3BA6F6AF-C3F5-461D-93C5-0C88566F491A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.) Task: {5D1F349C-8893-44C3-AC2B-4DD63EBE235A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {6403AAA1-D3EF-4A17-8FF3-F933E06A2A68} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {B257C8B4-A437-4E27-920C-AD14875BA8EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.) Task: {BD51F68D-B359-489F-AA10-FD6DD09C3C63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {DC4E7745-DB7F-476D-AD47-57A8F84AB012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-08-05 10:11 - 2018-07-04 02:59 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-08-05 10:11 - 2018-06-19 03:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-08-05 20:20 - 2018-08-05 20:20 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe 2018-08-05 13:57 - 2018-07-18 01:42 - 000013736 _____ () C:\Program Files (x86)\Origin Games\Battlefield 1\Engine.BuildInfo_Win64_retail.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 001273344 _____ () C:\Program Files (x86)\Origin\x64\twitchsdk_64_release.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 000361103 _____ () C:\Program Files (x86)\Origin\x64\swresample-ttv-0.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 000688161 _____ () C:\Program Files (x86)\Origin\x64\libmp3lame-ttv.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 000653832 _____ () C:\Program Files (x86)\Origin\x64\avutil-ttv-51.dll 2018-07-18 01:42 - 2018-07-18 01:42 - 002372520 _____ () C:\Program Files (x86)\Origin Games\Battlefield 1\Extension.Twinkle.JavaScriptCore_Win64_retail.dll 2018-08-05 13:53 - 2018-07-31 06:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll 2018-08-05 13:53 - 2018-07-31 06:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll 2018-08-05 13:52 - 2018-08-05 13:52 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL 2018-08-05 13:52 - 2018-08-05 13:52 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2018-08-05 13:57 - 2018-06-11 11:48 - 001014160 _____ () C:\Users\Su\AppData\Local\1password\app\7\x86\opw.dll 2018-08-05 13:57 - 2018-06-11 11:48 - 000806288 _____ () C:\Users\Su\AppData\Local\1password\app\7\x86\e_sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-03-19 00:33 - 2018-03-19 00:31 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Su\Desktop\18904_en_1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "vksts" HKLM\...\StartupApproved\Run: => "HarmonyUserStartup" HKLM\...\StartupApproved\Run: => "CsrHCRPServer" HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl" HKLM\...\StartupApproved\Run: => "CsrSyncMLServer" HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{78AE1BFC-963B-43E3-A59C-0591B54206D5}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe FirewallRules: [TCP Query User{6E7D51AC-FB5E-453E-99D6-69066FFB8556}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe FirewallRules: [{50D1855C-EBC7-4ECC-B764-191DFCE9B6E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0992986F-9053-47FA-AC4B-82FE51BB3C97}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [{13EBBBB7-BEFF-424F-B204-F6C3A6431E01}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [{AF7D5E03-74A8-4DE8-A2B0-56E80B37C84A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [{17C3136E-5995-4CDE-BDAE-C83503D68725}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [TCP Query User{CEDBFD95-FB16-4078-A705-11992051DC10}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe FirewallRules: [UDP Query User{E74C963B-88BF-46D8-AE81-28159AA4A051}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe ==================== Restore Points ========================= 08-08-2018 07:24:05 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/08/2018 08:27:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 1Password.exe, version: 7.1.567.0, time stamp: 0x5b1e99e2 Faulting module name: KERNELBASE.dll, version: 10.0.17134.165, time stamp: 0xfa43f4b2 Exception code: 0xe0434352 Fault offset: 0x0010ddc2 Faulting process id: 0x2ab0 Faulting application start time: 0x01d42f1b8293c384 Faulting application path: C:\Users\Su\AppData\Local\1password\app\7\1Password.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 8ad5ec19-c582-4602-adb3-a174abf1da3d Faulting package full name: Faulting package-relative application ID: Error: (08/08/2018 08:27:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: 1Password.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at AgileBits.OnePassword.NativeMessagingHost.OpenAppStream() at AgileBits.OnePassword.NativeMessagingHost+d__10.MoveNext() Exception Info: System.AggregateException at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean) at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken) at System.Threading.Tasks.Task.Wait() at AgileBits.OnePassword.NativeMessagingHost.Run(System.String[]) at AgileBits.OnePassword.Program.Main(System.String[]) Error: (08/08/2018 06:05:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program emutest.exe version 1.4.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 954 Start Time: 01d42efe9d4a6bc5 Termination Time: 4294967295 Application Path: D:\PM\Novicorp Bootable USB Test 1.4.0000 Portable\emutest.exe Report Id: dafc12d0-b12c-4f51-aa2d-c0546e0fdc61 Faulting package full name: Faulting package-relative application ID: Error: (08/08/2018 02:18:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program UsbFix.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2528 Start Time: 01d42e834cafcabd Termination Time: 4294967295 Application Path: C:\Program Files (x86)\UsbFix\UsbFix.exe Report Id: c15de7e2-1b4f-4734-8272-4d5ae461db6e Faulting package full name: Faulting package-relative application ID: Error: (08/07/2018 10:29:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b Faulting module name: CsrBtOBEXService.exe, version: 2.1.63.0, time stamp: 0x4f68683b Exception code: 0xc0000005 Fault offset: 0x0000000000006f58 Faulting process id: 0x3aec Faulting application start time: 0x01d42e632f344f9f Faulting application path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Faulting module path: C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe Report Id: 0f0b1365-40c4-46e8-91cd-c5a43b5fe9c2 Faulting package full name: Faulting package-relative application ID: Error: (08/07/2018 12:33:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.17134.1, time stamp: 0xc9403716 Faulting module name: OLEAUT32.dll, version: 10.0.17134.48, time stamp: 0xebd737a3 Exception code: 0xc0000005 Fault offset: 0x000000000000a548 Faulting process id: 0x3730 Faulting application start time: 0x01d42daaea0a0fd8 Faulting application path: C:\Program Files\internet explorer\iexplore.exe Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll Report Id: 623a5a2a-c563-405d-aae5-34341eb8923d Faulting package full name: Faulting package-relative application ID: Error: (08/06/2018 11:17:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e Faulting module name: KERNELBASE.dll, version: 6.2.17134.165, time stamp: 0xfa43f4b2 Exception code: 0xc0020001 Fault offset: 0x0010ddc2 Faulting process id: 0x%9 Faulting application start time: 0xCustomDesktopLogo.exe0 Faulting application path: CustomDesktopLogo.exe1 Faulting module path: CustomDesktopLogo.exe2 Report Id: CustomDesktopLogo.exe3 Faulting package full name: CustomDesktopLogo.exe4 Faulting package-relative application ID: CustomDesktopLogo.exe5 Error: (08/06/2018 11:17:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CustomDesktopLogo.exe, version: 2.2.0.0, time stamp: 0x48fd123e Faulting module name: KERNELBASE.dll, version: 6.2.17134.165, time stamp: 0xfa43f4b2 Exception code: 0xc0020001 Fault offset: 0x0010ddc2 Faulting process id: 0x%9 Faulting application start time: 0xCustomDesktopLogo.exe0 Faulting application path: CustomDesktopLogo.exe1 Faulting module path: CustomDesktopLogo.exe2 Report Id: CustomDesktopLogo.exe3 Faulting package full name: CustomDesktopLogo.exe4 Faulting package-relative application ID: CustomDesktopLogo.exe5 System errors: ============= Error: (08/08/2018 09:15:51 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 09:07:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 08:49:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 08:49:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 08:27:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 08:12:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/08/2018 07:35:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-08-06 17:17:55.023 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B54CFF2F-858F-412E-A686-FA9AA9CEE01D} Scan Type: Antimalware Scan Parameters: Quick Scan CodeIntegrity: =================================== Date: 2018-08-08 20:55:42.393 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 20:55:42.393 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 20:55:42.392 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 20:55:42.391 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 19:25:21.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 19:13:51.195 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 19:12:33.876 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-08-08 19:12:33.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 50% Total physical RAM: 16322.45 MB Available physical RAM: 8030.67 MB Total Virtual: 18754.45 MB Available Virtual: 5673.42 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.34 GB) (Free:321.02 GB) NTFS Drive d: (Data) (Fixed) (Total:3726.02 GB) (Free:1799.24 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:931.39 GB) (Free:716.72 GB) NTFS \\?\Volume{60d1b2c3-e230-4f46-b624-8ad7de3aca7e}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{f4b178aa-e594-4c27-9193-a1d6bd1bbab5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 88A2E294) Partition: GPT. ======================================================== Disk: 2 (Size: 476.9 GB) (Disk ID: 9CE9E907) Partition: GPT. ==================== End of Addition.txt ============================