Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection, avast was removed (frstlog)


  • This topic is locked This topic is locked
2 replies to this topic

#1 danijov88

danijov88

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:06 AM

Posted 04 September 2016 - 04:23 PM

So i'm jumping right in to the action here. I was on holiday so i did not use my computer for a few days except my sister who used it for normal stuff like, facebook youtube and normal browsing.  Well i used it a couple of days ago and from a coincidense i noticed there is no avast and i asked my sister if she unistalled it and she said no. I'm now also experiencing slow internet, some pages dont open properly i have to F5 or go back and try again. I called my provider to see if they had some problems in my area or any other custumers reacted but they said no. I'm now turning my hopes to you guyes. Can sombodey please assist me?

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Dossev (04-09-2016 23:04:57)
Running from C:\Users\Dossev\Downloads
Windows 10 Home Version 1511 (X64) (2016-04-01 15:17:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administratör (S-1-5-21-111878471-1073023971-2913708380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111878471-1073023971-2913708380-503 - Limited - Disabled)
Dossev (S-1-5-21-111878471-1073023971-2913708380-1001 - Administrator - Enabled) => C:\Users\Dossev
Gäst (S-1-5-21-111878471-1073023971-2913708380-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-111878471-1073023971-2913708380-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple-programstöd (32-bitar) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple-programstöd (64-bitar) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Arcanum Of Steamworks and Magick Obscura (HKLM-x32\...\Arcanum Of Steamworks and Magick Obscura_is1) (Version:  - GOG.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FM Genie Scout 12 version 1.2 (HKLM-x32\...\FM Genie Scout 12_is1) (Version: 1.2 - )
Football Manager 2012 (HKLM\...\Steam App 71270) (Version:  - Sports Interactive)
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hard Disk Low Level Format Tool 2.36 build 1181 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
IPFilter (HKLM-x32\...\{BAA919AB-2D0B-43D2-B258-B27FCD633334}) (Version: 2.2.2.0 - David Moore)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{27A9512F-B284-490A-97B7-40713556476D}) (Version: 7.21.0.159 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{DFEFDADB-A98C-4AA0-BD7B-55CD4E554DC0}) (Version: 7.22.0.120 - Skype Technologies S.A.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-drivrutinspaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-drivrutinspaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows-drivrutinspaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.18 - VSO Software)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{070219A6-00C9-4147-A0A0-BA9518737749}\localserver32 -> C:\Users\Dossev\AppData\Local\SkypePlugin\7.22.0.120\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dossev\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{7B901B1C-1210-4C6D-B66C-2028783DAE2A}\InprocServer32 -> C:\Users\Dossev\AppData\Local\SkypePlugin\7.21.0.159\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{8A00ACF3-DBA4-4858-8D6D-9C818926FD72}\localserver32 -> C:\Users\Dossev\AppData\Local\SkypePlugin\7.21.0.159\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{9F48481E-98E0-49E0-9258-617102B357E7}\InprocServer32 -> C:\Users\Dossev\AppData\Local\SkypePlugin\7.22.0.120\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-111878471-1073023971-2913708380-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Dossev\AppData\Local\SkypePlugin\7.22.0.120\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0706216E-63E1-403B-9C5A-58A6DDE6774F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-01] (Google Inc.)
Task: {207F4E82-214A-4B0F-8DCA-994E11388175} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-03] (AVAST Software)
Task: {4482AA66-6180-4127-953F-0C60032535DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-12] (Microsoft Corporation)
Task: {5C10E382-F881-4C6C-9151-3DABA4F3DD17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-01] (Google Inc.)
Task: {6FA07FC7-39E7-4293-AE5F-83C353FA8377} - System32\Tasks\SafeZone scheduled Autoupdate 1472896683 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {77F398AA-FAFB-45CA-A10C-CAE18C18C739} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {95241A34-894A-4EB0-8B54-41E23E24E94A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {B268A5DD-3B8D-4266-A7C0-17C5554D795D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-08-12] (Microsoft Corporation)
Task: {B48DCDC2-4402-4B77-B328-249204FE4A01} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-01 11:03 - 2016-08-25 23:12 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-13 19:41 - 2016-07-01 06:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-13 19:41 - 2016-07-01 06:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-19 18:43 - 2016-04-19 18:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 14:53 - 2016-02-13 14:53 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 19:44 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 19:44 - 2016-07-01 05:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-07-13 19:41 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 19:42 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 19:41 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 19:41 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-04-02 00:46 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-02 00:46 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-03 11:52 - 2016-09-03 11:52 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-03 11:52 - 2016-09-03 11:52 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-04 19:01 - 2016-09-04 19:01 - 03080312 _____ () C:\Program Files\AVAST Software\Avast\defs\16090400\algo.dll
2016-04-19 18:43 - 2016-04-19 18:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:43 - 2016-04-19 18:45 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-01 11:52 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-09-03 11:52 - 2016-09-03 11:52 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 09:24 - 2016-09-03 13:59 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111878471-1073023971-2913708380-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dossev\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111878471-1073023971-2913708380-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6ECD041F-EC4E-46A0-9149-36B27808C9A5}] => (Allow) C:\Users\Dossev\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F6540A1-F1A2-40E3-9D35-8D2AA8189774}] => (Allow) C:\Users\Dossev\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27902CF0-ADEF-4B93-A303-F3C7FFEE4AB0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B046B844-E9FB-4487-83F8-2E927845D05F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{193472CC-9D6C-425B-9914-9B3CBDAF27A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DBE407CA-EEA4-4A85-8B4C-9A63D8C0ADC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3186AD42-48A4-40D1-8814-DCAB1312538C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C3E2289A-A9D1-47BB-B9BB-71B0A1B65C92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4DBA6170-B271-4580-A287-75DFE0D25437}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E6EE3498-B4D4-486C-A0A7-9B4347393494}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A90B4DDA-30AD-4A6E-AADE-0E6989AE6326}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B1320167-0965-469D-9F70-2FF01563FD09}] => (Allow) C:\Guild Wars 2\Gw2.exe
FirewallRules: [{4924747B-36EC-4191-93E4-5E9B54B6255E}] => (Allow) C:\Guild Wars 2\Gw2.exe
FirewallRules: [{78E59813-7DA3-42C8-A6CE-3341942D018F}] => (Allow) C:\Guild Wars 2\Gw2.exe
FirewallRules: [{34FEE771-6788-4BBE-8139-31FC71407E00}] => (Allow) C:\Guild Wars 2\Gw2.exe
FirewallRules: [{A17DE015-5254-46CF-8D4F-7A64A4213F1F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C04C55F-42C8-41B2-9C6C-BC8AF5B50201}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0D3CAC99-70B1-4AA1-9F97-3B4234C56F75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{25219E36-9090-4E1C-8F11-859D9C81A30E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2AC40B93-FE4D-44F3-B829-35917E492187}] => (Allow) LPort=2869
FirewallRules: [{EA707331-025B-4EB1-B51F-315A7AD6D08A}] => (Allow) LPort=1900
FirewallRules: [{A9E792B6-7502-4C4E-99DD-E939BFEA582F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F4740F5F-643C-472D-B559-EAF9ED1B3B0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C57A3D35-1B4E-4AB3-AC22-2ED5564E8E05}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{777F28EF-E3DF-4D48-8F81-6AA5B7F07C25}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B06CCBFB-E2CF-4236-8347-71DCBBF1E173}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{23824EA7-A3DE-4CB6-A1D4-37177C97BB62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2012\fm.exe
FirewallRules: [{C4EAA197-8379-4A32-9826-3D4D1EC93B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2012\fm.exe
FirewallRules: [{E7E18E78-76F8-49AF-BB66-A220D637DF9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{9F7061F3-D242-467C-9BB0-A464EF47D46E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{ABD244C3-B0F6-4BB8-823D-5CC8DB2CA8DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{62179653-C2E1-49CC-B003-1D0204A05286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{119AD0F3-D59E-454D-90FC-77EBF1B09F04}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A0CB8666-EC84-4BC4-BE60-EA111EBF9315}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{22D7508E-1329-473E-B064-C18790D63A91}C:\users\dossev\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dossev\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{AFA6F4FD-7AB7-4179-9F35-54D82E65FD6C}C:\users\dossev\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\dossev\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{2A29353C-79D9-41B2-A26F-ED5D37B750CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3EDDB00-1DA0-4562-BF91-00C72C2EE7A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1EEBCC-98F2-49BC-BD3B-94053A3844FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{35245FB3-D313-4622-ABEF-94ED42215B5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50054BB8-04E2-45DB-BF5E-F9ED2576F493}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2A3D6D88-8647-4C57-8D3F-397AF97C2EF0}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{57A041C2-8D0E-474A-8E77-EAA347D30506}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{ABD05A62-9A8F-4141-8825-463206914B99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DB26987F-FB82-4CC4-AA54-0C7FB4AE51DC}C:\users\dossev\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\dossev\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{60F9051D-11EE-4DD8-A975-4AE0ABD829D1}C:\users\dossev\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\dossev\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{C49A060A-9F69-4A81-8C5D-BCCA1C00F092}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{4C600A29-837B-4D29-A49B-382DF57B0BEC}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{07C3748C-0F3E-4E66-90BE-EC867BE1089F}] => (Allow) LPort=1688
FirewallRules: [{4EBB8C6E-213A-416F-ADF0-D8E45C623193}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A97A6898-9087-4C21-A28D-D0C487E815F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7F9F9F8E-C98A-42B4-935C-743632C49723}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
28-08-2016 17:01:47 Schemalagd kontrollpunkt
01-09-2016 11:28:16 Installation av enhetsdrivrutinspaket: www.MotioninJoy.com Xbox 360 Peripherals
03-09-2016 13:35:59 ASU_MSI_TRAN
03-09-2016 13:36:42 Removed Gothic III
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2016 07:47:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TEBTH40)
Description: Aktiveringen av appen Microsoft.Windows.Photos_8wekyb3d8bbwe!App misslyckades med felet: -2144927141 Mer information finns i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (09/04/2016 02:14:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Det finns ett fel i manifest- eller principfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL på rad 1.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition är UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/04/2016 02:11:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Det finns ett fel i manifest- eller principfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL på rad 1.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition är UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/03/2016 01:56:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: SearchUI.exe, version 10.0.10586.494, tidsstämpel 0x5775e69a
, felet uppstod i modulen med namn: twinapi.appcore.dll, version 10.0.10586.494, tidsstämpel 0x5775e2d9
Undantagskod: 0xc000027b
Felförskjutning: 0x000000000004b1c9
Process-ID: 0x11f0
Programmets starttid: 0x01d205d6f90be3b9
Sökväg till program: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Sökväg till modul: C:\Windows\System32\twinapi.appcore.dll
Rapport-ID: 66a6b56a-e2e7-4562-b669-7d9d57846c17
Fullständigt namn på felaktigt paket: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Program-ID relativt till felaktigt paket: CortanaUI
 
Error: (09/03/2016 01:37:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Åtkomst nekad.
.
 
Error: (09/03/2016 01:36:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Anropet OnIdentity() i systemskrivarobjektet misslyckades för tjänsten Cryptographic Services.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Åtkomst nekad.
.
 
Error: (09/03/2016 01:24:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet adwcleaner_6.010.exe, version 6.0.1.0, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken i Säkerhet och underhåll på Kontrollpanelen.
 
Process-ID: 1270
 
Starttid: 01d205d4e42bc959
 
Avslutningstid: 17
 
Programsökväg: C:\Users\Dossev\Downloads\adwcleaner_6.010.exe
 
Rapport-ID: fe9fa6c4-71c8-11e6-b43e-1c75084a3903
 
Fullständigt namn på felaktigt paket: 
 
Program-ID relativt till felaktigt paket:
 
Error: (09/03/2016 01:08:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Det finns ett fel i manifest- eller principfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL på rad 1.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition är UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/03/2016 12:21:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Det finns ett fel i manifest- eller principfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL på rad 1.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition är UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/03/2016 11:59:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-TEBTH40)
Description: Paketet windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel avslutades eftersom det tog för lång tid att pausa det.
 
 
System errors:
=============
Error: (09/04/2016 07:47:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TEBTH40)
Description: Servern App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca registrerades inte med DCOM inom erforderlig timeout.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
Error: (09/04/2016 12:20:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TEBTH40)
Description: Behörighetsinställningarna datorstandardvärde ger inte Lokal behörigheten Aktivering för COM-serverprogrammet med CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 och APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 till användaren DESKTOP-TEBTH40\Dossev SID (S-1-5-21-111878471-1073023971-2913708380-1001) från adress LocalHost (med LRPC) som körs i programbehållaren Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Det går att ändra säkerhetsbehörigheten med hjälp av administrationsverktyget Komponenttjänster.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-04 11:14:34.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-03 14:02:47.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-03 11:55:00.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:55:00.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:59.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:59.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:58.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:58.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:49.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-03 11:54:49.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 43%
Total physical RAM: 3766.7 MB
Available physical RAM: 2140.16 MB
Total Virtual: 4790.7 MB
Available Virtual: 3089.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:288.23 GB) (Free:148.94 GB) NTFS
Drive e: (Data) (Fixed) (Total:288.3 GB) (Free:195.88 GB) NTFS
Drive h: () (Removable) (Total:7.4 GB) (Free:5.13 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 38E14C4E)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=288.3 GB) - (Type=05)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 09 September 2016 - 04:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/625722 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 11 September 2016 - 05:24 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users