Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017 Ran by PAUL (17-05-2017 16:57:47) Running from C:\Users\PAUL\Desktop\FRST Windows 8.1 (Update) (X64) (2014-11-06 17:08:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1375163193-2629173629-2764439304-500 - Administrator - Disabled) Guest (S-1-5-21-1375163193-2629173629-2764439304-501 - Limited - Enabled) => C:\Users\Guest PAUL (S-1-5-21-1375163193-2629173629-2764439304-1001 - Administrator - Enabled) => C:\Users\PAUL ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - ) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Photoshop 7.0 CE (HKLM-x32\...\Adobe Photoshop 7.0 CE) (Version: 7.0 CE - Adobe Systems, Inc.) Adobe Reader XI (11.0.20) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2531.57 - CyberLink Corp.) Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden doPDF (Version: 8.0.907 - Softland) Hidden doPDF 8 (HKLM-x32\...\{d38b571a-1bb2-47f5-9194-b5956174c0cf}) (Version: 8.0.907 - Softland) ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.) ffdshow v1.3.4527 [2013-12-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4527.0 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Packard Bell) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Packard Bell) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.137 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM-x32\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 53.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 pl)) (Version: 53.0.2 - Mozilla) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{72FA3932-13F2-4AC2-9859-80DFB3E32D27}) (Version: 8.0.907 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{56C7F352-A03D-447C-98C2-7185F6067CC1}) (Version: 8.0.907 - Softland) novaPDF 8 Printer Driver (HKLM\...\{8B94B029-DF00-4314-BE5F-96AAA44D0B5A}) (Version: 8.0.907 - Softland) OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Packard Bell) Packard Bell Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Packard Bell) Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Packard Bell) Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Packard Bell) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1375163193-2629173629-2764439304-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\PAUL\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09BF981D-1941-4277-961B-854CEA603BA2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {4D65F161-9748-48A9-9328-D8F8986E55C5} - System32\Tasks\SafeZone scheduled Autoupdate 1479733706 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software) Task: {60AFD539-7D0C-4DC4-998B-F6C7BAC97C82} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-02-22] () Task: {6C3EA29B-E5AF-498F-A78E-C84984C67BE6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-10] (Microsoft Corporation) Task: {7FAC9F4D-1A5F-4B2F-94E5-875E0723F00A} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-05-19] () Task: {A20BF1FD-4805-4C37-AB98-31D45BDB6FD0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software) Task: {AE315974-244F-4801-ABD6-A3DB2E1A7DB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {CB579D27-BBF1-4600-9D6E-C85EB932868C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {D4667EE3-7B14-4F00-9586-81D5D96F06C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {DC0119B4-9D04-46C2-AEC9-425D09BE4A3E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software) Task: {DDC228B1-D1D2-4042-A8A8-D7308F14CE7F} - System32\Tasks\Launch Manager => C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate) Task: {E177E7F7-B9E2-46FF-8427-B38294551DF0} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated) Task: {F5806BED-CB90-45D2-BC21-DBDBE3F2B7D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated) Task: {FCF9FC12-4043-4ACB-B554-330DBB9A0E1D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe [2013-01-24] (Acer Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\PAUL\Favorites\Packard Bell\Packard Bell.lnk -> hxxp://www.packardbell.com ==================== Loaded Modules (Whitelisted) ============== 2014-05-19 16:48 - 2014-05-19 16:48 - 00017920 _____ () C:\WINDOWS\System32\novamn8.dll 2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-05-17 16:21 - 2017-05-17 16:21 - 00130933 _____ () C:\WINDOWS\TEMP\2a9a7188-2f9b-4c02-a7f4-5421caf99ace\AgileDotNetRT64.dll 2017-05-17 16:22 - 2017-05-17 16:22 - 00130933 _____ () C:\WINDOWS\TEMP\2baca5df-110d-4425-83de-0e951af60763\AgileDotNetRT64.dll 2013-04-15 20:23 - 2013-04-15 20:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-04-15 20:20 - 2013-04-15 20:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-04-15 20:25 - 2013-04-15 20:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2017-05-17 16:40 - 2017-05-17 16:40 - 04102600 _____ () C:\Users\PAUL\Downloads\AdwCleaner.exe 2017-05-10 10:20 - 2017-05-10 10:20 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-05-10 10:20 - 2017-05-10 10:20 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-05-17 16:22 - 2017-05-17 16:22 - 00098816 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32api.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00110080 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\pywintypes27.dll 2017-05-17 16:22 - 2017-05-17 16:22 - 00364544 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\pythoncom27.dll 2017-05-17 16:22 - 2017-05-17 16:22 - 00320512 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32com.shell.shell.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00914432 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_hashlib.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 01176576 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._core_.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00806400 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._gdi_.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00816128 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._windows_.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 01067008 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._controls_.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00733184 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._misc_.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00682496 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\pysqlite2._sqlite.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00088064 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_ctypes.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00686080 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\unicodedata.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00119808 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32file.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00108544 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32security.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00007168 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\hashobjs_ext.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00017920 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\thumbnails_ext.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00088064 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\usb_ext.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00012800 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\common.time34.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00018432 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32event.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00167936 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32gui.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00046080 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_socket.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 01303552 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_ssl.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00128512 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_elementtree.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00127488 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\pyexpat.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00038912 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32inet.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00036864 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_psutil_windows.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00524248 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\windows._lib_cacheinvalidation.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00011264 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32crypt.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00123392 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._wizard.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00077312 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._html2.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00027648 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_multiprocessing.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00020480 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\_yappi.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00035840 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32process.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00078848 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\wx._animate.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00024064 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32pipe.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00010240 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\select.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00025600 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32pdh.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00017408 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32profile.pyd 2017-05-17 16:22 - 2017-05-17 16:22 - 00022528 ____R () C:\Users\PAUL\AppData\Local\Temp\_MEI43602\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2017-05-12 17:02 - 00000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1375163193-2629173629-2764439304-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PAUL\Desktop\alle\the-joker-the-dark-knight-wallpaper-3.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKU\S-1-5-21-1375163193-2629173629-2764439304-1001\...\StartupApproved\Run: => "Napisy24.pl" HKU\S-1-5-21-1375163193-2629173629-2764439304-1001\...\StartupApproved\Run: => "Napisy24Update" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{7B205214-F400-4835-8389-1F4973EE450A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [TCP Query User{D3340914-A96E-4914-93D5-41859B0D6A24}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{257E6306-21F5-4EE7-831B-9BBD73CB90C4}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe FirewallRules: [TCP Query User{13883029-9947-48A7-A526-39F22D0F0818}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe FirewallRules: [{F8975405-C385-479E-8CBF-E3403E59839A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{27B0EE3D-A011-49A0-A8EA-A12595F92235}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{48D2D929-3B96-4807-8384-9F4EDB1E8A2D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{A9584939-B91F-4553-83E4-ED30E6E26FEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{387FA1FC-2FD0-4C71-B312-06FDD0C7D8C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{BC1C28CB-80A6-4DE2-A6E2-709E6CDC7AF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{ED14F697-6FEE-43BA-BE13-3642E2B01C48}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{D4F24439-899A-4B30-AF6C-B31C5144D8E7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{A16E464B-EE69-4BAC-B474-A3AEFDED1F37}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{43457ABB-D9FD-41C6-8C2E-1D41606A6694}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{1900E7FD-D560-4DDE-96C0-0DBE2BAAF3A2}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{86310F9E-4FF2-4733-9210-B890648BD85D}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{8F06697A-77B4-4BC5-9040-C3ECC2D07B13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BDC6F593-AF64-41A0-9928-7DE25A73B678}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{6CE14375-2357-4938-974C-52F7C254DA58}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{01DDF5F8-062B-4FA6-8C17-5FD28FAF73E9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{D5E8852E-8FA9-4BCA-9906-1A6116816008}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{353F3184-54F2-49DF-86C8-04BE8A4220F5}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{53573D07-F036-478F-AD70-3753B94FEE9E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{F10BEBB1-3449-4539-8663-1BDF4C125FA3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{9892889F-B64E-4D59-9AF1-44E5A3C2CD77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1989EDF4-2A9E-4DCF-B7C5-6E8EB7AD3C69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C59E85DA-A3B6-4AF4-A4E7-F5B1B0437FCA}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{7FC5153C-9CE5-4921-83DE-4DBAE4BD2BFD}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{96B862AE-1DE5-473D-9E4F-C6937B1BCFBF}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{970FD1A4-AE62-4222-8432-4695714A05C9}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{1FFC2AD5-B901-4944-B9CE-8E906988FFE9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{4B3F85BF-54B3-4906-BE90-D36CE605DBF8}] => (Allow) C:\Program Files (x86)\MIO\loader\toshibaxmq01abd100_6357p3xatxx6357p3xat.dat FirewallRules: [{78B73177-4E36-4B09-B2F0-8603EA1531A2}] => (Allow) C:\Program Files (x86)\MIO\loader\toshibaxmq01abd100_6357p3xatxx6357p3xat.dat FirewallRules: [{5612EF2C-EB66-4058-A9AD-36E502CF76B9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe FirewallRules: [{0264BD9D-227F-4B74-9FD0-293629DFADC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-04-2017 17:44:16 Scheduled Checkpoint 04-05-2017 15:51:26 Removed AlphaGo 10-05-2017 11:15:43 Windows Update 15-05-2017 20:05:11 Removed Norton Online Backup 17-05-2017 16:18:28 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/17/2017 04:36:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 2.0.3008.0, time stamp: 0x5126f5f8 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0x404 Faulting application start time: 0x01d2cf1b0573ae51 Faulting application path: C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 465080fd-3b0e-11e7-bf04-6002b409892f Faulting package full name: Faulting package-relative application ID: Error: (05/17/2017 04:36:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: updater.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException Stack: at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) at System.Xml.XmlDocument.Load(System.Xml.XmlReader) at System.Xml.XmlDocument.Load(System.String) at updater.Report.AddFPToResult(updater.Result) at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs) at updater.DownloadMgr.DownloadFile(System.String, System.String) at updater.DownloadMgr.Worker(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (05/17/2017 04:18:27 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8ecc2f16-db30-4ede-b8c6-6675ad5ee596} Error: (05/17/2017 02:15:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005). Error: (05/17/2017 02:05:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 2.0.3008.0, time stamp: 0x5126f5f8 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0x1298 Faulting application start time: 0x01d2cf05eaa43d55 Faulting application path: C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 2a255190-3af9-11e7-bf03-6002b409892f Faulting package full name: Faulting package-relative application ID: Error: (05/17/2017 02:05:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: updater.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException Stack: at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) at System.Xml.XmlDocument.Load(System.Xml.XmlReader) at System.Xml.XmlDocument.Load(System.String) at updater.Report.AddFPToResult(updater.Result) at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs) at updater.DownloadMgr.DownloadFile(System.String, System.String) at updater.DownloadMgr.Worker(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (05/17/2017 01:05:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 2.0.3008.0, time stamp: 0x5126f5f8 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0xeb4 Faulting application start time: 0x01d2cefd884748d4 Faulting application path: C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: c7d1c45e-3af0-11e7-bf03-6002b409892f Faulting package full name: Faulting package-relative application ID: Error: (05/17/2017 01:05:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: updater.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException Stack: at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) at System.Xml.XmlDocument.Load(System.Xml.XmlReader) at System.Xml.XmlDocument.Load(System.String) at updater.Report.AddFPToResult(updater.Result) at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs) at updater.DownloadMgr.DownloadFile(System.String, System.String) at updater.DownloadMgr.Worker(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() Error: (05/17/2017 10:23:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: updater.exe, version: 2.0.3008.0, time stamp: 0x5126f5f8 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f33794 Exception code: 0xe0434352 Fault offset: 0x00000000000095fc Faulting process id: 0xbc Faulting application start time: 0x01d2cee6e61d22c9 Faulting application path: C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 2576b426-3ada-11e7-bf03-6002b409892f Faulting package full name: Faulting package-relative application ID: Error: (05/17/2017 10:23:47 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: updater.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException Stack: at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String) at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean) at System.Xml.XmlDocument.Load(System.Xml.XmlReader) at System.Xml.XmlDocument.Load(System.String) at updater.Report.AddFPToResult(updater.Result) at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs) at updater.DownloadMgr.DownloadFile(System.String, System.String) at updater.DownloadMgr.Worker(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() System errors: ============= Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ePower Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service. Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Launch Manager Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/17/2017 04:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-05-04 15:37:05.927 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-04 11:45:52.817 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-04 11:18:44.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-04 10:35:14.259 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-04 10:35:13.228 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-04 10:35:13.165 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-03 17:49:09.402 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-03 17:49:08.434 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-03 17:49:08.402 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-20 18:44:49.773 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics Percentage of memory in use: 25% Total physical RAM: 7621.01 MB Available physical RAM: 5704.92 MB Total Virtual: 8837.01 MB Available Virtual: 6964.55 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:458.48 GB) (Free:376.12 GB) NTFS Drive e: (New Volume) (Fixed) (Total:457.38 GB) (Free:422.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3CBFA8C0) Partition: GPT. ==================== End of Addition.txt ============================