Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017 Ran by Oli (23-05-2017 17:27:12) Running from C:\Users\Oli\Desktop\FRST Windows 8.1 (Update) (X64) (2017-02-19 01:21:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2083115291-1334581206-888238541-500 - Administrator - Disabled) Guest (S-1-5-21-2083115291-1334581206-888238541-501 - Limited - Disabled) Oli (S-1-5-21-2083115291-1334581206-888238541-1001 - Administrator - Enabled) => C:\Users\Oli ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ALLPlayer Remote Control (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 1.4 - ALLPlayer Group, Ltd.) ALLPlayer V7.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.2.0.0 - Vondos Media GmbH) <==== ATTENTION ESET NOD32 Antivirus (HKLM\...\{5656F8BD-C371-40AE-A3BB-C900FF745F1A}) (Version: 10.1.204.1 - ESET, spol. s r.o.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 53.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 pl)) (Version: 53.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) OpenOffice 4.1.3 (HKLM-x32\...\{4D71C348-C964-442D-B2DB-5160E46FB664}) (Version: 4.13.9783 - Apache Software Foundation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.) ScreenShot (HKLM-x32\...\ScreenShot) (Version: 2.0.4 - Filseclab Corporation) Secenacas version 2.0 (HKLM-x32\...\Secenacas_is1) (Version: 2.0 - ) Spotify (HKU\S-1-5-21-2083115291-1334581206-888238541-1001\...\Spotify) (Version: 1.0.54.1079.g3809528e - Spotify AB) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-02-19 03:46 - 2016-12-29 15:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2083115291-1334581206-888238541-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oli\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5D1D79D5-FD0F-44C4-A123-AD2515EDEC09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7C987BAE-9C96-4653-B9AA-10D1D0B533EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{0A805563-5C9E-4BD9-B67D-EEEDC884160D}C:\users\oli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oli\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{1A102E1D-A58B-43FB-A1A6-267BEA9F3685}C:\users\oli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oli\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C3605C5D-6709-41F7-AE1B-273141B622B3}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{442E5221-4E29-47ED-9DD2-B2376C0F5C85}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{400F5D65-01B0-4381-9204-99E580466023}] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{A7F55D01-F0D7-40A1-B598-8F00CC8A675E}] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [{9844F484-B5D5-4B04-B1EA-8EB1978D870F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{DAAC8F95-0FC5-459B-AB7A-D10C524D6C71}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe ==================== Restore Points ========================= 06-05-2017 11:15:19 Windows Update 10-05-2017 18:18:25 Windows Update 12-05-2017 18:42:07 SPTD setup V1.89 22-05-2017 17:43:53 Scheduled Checkpoint 23-05-2017 16:53:31 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/23/2017 04:53:31 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8e8ce271-ea18-41ec-a7f3-5a7f1da8c4ff} Error: (05/12/2017 06:42:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7364841b-8bb3-4524-a28d-1aba2abc667c} Error: (05/11/2017 09:58:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bugreport.exe, version: 6.10.449.30619, time stamp: 0x57426dfa Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d Exception code: 0xc0000022 Fault offset: 0x0009d3c2 Faulting process id: 0xb54 Faulting application start time: 0x01d2ca90f49229a0 Faulting application path: C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 345019f6-3684-11e7-825f-6c71d982d1b2 Faulting package full name: Faulting package-relative application ID: Error: (05/11/2017 07:12:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mrt.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9 Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6ee3 Exception code: 0xc0000005 Fault offset: 0x000000000003a02f Faulting process id: 0xbd4 Faulting application start time: 0x01d2ca79b2bcba32 Faulting application path: C:\WINDOWS\system32\mrt.exe Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll Report Id: fda4794e-366c-11e7-825f-6c71d982d1b2 Faulting package full name: Faulting package-relative application ID: Error: (04/21/2017 05:23:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WINWORD.EXE, version: 12.0.4518.1014, time stamp: 0x45428028 Faulting module name: oart.dll, version: 12.0.4518.1014, time stamp: 0x454283f8 Exception code: 0xc0000005 Fault offset: 0x008319ef Faulting process id: 0x350 Faulting application start time: 0x01d2ba92061df853 Faulting application path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Faulting module path: C:\Program Files (x86)\Microsoft Office\Office12\oart.dll Report Id: 7480c135-26a6-11e7-825e-6c71d982d1b2 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2017 06:11:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MRT.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9 Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6ee3 Exception code: 0xc0000005 Fault offset: 0x000000000003a02f Faulting process id: 0xcb0 Faulting application start time: 0x01d2b470725a52f6 Faulting application path: C:\WINDOWS\system32\MRT.exe Faulting module path: C:\WINDOWS\SYSTEM32\combase.dll Report Id: e496bee8-2063-11e7-825c-6c71d982d1b2 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2017 06:11:39 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: Disabled performance counter data collection from the "Outlook" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service. Error: (04/13/2017 06:11:39 PM) (Source: Perflib) (EventID: 1021) (User: ) Description: Windows cannot open the 32-bit extensible counter DLL Outlook in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe. Error: (04/06/2017 06:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: oliwia) Description: Activation of app Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/06/2017 06:15:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: glcnd.exe, version: 6.3.9600.18589, time stamp: 0x58961cae Faulting module name: glcnd.exe, version: 6.3.9600.18589, time stamp: 0x58961cae Exception code: 0xc0000005 Fault offset: 0x00000000002e6086 Faulting process id: 0x1134 Faulting application start time: 0x01d2aef110898395 Faulting application path: C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18589_x64__8wekyb3d8bbwe\glcnd.exe Faulting module path: C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.18589_x64__8wekyb3d8bbwe\glcnd.exe Report Id: 4edc7232-1ae4-11e7-825c-6c71d982d1b2 Faulting package full name: Microsoft.Reader_6.4.9926.18589_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.Reader System errors: ============= Error: (05/23/2017 04:58:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The YAC Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/23/2017 04:58:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the YAC Service service to connect. Error: (05/23/2017 04:53:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (05/23/2017 04:53:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SSSvc service terminated unexpectedly. It has done this 1 time(s). Error: (05/23/2017 04:53:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/23/2017 04:53:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (05/23/2017 04:42:48 PM) (Source: DCOM) (EventID: 10010) (User: oliwia) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (05/23/2017 04:42:18 PM) (Source: DCOM) (EventID: 10010) (User: oliwia) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (05/22/2017 05:30:41 PM) (Source: DCOM) (EventID: 10010) (User: oliwia) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (05/22/2017 05:30:11 PM) (Source: DCOM) (EventID: 10010) (User: oliwia) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-05-11 21:56:42.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-11 19:22:28.953 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-05-08 15:40:15.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-20 00:30:29.275 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-17 13:52:20.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 04:44:40.271 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements. Date: 2017-02-19 04:44:40.209 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements. Date: 2017-02-19 04:44:36.568 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 04:44:36.537 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-02-19 04:43:42.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz Percentage of memory in use: 38% Total physical RAM: 3981.68 MB Available physical RAM: 2459.81 MB Total Virtual: 4749.68 MB Available Virtual: 3405.38 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:100.08 GB) (Free:64.19 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (DATA) (Fixed) (Total:365.68 GB) (Free:365.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6A9158E2) Partition 1: (Active) - (Size=100.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=365.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================