Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017 Ran by Germain (06-01-2017 15:15:26) Running from C:\Users\Germain\Downloads Windows 7 Professional Service Pack 1 (X64) (2016-09-21 18:53:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2196324403-2920740886-392819837-500 - Administrator - Disabled) Germain (S-1-5-21-2196324403-2920740886-392819837-1000 - Administrator - Enabled) => C:\Users\Germain Guest (S-1-5-21-2196324403-2920740886-392819837-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2196324403-2920740886-392819837-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2196324403-2920740886-392819837-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) Ansel (Version: 375.70 - NVIDIA Corporation) Hidden ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard) Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) DriversCloud.com (64 bits) (HKLM\...\{8EAF4E0A-3F78-4E31-A09D-88E8235A1FA8}) (Version: 10.0.0.3 - Cybelsoft) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation) Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Office Professionnel 2016 - fr-fr (HKLM\...\ProfessionalRetail - fr-fr) (Version: 16.0.7571.2075 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2196324403-2920740886-392819837-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla) MSI Kombustor 3.5.0 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version: - MSI Co., LTD) MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.05 - MSI) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation) NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation) NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Update 23.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.1.0.0 - NVIDIA Corporation) NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version: - Firaxis) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2196324403-2920740886-392819837-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Germain\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {335CCB19-ACDF-4C64-BDAD-0F2391E63925} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-13] (NVIDIA Corporation) Task: {47895963-94F2-4B77-8571-19F3C5AB4A56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation) Task: {4C99A13B-5FC0-48F2-A9F1-16F08BF40E05} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation) Task: {590F20C0-B26D-4735-8966-509D8BB7A963} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation) Task: {5C039E81-85B4-4202-9C81-0735C11941F3} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION Task: {5DB2DF45-9AE7-43EC-97E0-7954F7E46D47} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation) Task: {65B7DFF6-9391-40ED-95F3-BD3D2E963411} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation) Task: {8630DA44-B307-4D4B-B2B7-5E4C96086F3C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {8829E0D4-980F-4348-9EE3-B162A38C6932} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation) Task: {8B8E7AB7-750C-4050-A683-5E347D88B436} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-05] (AVAST Software) Task: {B7C1BB59-2177-4588-95E0-737C335EF290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated) Task: {E61E0A1E-FC1C-499E-A8D5-AAB5E7B1E500} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation) Task: {E976DED1-10A1-48FF-98E9-8B00951E6A04} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-01-04 19:34 - 2017-01-04 19:34 - 00959168 _____ () C:\Users\Germain\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-09-28 11:39 - 2016-12-13 00:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-09-28 11:39 - 2016-12-13 00:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-09-28 11:39 - 2016-11-17 14:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll 2016-09-28 00:15 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-14 11:25 - 2016-07-14 11:25 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2016-07-14 11:25 - 2016-07-14 11:25 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2016-07-14 11:25 - 2016-07-14 11:25 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2016-07-14 11:26 - 2016-07-14 11:26 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2016-07-14 11:26 - 2016-07-14 11:26 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe 2016-09-28 11:39 - 2016-11-17 11:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-09-28 11:39 - 2016-11-17 11:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-09-28 11:39 - 2016-11-17 11:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-09-28 11:39 - 2016-12-13 00:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-09-28 11:39 - 2016-12-13 00:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-09-28 11:39 - 2016-11-17 11:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-09-28 11:39 - 2016-11-17 11:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-09-28 11:39 - 2016-11-17 11:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-09-28 11:39 - 2016-11-17 11:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-02 11:02 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll 2016-09-28 11:39 - 2016-12-13 00:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-09-28 11:39 - 2016-11-17 14:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2015-08-07 00:09 - 2015-08-07 00:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-01-04 19:34 - 2017-01-04 19:34 - 00679624 _____ () C:\Users\Germain\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-09-21 20:36 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-09-21 20:36 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-09-21 20:36 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-09-21 20:36 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-09-21 20:36 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll 2016-09-21 20:36 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-09-21 20:36 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-09-21 20:36 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-09-21 20:36 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-09-21 20:36 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-09-21 20:36 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-09-21 20:36 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-12 19:42 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2016-09-21 20:36 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll 2016-09-21 20:36 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\ortp.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libcef.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\battle.net.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libEGL.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libGLESv2.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\ffmpegsumo.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libglesv2.dll 2016-11-30 20:10 - 2016-11-30 20:10 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2017-01-06 00:37 - 00003741 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com34.195.153.94 pagead2.googlesyndication.com34.195.153.94 content.adriver.ru 34.195.153.94 d134l0cdryxgwa.cloudfront.net 34.195.153.94 gaua.hit.gemius.pl 34.195.153.94 gde-default.hit.gemius.pl 34.195.153.94 img.imgsmail.ru 34.195.153.94 img7.auto.ria.com 34.195.153.94 js-agent.newrelic.com 34.195.153.94 js.revsci.net 34.195.153.94 kamradamnaradost.ru 34.195.153.94 kpmediagaua.hit.gemius.pl 34.195.153.94 level1cdn.com 34.195.153.94 mc.yandex.ru 34.195.153.94 mtrx.go.sonobi.com 34.195.153.94 ninja.onap.io 34.195.153.94 odb.outbrain.com 34.195.153.94 optimize-stats.voxmedia.com 34.195.153.94 p.d.0fmm.com 34.195.153.94 pagead2.googlesyndication.com 34.195.153.94 pixel.vihub.ru 34.195.153.94 psma02.com 34.195.153.94 px.adhigh.net There are 32 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2196324403-2920740886-392819837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Germain\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 89.2.0.1 - 89.2.0.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{6CE8C3FC-462E-4E9F-B0A9-1DFD2ED0C921}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A5863592-7EC3-4A0A-A1B7-8EA17339BBB2}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D4F41412-5EAD-42AF-A877-530F791CD37F}] => C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{45B7D8DC-AC0E-496E-BF36-BCBECBE080A4}] => C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [TCP Query User{A35E514C-812C-4E99-9DF7-B080CC44D7D3}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [UDP Query User{4CCC5B5C-8133-4FE7-B7CA-5166FBF1C283}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe FirewallRules: [TCP Query User{CD6284DA-57A0-4106-85C8-E1EDB790F3F8}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{A3B23D84-1A3D-42BC-AC7E-37B56BE6BAD7}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{C72B90FB-5346-4A4A-8387-496D842CD1FA}C:\users\germain\appdata\roaming\utorrent\utorrent.exe] => C:\users\germain\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{C9D7FC88-4742-4166-A832-577FCBCA6C6C}C:\users\germain\appdata\roaming\utorrent\utorrent.exe] => C:\users\germain\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{CB5E205D-FB2B-4BCB-821C-049B72D80A06}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [UDP Query User{BF9D377A-2EED-470D-A2EA-CE6622E5E2CE}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe FirewallRules: [{96D61893-151F-486C-BEB6-F7C1F2AD2050}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{40CB845F-EFFE-47E2-9249-F160480F1CD2}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{84942781-D836-4490-BA6D-9FDBA2183639}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{43D2D58C-90EE-466D-B375-884E0B390123}] => C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{04E50135-23CE-4560-86FE-2B49901C8C4D}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{068AFEA4-C23C-41E6-B030-5EBAAA3588EC}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{2B98D7A6-A868-4AC3-9099-AA988A3359D4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{1B287A09-6D3C-4FB4-859A-43AF99068E0F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{76D6E208-9E02-4CFC-8528-F9620907443E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4233A206-7F7E-4E46-96B7-70A9424E0B3E}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{E5B75E24-B761-4FEC-A331-E7E261A719D1}] => C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe FirewallRules: [{14AF9839-0F47-4661-B751-E3F211D8D51D}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E8888AEA-0D32-4B19-B3AB-4DC3606B2519}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{D4DAA350-4795-4382-B668-52A03EB87494}] => D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe FirewallRules: [{35874460-DCD4-4AA6-A734-FCAC8C4EA8F9}] => D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe FirewallRules: [{E316E8DE-00F2-42F7-BE34-01564408E67F}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe FirewallRules: [{8DABB021-7FE7-4F6C-84A5-2F8FA0072067}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe FirewallRules: [{0C5D5F94-1389-4964-ACE3-704926EF9AD4}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe FirewallRules: [{20AFF3F2-C2C2-4D8E-84C1-DA920A715AF1}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe FirewallRules: [{861663CD-3437-49FA-B345-C634451DA5FA}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{5D8D3632-5EA3-478E-AD92-9CE950310C1C}] => C:\Windows\system32\rundll32.exe FirewallRules: [{F34EF472-38A2-44C8-A725-4D704DCF2C8D}] => C:\Windows\System32\rundll32.exe FirewallRules: [{F168D5D9-27B2-473F-84C6-0CC11DBBE8F0}] => C:\Windows\System32\rundll32.exe FirewallRules: [{59E2655A-B7B4-40CA-90C4-A2E375241A2E}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{BCB5068B-774E-4C67-8A9D-F5A119D1C3FA}] => C:\Windows\System32\rundll32.exe FirewallRules: [{CA99CD62-ADBD-40BC-AA3D-95CF72E10669}] => C:\Windows\System32\rundll32.exe FirewallRules: [{D04FB72B-40FF-4FD2-B109-2625BA5528F8}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BA85B12B-FA62-4FFC-AF62-DD7F90E15ABB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ACCF6BF9-BB99-42FA-A7A7-69AC342AB9C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 31-12-2016 11:43:52 Scheduled Checkpoint 04-01-2017 19:32:53 Windows Update 05-01-2017 14:49:29 ASU_MSI_TRAN 06-01-2017 00:41:19 ResetBrowser ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2017 03:01:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/06/2017 12:41:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service CppWindowsService Sample Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (01/06/2017 12:33:52 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/05/2017 10:54:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.37, time stamp: 0x582449b8 Faulting module name: NDA.dll_unloaded, version: 0.0.0.0, time stamp: 0x581aa4cc Exception code: 0xc0000005 Fault offset: 0x7282650e Faulting process id: 0x4f0 Faulting application start time: 0x01d2679e26af15e2 Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe Faulting module path: NDA.dll Report Id: 80565904-d391-11e6-8ca3-1c1b0d23fd57 Error: (01/05/2017 10:53:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/05/2017 02:48:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/05/2017 02:47:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c Faulting module name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c Exception code: 0xc0000005 Fault offset: 0x00053ec5 Faulting process id: 0x4e8 Faulting application start time: 0x01d2675a3574cb98 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Report Id: 7ea27f68-d34d-11e6-a51a-1c1b0d23fd57 Error: (01/05/2017 02:25:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (01/05/2017 01:56:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/04/2017 09:55:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c Faulting module name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c Exception code: 0xc0000005 Fault offset: 0x00004806 Faulting process id: 0xc64 Faulting application start time: 0x01d266ccae0cb6a4 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Report Id: 119c0456-d2c0-11e6-99b6-1c1b0d23fd57 System errors: ============= Error: (01/06/2017 02:59:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Post Line Topology service failed to start due to the following error: The system cannot find the file specified. Error: (01/06/2017 02:59:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Ferboing service terminated with the following error: The specified module could not be found. Error: (01/06/2017 12:32:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Post Line Topology service failed to start due to the following error: The system cannot find the file specified. Error: (01/06/2017 12:32:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Ferboing service terminated with the following error: The specified module could not be found. Error: (01/06/2017 12:32:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CppWindowsService Sample Service service failed to start due to the following error: The system cannot find the file specified. Error: (01/06/2017 12:31:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure. Error: (01/06/2017 12:31:25 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (01/06/2017 12:31:25 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (01/06/2017 12:30:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/06/2017 12:30:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-01-06 14:59:47.375 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 14:59:47.359 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 14:59:47.312 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 14:59:47.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 00:32:55.508 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 00:32:55.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 00:32:55.446 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-06 00:32:55.430 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-05 22:54:04.280 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-05 22:54:04.249 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz Percentage of memory in use: 38% Total physical RAM: 8124.97 MB Available physical RAM: 5031.45 MB Total Virtual: 16248.12 MB Available Virtual: 12403.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.96 GB) (Free:230.62 GB) NTFS Drive d: () (Fixed) (Total:492.06 GB) (Free:490.07 GB) NTFS Drive f: (PHILIPS UFD) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1097A8E) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=439 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 49077777) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C) ==================== End of Addition.txt ============================