Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by NoCanDo (19-03-2017 20:01:44)
Running from C:\Users\NoCanDo\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-04 01:59:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3779877807-738714898-3022743489-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3779877807-738714898-3022743489-503 - Limited - Disabled)
Guest (S-1-5-21-3779877807-738714898-3022743489-501 - Limited - Disabled)
NoCanDo (S-1-5-21-3779877807-738714898-3022743489-1001 - Administrator - Enabled) => C:\Users\NoCanDo
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.2.0 - IObit)
Ansel (Version: 376.19 - NVIDIA Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
Driver Easy 5.1.7 (HKLM\...\DriverEasy_is1) (Version: 5.1.7 - Easeware)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.2.0.934 - IObit)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
LPL Software 2.7 (HKLM-x32\...\LPL Software_is1) (Version: 2.7 - CSLI Publications)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x64 en-US) (HKLM\...\Mozilla Firefox 52.0 (x64 en-US)) (Version: 52.0 - Mozilla)
Mozilla Firefox 52.0.1 (x64 en-US) (HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\Mozilla Firefox 52.0.1 (x64 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0 - Mozilla)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenVPN 2.3.13-I601 (HKLM\...\OpenVPN) (Version: 2.3.13-I601 - )
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TCPEye 1.0 (HKLM-x32\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version: - Free Software Relase)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1AD28683-9CB0-4800-A240-0DE4B64DDB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {2CF9076E-F2DC-4C10-AA1B-1439CC381393} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {2DB2388F-EE5F-435F-91AF-E686A98DFAD2} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)
Task: {34109B77-94C9-496B-8BD1-90BB514CFA1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {41680FEC-AB4B-4596-A335-F1CFF400F10E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {49703C4F-FB3C-4B3E-9798-FDDCB83D1FC0} - System32\Tasks\ASC10_SkipUac_NoCanDo => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-03-09] (IObit)
Task: {4D592501-3EBE-4B8A-8A47-73804D976F7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {5548635F-A78E-4CA3-BD92-4B4EF4269458} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {66F049D8-9D6B-40A8-9649-7C6FDA59E9A8} - System32\Tasks\Uninstaller_SkipUac_NoCanDo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-19] (IObit)
Task: {6A19C694-E430-442E-A2EA-5E96E41A1DA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {772B107D-C20B-4AA4-8269-2ED040A85B21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {91D8D239-A550-4C24-8A98-E3EB7BD62E9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {96476695-ACD4-4433-ADA6-52E00B0140C1} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe [2016-12-14] (IObit)
Task: {A7042E5F-ECE8-4688-B510-4FCEC96CE614} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-27] (Google Inc.)
Task: {C3FA8D2C-9550-4AA6-8859-938CDA6D134C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {C58E2CA4-7074-46E6-B152-1791E3C75AC4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {E278C537-7C89-451F-BCB5-5A31B8B4736B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E8984A07-CE75-47DE-8F2E-EB83B427149B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-04] (Microsoft Corporation)
Task: {EE5D6CE2-5D26-4A99-94F2-2732A6C09714} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {FD8DBDD9-D899-4009-B2E6-D7214CF2BFC1} - System32\Tasks\Driver Booster SkipUAC (NoCanDo) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe [2017-01-10] (IObit)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\NoCanDo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 14:39 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-09 21:30 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-09 21:30 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-04 02:33 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-15 14:39 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-16 23:12 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 14:38 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 14:39 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 14:39 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 14:39 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 14:39 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 14:40 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-10 00:23 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2017-03-11 14:11 - 2017-03-09 06:26 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\libglesv2.dll
2017-03-11 14:11 - 2017-03-09 06:26 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\libegl.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2016-12-09 21:31 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-09 21:30 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-09 21:30 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-10 00:23 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2017-03-18 20:16 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-03-18 20:16 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-03-18 20:16 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-03-18 20:16 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2016-12-09 21:31 - 2017-02-23 15:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-09 21:31 - 2017-02-23 15:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-09 21:31 - 2017-02-23 15:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-09 21:31 - 2017-02-23 15:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-09 21:31 - 2017-02-23 15:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-09 21:31 - 2017-02-23 15:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-27 10:02 - 2017-02-14 16:44 - 00004896 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 apps.skype.com
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
There are 90 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\Control Panel\Desktop\\Wallpaper -> D:\564986.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Application Restart #0"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D656204FE027501A10FE28B5BF4B7ADE"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-3779877807-738714898-3022743489-1001\...\StartupApproved\Run: => "Advanced SystemCare 10"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7D3CFC71-EF30-4400-8BFB-C391B3004378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{42E48A89-3EA3-42F1-92AA-3B236CD560B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{301DBBF3-B734-4DBE-AFBB-482340042EE9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D8ACDE6-D6C4-4247-A1C2-41784D149C70}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0FA93980-845E-4BDC-BA48-8704D0585679}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{4B487E50-ED71-4050-BB09-A598B0A8CC7E}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{0254E2FB-F558-442F-8BB4-6F474E3FE6D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4FE5DB8F-69F5-4876-A4C1-DABF2C49DCD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3A0C96E7-26AA-4404-8158-F26AAFA6931E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{26BAAD36-7943-433C-9E21-0FA0A526DE54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{348862B0-9B19-4480-9CAD-42F4C23CECF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF103DD4-D6E2-4FA4-8430-58A46ACB403C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6B69F293-6423-48FD-B5D5-A57330248636}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05A48E1C-B401-429B-AAF9-96344B662386}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CE36884C-43CF-4D85-9829-199E792ABED1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C47C2A7A-78CF-4EEA-B081-60298D40A15F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{19427452-795E-426D-B9AD-0F2B204B36FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{18088FEC-35AA-42EE-99F3-DB5C4E45919F}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
FirewallRules: [{83FF8738-2F37-4F86-8E62-7AED25FFB4AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B138662-0166-4FC3-8856-DF0B71C571A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DA4AFC1E-4652-466B-AE4C-EE94FB6D2B47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{31191ADB-437A-4A3D-AD78-C993210B9E6F}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{5CB25BD0-C6D9-4795-88DE-B36A3BC9D644}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EDF4CAAF-58B5-431C-848A-F98D46496355}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{3C62D6EE-D89D-4D3C-9CD2-4685D42FAB3D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{2B047FB7-509E-4C95-ADA1-1C07C1327D93}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{B877472B-4699-4866-BCB9-5C54DE6768F4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{99EFD66D-BD5F-45F1-A974-6BB99F5A0C1B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{ED92ADC1-70E1-4DAC-872E-7A4798E7E380}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
==================== Restore Points =========================
18-03-2017 20:32:08 Driver Booster : Synaptics Pointing Device
19-03-2017 15:14:35 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2017 07:49:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOCANDO)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/19/2017 07:49:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.0.1.6284, time stamp: 0x58cb77fc
Faulting module name: mozglue.dll, version: 52.0.1.6284, time stamp: 0x58cb77ec
Exception code: 0x80000003
Fault offset: 0x0000000000010aed
Faulting process id: 0x1e04
Faulting application start time: 0x01d2a0df12a9464a
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: aa8e2517-383a-414d-86d0-66cfbac98c45
Faulting package full name:
Faulting package-relative application ID:
Error: (03/19/2017 07:25:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FOXITREADER.EXE, version: 8.2.0.2051, time stamp: 0x586507f3
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000374
Fault offset: 0x000d9d11
Faulting process id: 0x1cb4
Faulting application start time: 0x01d2a0ca4e3f0b15
Faulting application path: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXITREADER.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 20865ffb-d749-4bf1-8b70-92a48029cd5f
Faulting package full name:
Faulting package-relative application ID:
Error: (03/19/2017 04:43:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOCANDO)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/19/2017 04:43:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NOCANDO)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
Error: (03/19/2017 03:49:28 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED (error %3).
Error: (03/19/2017 03:49:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3).
Error: (03/19/2017 03:49:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3).
Error: (03/19/2017 03:48:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: NOCANDO)
Description: Application: Kaspersky Total Security -- Error 29000. You must close Kaspersky Total Security before proceeding with the installation.
Error: (03/19/2017 03:45:55 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Driver Booster : Synaptics Pointing Device). Additional information: 0x80070091.
System errors:
=============
Error: (03/19/2017 07:49:53 PM) (Source: DCOM) (EventID: 10010) (User: NOCANDO)
Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
Error: (03/19/2017 07:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/19/2017 07:30:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (03/19/2017 07:25:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/19/2017 06:48:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (03/19/2017 06:48:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (03/19/2017 06:48:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (03/19/2017 04:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NOCANDO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user NOCANDO\NoCanDo SID (S-1-5-21-3779877807-738714898-3022743489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/19/2017 04:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NOCANDO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user NOCANDO\NoCanDo SID (S-1-5-21-3779877807-738714898-3022743489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/19/2017 04:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NOCANDO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user NOCANDO\NoCanDo SID (S-1-5-21-3779877807-738714898-3022743489-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2016-12-05 14:50:41.576
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_5124acd2eedc72b8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 16:16:24.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fbddf9bc2e340ffc\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-21 15:45:36.273
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-08 14:54:40.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-05 19:44:50.662
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-03 17:16:33.320
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-30 11:32:35.536
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-23 01:08:06.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-23 01:08:06.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-17 23:24:02.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 6060.36 MB
Available physical RAM: 3039.63 MB
Total Virtual: 12060.36 MB
Available Virtual: 8863.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:769.87 GB) (Free:692.55 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:160.53 GB) (Free:160.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00092D2C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=769.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=792 MB) - (Type=27)
Partition 4: (Not Active) - (Size=160.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================