Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Admin (13-02-2019 21:55:28)
Running from \\diskstation\public
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-26 01:27:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-2683052957-914339474-147703212-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2683052957-914339474-147703212-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2683052957-914339474-147703212-503 - Limited - Disabled)
Guest (S-1-5-21-2683052957-914339474-147703212-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2683052957-914339474-147703212-504 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-2683052957-914339474-147703212-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adblock Plus pour IE (32-bits et 64-bits) (HKLM\...\{1372FA30-110F-47F5-8B95-B1D498B49376}) (Version: 1.3 - Eyeo GmbH)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Archiveur WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Belgium e-ID middleware 4.1.18 (build 1730) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71730}) (Version: 4.1.1730 - Belgian Government)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CiscoVirtualCom(x64) (HKLM-x32\...\{4741C69E-1B4E-43DA-9598-7F94BA6B66E7}) (Version: 1.00.0000 - Cisco Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KeePass Password Safe 1.26 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneNote 2013 - fr-fr (HKLM\...\OneNoteFreeRetail - fr-fr) (Version: 15.0.5101.1002 - Microsoft Corporation)
Microsoft Visio Professionnel 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Project Professionnel 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
MultiPing 3.20.2 (HKLM-x32\...\{71A028F3-4AE3-498C-8CFB-9D5EF01E6559}) (Version: 3.20.2.30 - Pingman Tools, LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-040C-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
OpenVPN 2.3.11-I601 (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.5 - Tracker Software Products Ltd)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.19 - Prolific Technology INC)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Screenpresso (HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\Screenpresso) (Version: 1.7.2.0 - Learnpulse)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Skype Web Plugin (HKLM-x32\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.93332 - TeamViewer)
Tftpd32 Standalone Edition (remove only) (HKLM-x32\...\Tftpd32) (Version: - )
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - )
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{922AD691-8713-4148-BA32-02CB638F27F7}) (Version: 5.5.0.1896808 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2683052957-914339474-147703212-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Admin\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2683052957-914339474-147703212-1001_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\Admin\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_01.dll [2009-11-25] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C8EB0DB-C0BE-47F4-9A6C-2C8E799EC460} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11A41675-DA2D-483F-8230-6F33B76112DA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1D8070C7-768D-4F16-9F76-FA5ECB496F5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35533734-1FFB-4A59-B8EC-C361D104F4E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E4EEA65-C5D8-423C-9441-D62D9B91D3F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FCE3A56-E1FC-4B27-BF68-1232380CFACD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5172824F-3020-4D34-82ED-622ADBD62B26} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5AC279D9-8F28-4AC8-8F7A-C2DE787640B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5D4F336E-33F6-467C-83EB-7D5F86349A1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {678EB347-0BE9-4BDE-9C23-7B37BF0B67AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6A556A53-E140-49D9-87B3-81DB75267568} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6AD2AAD6-DB5E-4953-81F2-786B94DD8779} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6C0974F4-A683-4130-AD76-F005476C8AB6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6CF0631D-3F8D-47D7-A507-3C12A5B5ED7A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7472A38C-3105-4CE6-AE50-4C3044F3524C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {760ACEA4-2B82-4EC5-937E-CB297B2E2362} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {914E3277-6940-4BD0-A84E-5FB8560078A8} - \WPD\SqmUpload_S-1-5-21-2683052957-914339474-147703212-1001 -> No File <==== ATTENTION
Task: {954E5D16-6930-4947-9D98-92AF6DB69EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A6DA858F-5126-4BCE-AA52-BFB4BE41844F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AB975EF6-13BF-46BC-A69D-733ABE39233D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BDBD0C68-581F-4312-8CBD-A1B60441B575} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C1F58C6B-1DC3-4BE4-8A7C-F1166ABCFE11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C8B227B3-A168-404C-A152-CB1D67AB5010} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D1142C86-1573-4F90-9395-894983F29AD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D992962E-4FE8-4350-8DF5-93631F70E3EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E9667CD4-47B4-4B12-A928-765414578BD2} - System32\Tasks\AutoPico Daily Restart => C:\Users\Admin\Desktop\KMSpico [Argument = Portable\AutoPico.exe /silent]
Task: {F9857DD7-D25B-4AAD-9AAA-4D48269DFB8B} - System32\Tasks\{838EEF2B-8D10-42B2-B13C-662146490947} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\Winrar\Crack WinRAR v3.30fr.exe" -d C:\Users\Admin\Desktop\Winrar
Task: {F9F5F396-1BA6-4902-B6D4-5091AB7B286E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Easy Viewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anjoggeimnldigfcihcggejncophmhjc
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Ubiquiti Device Discovery Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmpigflbjeapnknladcfphgkemopofig
==================== Loaded Modules (Whitelisted) ==============
2015-07-05 12:30 - 2018-02-27 09:51 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-07-03 10:49 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-10 21:46 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2009-11-25 00:36 - 2009-11-25 00:36 - 000125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2017-01-27 00:00 - 2017-01-27 00:00 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2019-02-12 22:00 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-30 22:44 - 2019-01-30 22:48 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-22 20:46 - 2018-11-22 20:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-10 15:37 - 2018-07-10 15:43 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2019-02-12 23:10 - 2018-12-06 00:47 - 001066784 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-01 17:31 - 2019-02-01 17:36 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-03-04 18:23 - 2018-03-04 18:33 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-15 13:37 - 2019-01-15 13:37 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-01 20:45 - 2018-09-01 20:46 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 19:19 - 2018-07-26 20:12 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2019-02-13 11:10 - 2019-02-13 11:10 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2019-02-13 11:10 - 2019-02-13 11:10 - 016974848 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2019-01-10 19:03 - 2019-01-10 19:03 - 005391752 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-04 16:18 - 2016-03-04 16:19 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-27 13:26 - 2017-06-27 13:26 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2019-01-10 19:05 - 2018-12-06 00:47 - 000885536 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2019-01-10 19:05 - 2019-02-02 18:33 - 002667296 _____ () C:\Program Files (x86)\Steam\video.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000810784 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2019-01-10 19:05 - 2019-02-02 18:33 - 001031456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2019-01-10 19:05 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-10-03 11:18 - 2018-07-29 15:19 - 000000878 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.1.22 diskstation
192.168.10.50 vc.vvnet.local
2015-08-01 17:24 - 2016-12-01 13:10 - 000000642 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 HP-VVV.mshome.net # 2021 11 2 30 12 10 17 893
192.168.137.123 MacBook-VVV.mshome.net # 2016 12 3 7 14 13 11 239
192.168.137.15 Vincent.mshome.net # 2016 12 3 7 10 32 31 769
29
192.168.137.15 Vincent.mshome.net # 2016 12 1 5 13 49 20 200
4 6 779
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2683052957-914339474-147703212-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\thumb-1920-937610.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\StartupApproved\StartupFolder: => "FastStone Capture.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FF132D5F-8DFF-4ADA-BC0C-CF350F34A8BA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8BDD37EB-1313-4695-9AC8-15FFE451FCAD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{118F787D-C4AC-4C9A-BBE2-1AAC955AC747}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6F6896AF-57DD-4B1F-B84C-ECFB0F93D5A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{942045FA-F6BC-4AB0-B211-90618416D964}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{48DEBB3A-C013-419B-BBEE-AE1F8F6ECE27}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{C94A2A81-C7B3-4B34-9B73-85652FB0ECA5}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{538D5E36-B960-4965-B650-175B343C6129}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{2CE526BC-8383-45CC-8FE4-6FFBDE656D30}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe (Ph. Jounin)
FirewallRules: [TCP Query User{67815474-AEF3-42D7-8B36-9327024660BD}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe (Ph. Jounin)
FirewallRules: [TCP Query User{946A4B96-7EBC-46B7-A5C1-84ACA84E9A07}C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe No File
FirewallRules: [UDP Query User{0925EE0C-0509-47EB-B781-27CCB2164367}C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe No File
FirewallRules: [TCP Query User{1B97A870-7178-4E0D-AFD2-2EB4AE0A289A}C:\users\admin\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{FCFECD35-74B1-4100-BB7F-5B8561ED0D24}C:\users\admin\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{8FFB5F81-E916-4812-9D88-EBC8A5F32A07}] => (Block) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{F6637D68-8328-4863-801B-75FEB817F2A5}] => (Block) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A1EB041F-C5F5-449F-8494-85DCC67F8757}C:\program files (x86)\winpcap\rpcapd.exe] => (Block) C:\program files (x86)\winpcap\rpcapd.exe (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
FirewallRules: [UDP Query User{E7E060F4-524E-4FD7-955C-49B5187CD454}C:\program files (x86)\winpcap\rpcapd.exe] => (Block) C:\program files (x86)\winpcap\rpcapd.exe (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
FirewallRules: [TCP Query User{725DE277-6805-45FB-BA6F-0196D0A7859A}C:\program files (x86)\vsk5online\vsk5online.exe] => (Allow) C:\program files (x86)\vsk5online\vsk5online.exe No File
FirewallRules: [UDP Query User{03036574-9173-4F18-A052-2E136B39F3B5}C:\program files (x86)\vsk5online\vsk5online.exe] => (Allow) C:\program files (x86)\vsk5online\vsk5online.exe No File
FirewallRules: [{BA4A1052-4E43-443D-9CEA-160764D1361F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CBC7CCD-9C95-46ED-96CF-8387A68CAAA7}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe ()
FirewallRules: [{6C2F61A7-3567-4D55-9461-151F55E2756A}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe ()
FirewallRules: [{6D469999-06A6-401B-8E54-497B80AA4588}] => (Allow) C:\Users\Admin\Ubiquiti UniFi\bin\mongod.exe ()
FirewallRules: [{D3FF11E1-E574-4EA0-B06D-BC4A45579D7B}] => (Allow) C:\Users\Admin\Ubiquiti UniFi\bin\mongod.exe ()
FirewallRules: [{3AAFFD6A-BA34-4789-A8C7-9C1B3E97DFB5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1F9320C1-7383-4822-A4EC-4D0CF1B06B79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6698CD85-6765-4C85-B0CF-6D82D299347B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{4995D6FC-AA54-4B59-A2F3-E9DB7A74D3CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{435143E4-C2D6-41F7-BF4F-7618076672EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Hospital\ProjectHospital.exe ()
FirewallRules: [{FDE8A547-279A-4C03-A888-EF3F542F194D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Hospital\ProjectHospital.exe ()
FirewallRules: [{0DB3DD11-A8E1-41D7-A1D9-321DC7A8FD2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{9C079A39-AB98-40BB-AC1D-15A8EB3D9147}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D360E24F-7FB2-4997-A638-48FFF804DC31}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Restore Points =========================
20-01-2019 18:19:02 Windows Update
29-01-2019 11:03:14 Scheduled Checkpoint
04-02-2019 22:27:07 Windows Update
11-02-2019 22:27:19 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2019 02:27:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume TINY7 X86 R1 (D:) was not optimized because an error was encountered: This volume cannot be optimized. (0x8900000D)
Error: (01/29/2019 11:22:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 6f8c
Start Time: 01d4b7ba69bc6af1
Termination Time: 20
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: 3bb48bad-fe0a-489a-ac17-e75ecc9105fa
Faulting package full name:
Faulting package-relative application ID:
Error: (01/23/2019 06:24:09 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/21/2019 10:27:13 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/17/2019 06:00:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.
Error: (01/13/2019 12:03:16 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/10/2019 07:14:59 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/10/2019 07:05:51 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
System errors:
=============
Error: (02/13/2019 04:19:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 04:09:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 01:58:49 PM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 03:16:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 01:28:48 AM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:12:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:12:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:11:03 PM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-01-22 00:18:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {70B54E51-2A96-4770-AB1A-880992752A22}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-13 12:02:25.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6174045A-D626-455E-90DA-4406FFD86838}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-02-03 22:44:36.742
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.785.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-29 16:14:19.497
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.361.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-24 11:14:33.033
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3569.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-20 18:19:01.792
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3157.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-11-22 20:51:22.836
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 60%
Total physical RAM: 3993.11 MB
Available physical RAM: 1591.68 MB
Total Virtual: 4697.11 MB
Available Virtual: 2074.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:166.78 GB) (Free:48.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
\\?\Volume{1d8903d3-0000-0000-0000-30b229000000}\ () (Fixed) (Total:0.9 GB) (Free:0.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 167.7 GB) (Disk ID: 1D8903D3)
Partition 1: (Active) - (Size=166.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917 MB) - (Type=27)
==================== End of Addition.txt ============================
Ran by Admin (13-02-2019 21:55:28)
Running from \\diskstation\public
Windows 10 Pro Version 1803 17134.590 (X64) (2018-05-26 01:27:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-2683052957-914339474-147703212-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2683052957-914339474-147703212-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2683052957-914339474-147703212-503 - Limited - Disabled)
Guest (S-1-5-21-2683052957-914339474-147703212-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2683052957-914339474-147703212-504 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-2683052957-914339474-147703212-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adblock Plus pour IE (32-bits et 64-bits) (HKLM\...\{1372FA30-110F-47F5-8B95-B1D498B49376}) (Version: 1.3 - Eyeo GmbH)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Archiveur WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Belgium e-ID middleware 4.1.18 (build 1730) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71730}) (Version: 4.1.1730 - Belgian Government)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CiscoVirtualCom(x64) (HKLM-x32\...\{4741C69E-1B4E-43DA-9598-7F94BA6B66E7}) (Version: 1.00.0000 - Cisco Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KeePass Password Safe 1.26 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft OneNote 2013 - fr-fr (HKLM\...\OneNoteFreeRetail - fr-fr) (Version: 15.0.5101.1002 - Microsoft Corporation)
Microsoft Visio Professionnel 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Project Professionnel 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
MultiPing 3.20.2 (HKLM-x32\...\{71A028F3-4AE3-498C-8CFB-9D5EF01E6559}) (Version: 3.20.2.30 - Pingman Tools, LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-040C-0000-0000000FF1CE}) (Version: 15.0.5101.1002 - Microsoft Corporation) Hidden
OpenVPN 2.3.11-I601 (HKLM\...\OpenVPN) (Version: 2.3.11-I601 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.5 - Tracker Software Products Ltd)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.19 - Prolific Technology INC)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Screenpresso (HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\Screenpresso) (Version: 1.7.2.0 - Learnpulse)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Skype Web Plugin (HKLM-x32\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.93332 - TeamViewer)
Tftpd32 Standalone Edition (remove only) (HKLM-x32\...\Tftpd32) (Version: - )
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - )
Update for Skype for Business 2015 (KB4461557) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BB7D10A9-A135-4EB8-82F1-8A25FEB1B327}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{922AD691-8713-4148-BA32-02CB638F27F7}) (Version: 5.5.0.1896808 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2683052957-914339474-147703212-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\Admin\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2683052957-914339474-147703212-1001_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\Admin\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX-x64.dll (Microsoft Corporation -> Skype Technologies S.A.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_01.dll [2009-11-25] ()
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2004-01-25] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C8EB0DB-C0BE-47F4-9A6C-2C8E799EC460} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {11A41675-DA2D-483F-8230-6F33B76112DA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1D8070C7-768D-4F16-9F76-FA5ECB496F5F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35533734-1FFB-4A59-B8EC-C361D104F4E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4E4EEA65-C5D8-423C-9441-D62D9B91D3F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4FCE3A56-E1FC-4B27-BF68-1232380CFACD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5172824F-3020-4D34-82ED-622ADBD62B26} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5AC279D9-8F28-4AC8-8F7A-C2DE787640B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5D4F336E-33F6-467C-83EB-7D5F86349A1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {678EB347-0BE9-4BDE-9C23-7B37BF0B67AF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6A556A53-E140-49D9-87B3-81DB75267568} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6AD2AAD6-DB5E-4953-81F2-786B94DD8779} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6C0974F4-A683-4130-AD76-F005476C8AB6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6CF0631D-3F8D-47D7-A507-3C12A5B5ED7A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7472A38C-3105-4CE6-AE50-4C3044F3524C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {760ACEA4-2B82-4EC5-937E-CB297B2E2362} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {914E3277-6940-4BD0-A84E-5FB8560078A8} - \WPD\SqmUpload_S-1-5-21-2683052957-914339474-147703212-1001 -> No File <==== ATTENTION
Task: {954E5D16-6930-4947-9D98-92AF6DB69EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A6DA858F-5126-4BCE-AA52-BFB4BE41844F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AB975EF6-13BF-46BC-A69D-733ABE39233D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BDBD0C68-581F-4312-8CBD-A1B60441B575} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C1F58C6B-1DC3-4BE4-8A7C-F1166ABCFE11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C8B227B3-A168-404C-A152-CB1D67AB5010} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D1142C86-1573-4F90-9395-894983F29AD6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D992962E-4FE8-4350-8DF5-93631F70E3EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E9667CD4-47B4-4B12-A928-765414578BD2} - System32\Tasks\AutoPico Daily Restart => C:\Users\Admin\Desktop\KMSpico [Argument = Portable\AutoPico.exe /silent]
Task: {F9857DD7-D25B-4AAD-9AAA-4D48269DFB8B} - System32\Tasks\{838EEF2B-8D10-42B2-B13C-662146490947} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Desktop\Winrar\Crack WinRAR v3.30fr.exe" -d C:\Users\Admin\Desktop\Winrar
Task: {F9F5F396-1BA6-4902-B6D4-5091AB7B286E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Easy Viewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=anjoggeimnldigfcihcggejncophmhjc
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Ubiquiti Device Discovery Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmpigflbjeapnknladcfphgkemopofig
==================== Loaded Modules (Whitelisted) ==============
2015-07-05 12:30 - 2018-02-27 09:51 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-07-03 10:49 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2019-01-10 21:46 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2009-11-25 00:36 - 2009-11-25 00:36 - 000125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2017-01-27 00:00 - 2017-01-27 00:00 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2019-02-12 22:00 - 2019-02-06 03:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2019-01-30 22:44 - 2019-01-30 22:48 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-22 20:46 - 2018-11-22 20:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 22:44 - 2019-01-30 22:48 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-10 15:37 - 2018-07-10 15:43 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2019-02-12 23:10 - 2018-12-06 00:47 - 001066784 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2019-02-12 23:10 - 2018-11-20 01:56 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-01 17:31 - 2019-02-01 17:36 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-03-04 18:23 - 2018-03-04 18:33 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-15 13:37 - 2019-01-15 13:37 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-01 20:45 - 2018-09-01 20:46 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 19:19 - 2018-07-26 20:12 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000146432 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\SKU.dll
2019-02-01 17:31 - 2019-02-01 17:36 - 000094720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2019-02-13 11:10 - 2019-02-13 11:10 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2019-02-13 11:10 - 2019-02-13 11:10 - 016974848 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2019-01-10 19:03 - 2019-01-10 19:03 - 005391752 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-04 16:18 - 2016-03-04 16:19 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-27 13:26 - 2017-06-27 13:26 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2019-01-10 19:05 - 2018-12-06 00:47 - 000885536 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2019-01-10 19:05 - 2019-02-02 18:33 - 002667296 _____ () C:\Program Files (x86)\Steam\video.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000810784 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2019-01-10 19:05 - 2018-11-05 19:53 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2019-01-10 19:05 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2019-01-10 19:05 - 2019-02-02 18:33 - 001031456 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2019-01-10 19:05 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-10-03 11:18 - 2018-07-29 15:19 - 000000878 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.1.22 diskstation
192.168.10.50 vc.vvnet.local
2015-08-01 17:24 - 2016-12-01 13:10 - 000000642 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 HP-VVV.mshome.net # 2021 11 2 30 12 10 17 893
192.168.137.123 MacBook-VVV.mshome.net # 2016 12 3 7 14 13 11 239
192.168.137.15 Vincent.mshome.net # 2016 12 3 7 10 32 31 769
29
192.168.137.15 Vincent.mshome.net # 2016 12 1 5 13 49 20 200
4 6 779
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\OpenVPN\bin;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2683052957-914339474-147703212-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\thumb-1920-937610.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-2683052957-914339474-147703212-1001\...\StartupApproved\StartupFolder: => "FastStone Capture.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FF132D5F-8DFF-4ADA-BC0C-CF350F34A8BA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8BDD37EB-1313-4695-9AC8-15FFE451FCAD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{118F787D-C4AC-4C9A-BBE2-1AAC955AC747}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6F6896AF-57DD-4B1F-B84C-ECFB0F93D5A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{942045FA-F6BC-4AB0-B211-90618416D964}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{48DEBB3A-C013-419B-BBEE-AE1F8F6ECE27}C:\program files\openvpn\bin\openvpn.exe] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{C94A2A81-C7B3-4B34-9B73-85652FB0ECA5}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{538D5E36-B960-4965-B650-175B343C6129}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{2CE526BC-8383-45CC-8FE4-6FFBDE656D30}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe (Ph. Jounin)
FirewallRules: [TCP Query User{67815474-AEF3-42D7-8B36-9327024660BD}C:\program files (x86)\tftpd32\tftpd32.exe] => (Allow) C:\program files (x86)\tftpd32\tftpd32.exe (Ph. Jounin)
FirewallRules: [TCP Query User{946A4B96-7EBC-46B7-A5C1-84ACA84E9A07}C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe No File
FirewallRules: [UDP Query User{0925EE0C-0509-47EB-B781-27CCB2164367}C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\7.5.0.123\pluginhost.exe No File
FirewallRules: [TCP Query User{1B97A870-7178-4E0D-AFD2-2EB4AE0A289A}C:\users\admin\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{FCFECD35-74B1-4100-BB7F-5B8561ED0D24}C:\users\admin\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{8FFB5F81-E916-4812-9D88-EBC8A5F32A07}] => (Block) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [{F6637D68-8328-4863-801B-75FEB817F2A5}] => (Block) C:\users\admin\appdata\local\skypeplugin\pluginhost.exe (Microsoft Corporation -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A1EB041F-C5F5-449F-8494-85DCC67F8757}C:\program files (x86)\winpcap\rpcapd.exe] => (Block) C:\program files (x86)\winpcap\rpcapd.exe (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
FirewallRules: [UDP Query User{E7E060F4-524E-4FD7-955C-49B5187CD454}C:\program files (x86)\winpcap\rpcapd.exe] => (Block) C:\program files (x86)\winpcap\rpcapd.exe (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
FirewallRules: [TCP Query User{725DE277-6805-45FB-BA6F-0196D0A7859A}C:\program files (x86)\vsk5online\vsk5online.exe] => (Allow) C:\program files (x86)\vsk5online\vsk5online.exe No File
FirewallRules: [UDP Query User{03036574-9173-4F18-A052-2E136B39F3B5}C:\program files (x86)\vsk5online\vsk5online.exe] => (Allow) C:\program files (x86)\vsk5online\vsk5online.exe No File
FirewallRules: [{BA4A1052-4E43-443D-9CEA-160764D1361F}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4CBC7CCD-9C95-46ED-96CF-8387A68CAAA7}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe ()
FirewallRules: [{6C2F61A7-3567-4D55-9461-151F55E2756A}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe ()
FirewallRules: [{6D469999-06A6-401B-8E54-497B80AA4588}] => (Allow) C:\Users\Admin\Ubiquiti UniFi\bin\mongod.exe ()
FirewallRules: [{D3FF11E1-E574-4EA0-B06D-BC4A45579D7B}] => (Allow) C:\Users\Admin\Ubiquiti UniFi\bin\mongod.exe ()
FirewallRules: [{3AAFFD6A-BA34-4789-A8C7-9C1B3E97DFB5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1F9320C1-7383-4822-A4EC-4D0CF1B06B79}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6698CD85-6765-4C85-B0CF-6D82D299347B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{4995D6FC-AA54-4B59-A2F3-E9DB7A74D3CB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{435143E4-C2D6-41F7-BF4F-7618076672EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Hospital\ProjectHospital.exe ()
FirewallRules: [{FDE8A547-279A-4C03-A888-EF3F542F194D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Hospital\ProjectHospital.exe ()
FirewallRules: [{0DB3DD11-A8E1-41D7-A1D9-321DC7A8FD2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{9C079A39-AB98-40BB-AC1D-15A8EB3D9147}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D360E24F-7FB2-4997-A638-48FFF804DC31}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Restore Points =========================
20-01-2019 18:19:02 Windows Update
29-01-2019 11:03:14 Scheduled Checkpoint
04-02-2019 22:27:07 Windows Update
11-02-2019 22:27:19 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2019 02:27:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume TINY7 X86 R1 (D:) was not optimized because an error was encountered: This volume cannot be optimized. (0x8900000D)
Error: (01/29/2019 11:22:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 6f8c
Start Time: 01d4b7ba69bc6af1
Termination Time: 20
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: 3bb48bad-fe0a-489a-ac17-e75ecc9105fa
Faulting package full name:
Faulting package-relative application ID:
Error: (01/23/2019 06:24:09 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/21/2019 10:27:13 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/17/2019 06:00:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- A later version of Update for Windows 10 for x64-based Systems (KB4023057) is already installed. Setup will now exit.
Error: (01/13/2019 12:03:16 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/10/2019 07:14:59 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
Error: (01/10/2019 07:05:51 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
System errors:
=============
Error: (02/13/2019 04:19:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 04:09:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 01:58:49 PM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 03:16:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/13/2019 01:28:48 AM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:12:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:12:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/12/2019 11:11:03 PM) (Source: DCOM) (EventID: 10016) (User: HP-VVV)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HP-VVV\Admin SID (S-1-5-21-2683052957-914339474-147703212-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-01-22 00:18:09.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {70B54E51-2A96-4770-AB1A-880992752A22}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-13 12:02:25.764
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6174045A-D626-455E-90DA-4406FFD86838}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-02-03 22:44:36.742
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.785.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-29 16:14:19.497
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.361.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15600.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-24 11:14:33.033
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3569.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-01-20 18:19:01.792
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.3157.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-11-22 20:51:22.836
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 60%
Total physical RAM: 3993.11 MB
Available physical RAM: 1591.68 MB
Total Virtual: 4697.11 MB
Available Virtual: 2074.09 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:166.78 GB) (Free:48.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
\\?\Volume{1d8903d3-0000-0000-0000-30b229000000}\ () (Fixed) (Total:0.9 GB) (Free:0.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 167.7 GB) (Disk ID: 1D8903D3)
Partition 1: (Active) - (Size=166.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917 MB) - (Type=27)
==================== End of Addition.txt ============================