Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by chakiche mohamed (27-12-2016 22:36:23)
Running from C:\Users\chakiche mohamed\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-10-19 16:21:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2196797711-3197828652-2754627983-500 - Administrator - Disabled)
chakiche mohamed (S-1-5-21-2196797711-3197828652-2754627983-1000 - Administrator - Enabled) => C:\Users\chakiche mohamed
Guest (S-1-5-21-2196797711-3197828652-2754627983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2196797711-3197828652-2754627983-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.189 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM\...\Adobe_2a10c9ba9b74a6a4a29b2f04d8a5e8f) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.0.5.146 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AIMP (HKLM\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
Aurora 3D Text & Logo Maker version 12.09.26 (HKLM\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.09.26 - Aurora3D Software)
Auto Mouse Click v13.1 (HKLM\...\{F5E3859D-0720-41F0-BAF5-4CBCDFD8F406}_is1) (Version: 13.1 - MurGee.com)
AV Bros. Page Curl 2.0 (Remove Only) (HKLM\...\AV Bros. Page Curl 2.0) (Version:  - )
Camtasia Studio 8 (HKLM\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
Color Efex Pro 4 (HKLM\...\Color Efex Pro 4) (Version: 4.0.0.1 - Nik Software, Inc.)
ColorSchemer Studio 2 (HKLM\...\ColorSchemerStudio2_is1) (Version: Studio v2.1 - ColorSchemer)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )
FastStone Capture 7.6 (HKLM\...\FastStone Capture) (Version: 7.6 - FastStone Soft)
Foxit Reader  6.0.6.722 (HKLM\...\Foxit Reader) (Version: v 6.0.6.722 - oszone.net)
GI-Arabic Now (HKLM\...\GI-Arabic Now) (Version: 1.0 - Global Integrated Solutions)
GIF Optimizer 2.0 (HKLM\...\GIF Optimizer_is1) (Version:  - Leapic Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Download Manager (IDM) 6, 25, 2, 2 (HKLM\...\Internet Download Manager (IDM) 6, 25, 2, 2) (Version: 6, 25, 2, 2 - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kelk2010 (SSL) (HKLM\...\Kelk2010 (SSL)) (Version:  - )
K-Lite Mega Codec Pack 5.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.0 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.1.4.7 - PandoraTV)
LameACM (HKLM\...\LameACM) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (TÃ¼rkÃ§e) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM\...\{90170401-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - ÐÐ¾ÑÐ¿Ð¾ÑÐ°ÑÐ¸Ñ ÐÐ°Ð¹ÐºÑÐ¾ÑÐ¾ÑÑ)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 50.1.0 (x86 fr) (HKLM\...\Mozilla Firefox 50.1.0 (x86 fr)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-2196797711-3197828652-2754627983-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: 4.80 - FinePrint Software, LLC)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QQPlayer 3.1.832.400 (HKLM\...\QQPlayer 3.1.832.400) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.0.0 - Adlice Software)
Sall Dz Connect V2 (HKLM\...\Sall Dz Connect V2) (Version:  - )
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skypeâ¢ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SnagIt 9 (HKLM\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
SWiSH Max4 4.0 (HKLM\...\SWiSH Max4 4.0) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Topaz  InFocus (HKLM\...\Topaz  InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz  InFocus (Version: 1.0.0 - Topaz Labs) Hidden
Topaz Adjust 4 (HKLM\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (Version: 4.1.0 - Topaz Labs) Hidden
Topaz Clean 3 (HKLM\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (HKLM\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (Version: 2.0.5 - Topaz Labs) Hidden
Topaz Fusion Express 2 (HKLM\...\Topaz Fusion Express 2) (Version: 2.0.1 - Topaz Labs)
Topaz Fusion Express 2 (Version: 2.0.1 - Topaz Labs) Hidden
Topaz ReMask 2 (HKLM\...\Topaz ReMask 2) (Version: 2.0.5 - Topaz Labs)
Topaz ReMask 2 (Version: 2.0.5 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Vivacity (HKLM\...\{C13A8E73-7E98-4295-BA94-6931701CD1F9}) (Version: 1.3.1 - Topaz Labs LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinSoftMEsti (Version: 0.1 - Adobe Systems Incorporated) Hidden
Xara 3D Maker 7 (HKLM\...\MAGIX_MSI_Xara3D7) (Version: 7.0.0.415 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.415 - Xara Group Ltd) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2196797711-3197828652-2754627983-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\chakiche mohamed\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2196797711-3197828652-2754627983-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\chakiche mohamed\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2196797711-3197828652-2754627983-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\chakiche mohamed\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2196797711-3197828652-2754627983-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\chakiche mohamed\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A1DDCB1-7D56-4AAE-AEA0-457361A9AFB5} - System32\Tasks\{D199F0EA-C7BE-47D3-B5D8-0BF0F48EF724} => pcalua.exe -a "C:\Users\chakiche mohamed\Downloads\Programs\camtasia.exe" -d "C:\Users\chakiche mohamed\AppData\Roaming\IDM"
Task: {1022CF2F-23A2-4397-A32B-B79F19CEA78E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2016-12-13] (NVIDIA Corporation)
Task: {4A747959-1CC8-4467-8B3B-64233DCA1D2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {4AC2D0B3-DDFC-4CF0-972A-E5E1B5689224} - \{B4FF7BA1-DD19-416F-9810-3871F3B9A6A8} -> No File <==== ATTENTION
Task: {4F9FD306-E6A7-4B4D-88CB-2F9B6BEFA6FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {7B7F34AC-5AE9-4BC8-8217-770CC17D42D9} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {85CA2040-0416-4629-84F6-D8782E02A57B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {91D380E1-B8DD-441A-819F-1ED48CA32481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {A7566406-FAF0-4154-BAA1-C54F832BA4B6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-13] (NVIDIA Corporation)
Task: {AC4B05C6-CF48-4E53-9DA7-E30DC0A660F0} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {BA6F761D-B235-4143-84A4-49312BD87EF8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {D443E965-E3C5-4E4F-8A94-982F4A1B0749} - System32\Tasks\{426E2FBB-D54D-449A-9082-025DEDEECA82} => pcalua.exe -a "D:\my programe\Nouveau dossier\SpyHunter-Installer.exe" -d "D:\my programe\Nouveau dossier"
Task: {F36CCC13-DD34-4917-81B4-891DDA059D70} - System32\Tasks\{F399B2C0-79D5-4A2F-848C-8DD73EC953BF} => pcalua.exe -a "C:\Users\chakiche mohamed\Desktop\Adobe Illustrator CS3\Setup.exe" -d "C:\Users\chakiche mohamed\Desktop\Adobe Illustrator CS3"
Task: {F42EC359-AB31-4D72-997E-F4E35B67E3A8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
Task: {FA1BA7A6-7541-4AE9-A271-9DEAFE1D1C30} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater32.exe [2016-12-13] (NVIDIA Corporation)
Task: {FEDDEAC9-58BA-4BB3-833E-02B5FAA55F1E} - System32\Tasks\AdobeAAMUpdater-1.0-chakichemohamed-chakiche mohamed => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-07 16:32 - 2004-10-06 01:31 - 00050364 _____ () C:\Windows\System32\zarpdfmon.dll
2015-12-07 16:32 - 2005-05-24 14:28 - 00045056 _____ () C:\Windows\System32\ZARPDF.dll
2015-10-19 17:35 - 2016-10-18 14:48 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2016-08-18 10:47 - 2016-12-13 00:35 - 00900032 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-18 10:47 - 2016-12-13 00:35 - 03774400 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-08-18 10:47 - 2016-12-13 00:35 - 00018880 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2016-08-18 10:47 - 2016-12-12 15:36 - 00525760 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-08-18 10:47 - 2016-12-12 15:36 - 00254008 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\DriverInstall.node
2016-08-18 10:47 - 2016-12-12 15:36 - 02808888 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\Downloader.node
2016-08-18 10:47 - 2016-12-12 15:36 - 00384568 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-08-18 10:47 - 2016-12-12 15:36 - 00447424 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-18 10:47 - 2016-12-12 15:36 - 00336832 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-08-18 10:47 - 2016-12-12 15:36 - 01003456 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-15 18:09 - 2016-12-12 15:36 - 00956472 _____ () \\?\C:\Program Files\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-27 20:45 - 2016-12-26 10:18 - 21449800 _____ () C:\Program Files\RogueKiller\RogueKiller.exe
2016-12-13 20:19 - 2016-12-13 20:19 - 19761240 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 [116]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-10-12 22:22 - 00000160 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1# activation.cloud.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 l.heouts.com
127.0.0.1 l.heouts.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2196797711-3197828652-2754627983-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\chakiche mohamed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.2.2.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B329C2C2-D24F-4D82-8964-49CE2B1F4A75}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B9C87C4A-38A2-4965-9727-2984AEC46EEA}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{05BB475C-1C05-42F7-BCF9-35C690DADD03}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F3F00D8-06E1-4727-A178-D38A09E12539}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7EE26A01-C2ED-4768-9029-84FF32A302C9}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [UDP Query User{6816FD35-98D1-4572-9474-856CBE29DFCD}C:\program files\internet download manager\iemonitor.exe] => C:\program files\internet download manager\iemonitor.exe
FirewallRules: [TCP Query User{84B12568-902D-4461-92CA-6BB3BE97D92C}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [UDP Query User{CC19D126-7C7C-433A-B8E8-D33D8AF410A9}C:\windows\system32\dwm.exe] => C:\windows\system32\dwm.exe
FirewallRules: [{4D6EB727-49C1-4982-BDEE-F6769DEED677}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51C221CB-E87E-4563-973A-2F7BF8A275F3}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9288D28D-5184-4699-B669-9C1C262D9A39}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EB8566AC-1AF3-4C15-AD88-C574E340F250}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{31931FA2-D19E-4405-B89E-425C6182CC9B}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D7C91A87-E0C3-415D-8428-904523829FB5}] => LPort=8317
FirewallRules: [{AF6EC2AF-D05C-4FED-BA80-E36051D9DC7B}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{DA24CC82-8694-459A-A036-3B1A0B97F507}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6327001D-B754-4FAE-B3BB-EFFC8BE0607E}] => C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{C5784A0E-480F-44CC-BC2F-18FC059E7534}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{17334554-955F-4414-8077-B769F0B5570E}] => C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{EF6F18B9-F7BB-401D-867D-15C0DE0FA348}C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx] => C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx
FirewallRules: [UDP Query User{CC286A94-C821-488E-ABA0-0D6BB4EC5265}C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx] => C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx
FirewallRules: [{20EF907F-F2CC-45C6-AAA5-F01B85A949D3}] => C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx
FirewallRules: [{BD7E7121-1AD0-4490-9A04-BAE25134C7F9}] => C:\users\chakiche mohamed\desktop\newdestv2.1\mainplug.ocx
FirewallRules: [{9EA96067-5D10-414B-A1D0-65DA0C0166C4}] => LPort=5000
FirewallRules: [{29194623-2450-419A-88C9-3DAE0DF4B59B}] => C:\Users\chakiche mohamed\Desktop\EmbratoriaG6.2\libs.exe
FirewallRules: [{A45FF759-A44C-4F90-99F5-43044F0C3713}] => C:\Users\chakiche mohamed\Desktop\EmbratoriaG6.2\libs.exe
FirewallRules: [{32E491BE-68D8-4981-9919-DCCCA87F307F}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D4D9CA2-EA82-4402-ADD9-50000170BF34}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CAC4C7FA-B512-4C2B-B035-708F6C4E9806}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9901828C-6580-4AAF-8742-5572034CE557}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8CB4BAB2-6328-4D0A-8A3F-B41A4AB991FB}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C7635FE-CA15-4933-9722-B5C2A6FE1BAC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

20-12-2016 11:55:27 Windows Update
27-12-2016 16:48:08 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2016 10:01:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ZHPCleaner.exe version 2016.12.27.223 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 142c

Start Time: 01d26083b8144e0e

Termination Time: 12

Application Path: C:\Users\chakiche mohamed\Downloads\Programs\ZHPCleaner.exe

Report Id: 5b7b815b-cc77-11e6-bb12-fcaa14437b6c

Error: (12/27/2016 09:52:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 08:31:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.19104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1328

Start Time: 01d26077a0d96144

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: f3ec81e6-cc6a-11e6-860d-fcaa14437b6c

Error: (12/27/2016 08:30:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.19104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4d8

Start Time: 01d26075f86cecd6

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: d98a1f90-cc6a-11e6-860d-fcaa14437b6c

Error: (12/27/2016 08:18:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.19104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17e8

Start Time: 01d260753b1bc801

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 3186327a-cc69-11e6-860d-fcaa14437b6c

Error: (12/27/2016 08:12:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.19104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f0

Start Time: 01d26074eba0da74

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 7415ec70-cc68-11e6-860d-fcaa14437b6c

Error: (12/27/2016 08:10:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.19104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4e0

Start Time: 01d2607408b32b03

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 23798516-cc68-11e6-860d-fcaa14437b6c

Error: (12/27/2016 06:42:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 04:44:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/26/2016 11:16:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program libs.exe version 6.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 187c

Start Time: 01d25f9a24883723

Termination Time: 159

Application Path: C:\Users\chakiche mohamed\Desktop\EmbratoriaG6.2\libs.exe

Report Id: 466dc84d-cbb3-11e6-987b-fcaa14437b6c


System errors:
=============
Error: (12/27/2016 10:22:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 10:22:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 10:06:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 10:06:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:58:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:58:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:54:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:54:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:52:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/27/2016 09:52:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3563.88 MB
Available physical RAM: 830.86 MB
Total Virtual: 7126.09 MB
Available Virtual: 4281 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150.05 GB) (Free:59.42 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:195.31 GB) (Free:92.52 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:195.31 GB) (Free:157.08 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:195.18 GB) (Free:75.09 GB) NTFS
Drive g: (Local Disk) (Fixed) (Total:195.31 GB) (Free:167.2 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================