Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
- Ran by User (26-02-2017 04:42:40)
- Running from C:\Users\User\Downloads
- Windows 10 Pro Version 1607 (X64) (2017-01-24 03:29:58)
- Boot Mode: Normal
- ==========================================================
- ==================== Accounts: =============================
- Administrator (S-1-5-21-3622761961-3877210546-77143536-500 - Administrator - Disabled)
- DefaultAccount (S-1-5-21-3622761961-3877210546-77143536-503 - Limited - Disabled)
- defaultuser0 (S-1-5-21-3622761961-3877210546-77143536-1000 - Limited - Disabled) => C:\Users\defaultuser0
- Guest (S-1-5-21-3622761961-3877210546-77143536-501 - Limited - Disabled)
- User (S-1-5-21-3622761961-3877210546-77143536-1001 - Administrator - Enabled) => C:\Users\User
- ==================== Security Center ========================
- (If an entry is included in the fixlist, it will be removed.)
- AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- ==================== Installed Programs ======================
- (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5013D154-A876-4AE4-B4A6-43C3B39BF174}) (Version: 20.8.20117.44411 - Alcor Micro Corp.)
- Alcor Micro USB Card Reader Driver (x32 Version: 20.8.20117.44411 - Alcor Micro Corp.) Hidden
- ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.14 - ASUS)
- ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
- ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.9 - ASUS)
- ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.15.0003 - ASUS)
- ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
- ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0043 - ASUS)
- AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.158 - ICEpower a/s)
- AutoHotkey 1.1.24.05 (HKLM\...\AutoHotkey) (Version: 1.1.24.05 - Lexikos)
- Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
- Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
- Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
- Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
- Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
- Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
- Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
- Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
- Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
- Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
- Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
- Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
- Intel(R) WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
- Intel(R) WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
- Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
- Intel® Integrated Sensor Solution (HKLM-x32\...\{8885abd0-dd54-44d4-ba64-512ea1d48374}) (Version: 3.0.16.3058 - Intel Corporation)
- Intel® PROSet/Wireless Software (HKLM-x32\...\{105782a0-36c3-4808-8d8e-d12cb0b7e4e7}) (Version: 18.40.1 - Intel Corporation)
- Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
- IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
- ISS_Drivers_x64 (Version: 3.0.16.3058 - Intel Corporation) Hidden
- League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
- League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
- Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
- Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
- Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
- Microsoft OneDrive (HKU\S-1-5-21-3622761961-3877210546-77143536-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
- Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
- Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
- Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
- Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
- Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
- NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
- NVIDIA Graphics Driver 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
- NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
- Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
- OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
- OpenAL (HKLM-x32\...\OpenAL) (Version: - )
- qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
- Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7786 - Realtek Semiconductor Corp.)
- Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11168 - Realtek Semiconductor Corp.)
- RuneMate (HKLM-x32\...\5153-2584-1271-2038) (Version: 2.4.18.0 - Team RuneMate)
- SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
- SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
- The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.20.60.1020 - Electronic Arts Inc.)
- Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
- VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
- Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (03/18/2016 11.0.0.9) (HKLM\...\689E9F7827C3AF1059D6C80D6C7F4EF89E2D7E72) (Version: 03/18/2016 11.0.0.9 - ASUS)
- WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
- WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
- WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
- World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
- WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5811 - Kingsoft Corp.)
- XCOM 2 (HKLM-x32\...\XCOM 2_is1) (Version: - )
- ==================== Custom CLSID (Whitelisted): ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== Scheduled Tasks (Whitelisted) =============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- Task: {01D4F082-6880-417D-B830-6B8D9269E0D2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
- Task: {06AF7740-AFA5-4567-A49E-11197356CC13} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
- Task: {0AA3A1AF-E590-44AD-98CA-6C6F7644A190} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon -> No File <==== ATTENTION
- Task: {1CEF9DB3-9187-4407-BA68-819211C8B5F1} - System32\Tasks\WpsExternal_User_20170223082319 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-02-23] (Zhuhai Kingsoft Office Software Co.,Ltd)
- Task: {2E53EFC8-DC17-4BCB-9157-47ADC9F902BA} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
- Task: {3E84BA9A-A24E-4CEF-9E9E-7D256ED37285} - \Intel\Thunderbolt\Start Thunderbolt service when hardware is detected -> No File <==== ATTENTION
- Task: {4A137899-AE5B-4ADC-B12E-BAC5BF023282} - \ATK Package 36D18D69AFC3 -> No File <==== ATTENTION
- Task: {5213B378-161D-4EB8-90CF-3141608A70BD} - \ASUS\ASUS Product Register Service -> No File <==== ATTENTION
- Task: {5747AA99-33E2-448C-BE9D-71FA9C046013} - \Intel\Thunderbolt\Start Thunderbolt application on login if service is up -> No File <==== ATTENTION
- Task: {58141A1B-2617-4207-85C8-D15FD610451E} - \ASUS Splendid ACMON -> No File <==== ATTENTION
- Task: {678AF07D-0E53-4183-A841-CE229B6CEA6C} - \ASUS USB Charger Plus -> No File <==== ATTENTION
- Task: {69340C2E-F9E8-481F-A7F2-4C1CC6CE4B03} - \Intel\Thunderbolt\Start Thunderbolt application when hardware is detected -> No File <==== ATTENTION
- Task: {772CDF6F-066C-4D30-8F73-DA7E11D209F9} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe
- Task: {798093BB-506F-4299-ABA5-BA5A97195635} - \IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec -> No File <==== ATTENTION
- Task: {79EE51A9-622C-433E-838E-E54D12CBE5F3} - \ATK Package A22126881260 -> No File <==== ATTENTION
- Task: {84B9B004-494C-4D0F-A6E7-9429673394CE} - \CheckFlipService -> No File <==== ATTENTION
- Task: {851F7210-5DA8-470F-8352-3F84D6D6F168} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
- Task: {92485410-C212-4FF3-8160-7F99EA4E3CF1} - \Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up -> No File <==== ATTENTION
- Task: {C7C8433E-61C0-4014-AFCE-C338DB4E1EDE} - System32\Tasks\WpsKtpcntrQingTask_User => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe [2017-02-23] (Zhuhai Kingsoft Office Software Co.,Ltd)
- Task: {C93599AB-987D-47A0-90F4-3287FFFF8A96} - System32\Tasks\WpsUpdateTask_User => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe [2017-02-23] (Zhuhai Kingsoft Office Software Co.,Ltd)
- Task: {D6AA541C-6109-4D81-B847-43D272B00706} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-03-31] (Realtek Semiconductor)
- Task: {DFF473E1-EEA7-4150-8B7F-670399E09A63} - \WRU -> No File <==== ATTENTION
- Task: {E5407058-D165-4C4C-B2AD-E99E582109BF} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
- Task: {E6918F9A-896A-4DD5-9643-D9219748041D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
- Task: {EBAC62D5-5305-42C4-84B1-F603BC7ACF85} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
- Task: {EF3E7B77-4E68-473E-967B-FE54F9E35135} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-24] (Google Inc.)
- Task: {EFF03C6E-C9CA-48F7-BFCE-1A366FF47326} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-24] (Google Inc.)
- Task: {F0C225BF-5D5B-4E4E-913D-219354D581A5} - \WRUStartup -> No File <==== ATTENTION
- Task: {FB56F31F-978C-4054-AEBF-EFCC13E6B45E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-03-31] (Realtek Semiconductor)
- (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
- Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
- Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
- Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
- Task: C:\WINDOWS\Tasks\WpsExternal_User_20170223082319.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe ~/wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
- Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_User.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Ãqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
- Task: C:\WINDOWS\Tasks\WpsUpdateTask_User.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe
- ==================== Shortcuts =============================
- (The entries could be listed to be restored or removed.)
- ==================== Loaded Modules (Whitelisted) ==============
- 2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
- 2016-12-15 16:06 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
- 2017-01-24 01:05 - 2016-08-01 07:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
- 2017-02-22 15:30 - 2015-08-16 00:21 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
- 2016-05-03 14:20 - 2016-06-14 20:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
- 2016-05-03 14:20 - 2016-06-14 20:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
- 2016-05-03 14:20 - 2016-06-14 20:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
- 2016-05-03 14:20 - 2016-06-14 20:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
- 2015-11-18 14:46 - 2015-11-18 14:46 - 00016312 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipControlPTP.exe
- 2015-11-18 14:46 - 2015-11-18 14:46 - 00028088 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
- 2015-11-18 14:46 - 2015-11-18 14:46 - 00018872 _____ () C:\Program Files\ASUS\ASUS FlipLock\WifiPowerManager.exe
- 2016-12-15 16:06 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
- 2016-09-26 06:50 - 2016-09-26 06:50 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
- 2017-01-11 10:46 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
- 2017-02-04 13:34 - 2016-06-14 20:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
- 2017-01-11 10:46 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
- 2017-01-11 10:46 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
- 2017-01-11 10:46 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
- 2017-01-11 10:46 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
- 2017-01-11 10:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
- 2015-11-18 14:46 - 2015-11-18 14:46 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
- 2016-02-23 20:56 - 2016-02-23 20:56 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
- 2016-02-23 20:56 - 2016-02-23 20:56 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
- 2016-02-23 20:56 - 2016-02-23 20:56 - 00029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
- 2016-05-03 14:20 - 2016-06-14 20:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
- 2016-01-07 03:48 - 2016-01-07 03:48 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
- ==================== Alternate Data Streams (Whitelisted) =========
- (If an entry is included in the fixlist, only the ADS will be removed.)
- ==================== Safe Mode (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
- ==================== Association (Whitelisted) ===============
- (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
- ==================== Internet Explorer trusted/restricted ===============
- (If an entry is included in the fixlist, it will be removed from the registry.)
- ==================== Hosts content: ===============================
- (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
- 2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
- ==================== Other Areas ============================
- (Currently there is no automatic fix for this section.)
- HKU\S-1-5-21-3622761961-3877210546-77143536-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
- DNS Servers: 192.168.1.1
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
- Windows Firewall is enabled.
- ==================== MSCONFIG/TASK MANAGER disabled items ==
- HKLM\...\StartupApproved\Run32: => "NvBackend"
- ==================== FirewallRules (Whitelisted) ===============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
- FirewallRules: [{7DC41F00-7690-4715-AD66-1F918CCD1250}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
- FirewallRules: [{80A2E6AC-C8AB-44EB-B7CA-8A25C485E20D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
- FirewallRules: [{21D5B3FE-66D7-4F73-A557-DF35FDCB71CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
- FirewallRules: [{69B15738-D700-4457-A824-31368F41DAEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
- FirewallRules: [{51363FE6-9138-4EE2-9564-45AD0285A405}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
- FirewallRules: [{2D33512A-EC46-4CAE-B353-AB1E97555A05}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
- FirewallRules: [{E97775E2-CCE2-4504-8DF6-5CFB27142A34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
- FirewallRules: [{156B6581-0C90-442A-A36F-2E7ED4D66497}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- FirewallRules: [{BC447721-D0E5-4C7A-9755-E9D7ED47B293}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- FirewallRules: [{4EE46D79-7343-4081-A4CD-173C055DB0A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{86912C0F-F995-4A48-983D-222C56814BD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{2A112EFD-1A49-4D36-AB37-1930966E7EDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- FirewallRules: [{5BE35B95-9E95-4AE1-A1F3-527C1F361746}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
- FirewallRules: [{5BB9BBA7-A7AC-4399-BE52-96DBDD57654F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
- FirewallRules: [TCP Query User{8E647595-9CC7-42D0-A264-F535CF73689D}C:\users\user\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\user\jagexcache\jagexlauncher\bin\jagexlauncher.exe
- FirewallRules: [UDP Query User{0E3DB4CE-B1F9-456C-AE3E-35644D9D4A67}C:\users\user\jagexcache\jagexlauncher\bin\jagexlauncher.exe] => (Allow) C:\users\user\jagexcache\jagexlauncher\bin\jagexlauncher.exe
- FirewallRules: [TCP Query User{7D2BBBC3-A00B-4961-A3F2-318D62E2C820}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
- FirewallRules: [UDP Query User{C4B37BBB-1F2D-483A-9023-2FC1C88672D9}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
- ==================== Restore Points =========================
- 12-02-2017 15:16:56 Removed Microsoft Office
- 18-02-2017 23:58:22 Windows Update
- 20-02-2017 20:50:36 Installed Microsoft XNA Framework Redistributable 4.0
- ==================== Faulty Device Manager Devices =============
- ==================== Event log errors: =========================
- Application errors:
- ==================
- Error: (02/26/2017 04:02:47 AM) (Source: Application Error) (EventID: 1000) (User: )
- Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.14393.0, time stamp: 0x57899b1c
- Faulting module name: RsProvider.dll, version: 1.21.0.0, time stamp: 0x564ef37f
- Exception code: 0xc0000005
- Fault offset: 0x0000000000099022
- Faulting process id: 0x4e0
- Faulting application start time: 0x01d2900f1965aca1
- Faulting application path: C:\WINDOWS\System32\svchost.exe
- Faulting module path: C:\Program Files\Realtek\RsProviders\RsProvider.dll
- Report Id: 42a914bb-c11c-4071-8eb9-17e4325ff1c8
- Faulting package full name:
- Faulting package-relative application ID:
- Error: (02/26/2017 03:59:18 AM) (Source: Application Error) (EventID: 1000) (User: )
- Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.14393.0, time stamp: 0x57899b1c
- Faulting module name: RsProvider.dll, version: 1.21.0.0, time stamp: 0x564ef37f
- Exception code: 0xc0000005
- Fault offset: 0x0000000000099022
- Faulting process id: 0x4f4
- Faulting application start time: 0x01d2900e9ca99c8e
- Faulting application path: C:\WINDOWS\System32\svchost.exe
- Faulting module path: C:\Program Files\Realtek\RsProviders\RsProvider.dll
- Report Id: 97fd0303-538b-456a-91b5-7a68b40bbe49
- Faulting package full name:
- Faulting package-relative application ID:
- Error: (02/26/2017 03:58:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5K0EP6D)
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:53:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- Error: (02/26/2017 03:52:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
- Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log for additional information.
- System errors:
- =============
- Error: (02/26/2017 04:04:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
- Description: The Connected Devices Platform Service service terminated with the following error:
- Unspecified error
- Error: (02/26/2017 04:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:03:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
- and APPID
- {F72671A9-012C-4725-9D2F-2A4D32D65169}
- to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:02:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
- Description: The Windows Camera Frame Server service terminated unexpectedly. It has done this 1 time(s).
- Error: (02/26/2017 04:02:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {D63B10C5-BB46-4990-A94F-E40B9D520160}
- and APPID
- {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
- to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:00:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- Error: (02/26/2017 04:00:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
- Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
- {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
- and APPID
- {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
- to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
- CodeIntegrity:
- ===================================
- Date: 2017-02-25 16:57:21.307
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-23 11:44:41.915
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-21 16:09:26.615
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-17 13:45:52.267
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-15 13:15:56.964
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-14 17:08:38.569
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-13 13:51:22.444
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-10 17:54:15.244
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-08 17:34:17.416
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- Date: 2017-02-05 16:52:21.279
- Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
- ==================== Memory info ===========================
- Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
- Percentage of memory in use: 21%
- Total physical RAM: 12151.94 MB
- Available physical RAM: 9583.22 MB
- Total Virtual: 14007.94 MB
- Available Virtual: 11517.76 MB
- ==================== Drives ================================
- Drive c: (OS) (Fixed) (Total:1764.6 GB) (Free:1614.81 GB) NTFS ==>[system with boot components (obtained from drive)]
- ==================== MBR & Partition Table ==================
- ========================================================
- Disk: 0 (Size: 1863 GB) (Disk ID: 2A1B0D37)
- Partition: GPT.
- ==================== End of Addition.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement