[SOLVED] Black screen after session opening

Vyvika · Jul 22, 2015

Hi guys, I hope I'm posting in the right place, if not, please move the post.

I've got a problem when I switch on the computer, after opening the session, I've got error messages (QAEvent errors and explorer.exe error) then a black screen. I can access the desktop if I use the task manager.
I've restored the safe mode and in that mode everything is back to normal.

I've ran KIS, Ccleaner, malwarebytes : 4 viruses, 16 malwares. But the problem is still here.

I've tried sfc /scannow ; chkdsk /r & f ; dism.exe /online /cleanup-image /checkhealth & /restorehealth. But the message then is could not update the file (no internet connexion even with the RJ45 plugged).

I've done what you request :

checkup.txt
Results of screen317's Security Check version 1.005
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome 41.0.2272.101 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Christelle-PC (administrator) on CHRISTELLE on 22-07-2015 18:17:49
Running from C:\Users\TEMP.Christelle.001\Desktop
Loaded Profiles: UpdatusUser & Christelle-PC (Available Profiles: UpdatusUser & Christelle-PC)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAToasts.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-10-17] (Acer Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-480723060-2539262787-1398444115-1002\...\RunOnce: [RegDXVA1] => C:\Windows\system32\cmd.exe /c reg import "C:\Program Files (x86)\Acer\Acer Video Player\SwitchUserVideoKey.reg"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3CCE706D-56BF-4A3A-9816-C1DF962E2A1C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C4E68AE-33AC-4716-9FAF-BA9F1AAD04E8}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S4 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3096832 2014-10-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 841535a4; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\LighterFunc\LighterFunc.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-15] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [129432 2011-07-15] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [129432 2011-07-15] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\system32\DRIVERS\zghsnmea.sys [129432 2011-07-15] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 18:17 - 2015-07-22 18:17 - 00012623 _____ C:\Users\TEMP.Christelle.001\Desktop\FRST.txt
2015-07-22 18:14 - 2015-07-22 18:17 - 00000000 ____D C:\FRST
2015-07-22 18:13 - 2015-07-20 18:57 - 02135552 _____ (Farbar) C:\Users\TEMP.Christelle.001\Desktop\FRST64.exe
2015-07-22 18:13 - 2015-07-08 00:34 - 00852676 _____ C:\Users\TEMP.Christelle.001\Desktop\SecurityCheck.exe
2015-07-22 17:42 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001\PicStream
2015-07-22 17:42 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\clear.fi
2015-07-22 17:40 - 2015-07-22 17:42 - 00000000 ____D C:\Users\TEMP.Christelle.001
2015-07-22 17:40 - 2015-07-22 17:40 - 00001462 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 17:40 - 2015-07-22 17:40 - 00000020 ___SH C:\Users\TEMP.Christelle.001\ntuser.ini
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Voisinage réseau
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Voisinage d'impression
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Modèles
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Menu Démarrer
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Mes vidéos
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Mes images
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\Documents\Ma musique
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 _SHDL C:\Users\TEMP.Christelle.001\AppData\Local\Historique
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Roaming\Adobe
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\VirtualStore
2015-07-22 17:40 - 2015-07-22 17:40 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Local\Google
2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-22 17:40 - 2015-05-06 22:41 - 00000000 ___RD C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-22 17:40 - 2014-03-18 12:13 - 00000369 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-22 17:40 - 2014-03-18 12:13 - 00000369 _____ C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 17:40 - 2013-08-22 17:36 - 00000000 ____D C:\Users\TEMP.Christelle.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-13 19:28 - 2015-07-13 19:28 - 00003432 ____N C:\bootsqm.dat
2015-07-13 14:13 - 2015-07-22 18:10 - 00011046 _____ C:\Windows\WindowsUpdate.log
2015-07-11 23:21 - 2015-07-11 23:21 - 00000000 ____D C:\$WINDOWS.~BT
2015-07-11 14:07 - 2015-07-13 10:35 - 00000000 ____D C:\Users\TEMP.Christelle.000\AppData\Local\clear.fi
2015-07-11 14:04 - 2015-07-13 10:36 - 00000000 ____D C:\Users\TEMP.Christelle.000
2015-07-11 13:14 - 2015-07-11 13:50 - 00000000 ____D C:\Users\TEMP.Christelle\AppData\Local\clear.fi
2015-07-11 13:12 - 2015-07-11 13:50 - 00000000 ____D C:\Users\TEMP.Christelle
2015-07-11 12:51 - 2015-07-11 13:10 - 00021504 _____ C:\Windows\system32\umstartup.etl
2015-07-11 12:13 - 2015-07-11 12:52 - 00000000 ____D C:\Users\TEMP\AppData\Local\clear.fi
2015-07-11 12:11 - 2015-07-11 12:52 - 00000000 ____D C:\Users\TEMP
2015-07-11 11:45 - 2015-07-13 11:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 11:45 - 2015-07-11 11:45 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-11 11:45 - 2015-07-11 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 11:45 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-11 11:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-11 11:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-10 21:05 - 2015-07-11 03:16 - 00000000 ____D C:\SFCFix
2015-07-10 09:29 - 2015-07-11 23:39 - 00000000 _____ C:\Recovery.txt
2015-07-10 09:28 - 2015-07-10 09:28 - 00262144 _____ C:\Windows\system32\config\userdiff
2015-07-09 19:15 - 2015-07-09 19:11 - 01202036 _____ C:\Windows\system32\dism.log
2015-07-07 18:48 - 2015-07-07 18:48 - 00000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 18:03 - 2015-03-24 19:57 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 17:40 - 2015-03-24 19:56 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 17:40 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 14:13 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-11 12:09 - 2015-03-20 21:50 - 00000000 ____D C:\Program Files (x86)\LighterFunc
2015-07-11 12:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Globalization
2015-07-11 01:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppCompat
2015-07-10 00:24 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-08 00:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-08 00:16 - 2014-05-31 11:06 - 00812350 _____ C:\Windows\system32\perfh00C.dat
2015-07-08 00:16 - 2014-05-31 11:06 - 00159412 _____ C:\Windows\system32\perfc00C.dat
2015-07-08 00:16 - 2014-03-18 12:03 - 01824010 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 00:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-07 23:53 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-07 22:12 - 2015-03-24 19:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-07 17:54 - 2014-08-30 20:57 - 00000000 ____D C:\Users\Christelle-PC
2015-07-07 16:35 - 2015-05-06 18:26 - 00000000 ____D C:\Program Files (x86)\Popular Bookmarks
2015-07-07 16:35 - 2015-03-20 21:49 - 00000000 ____D C:\Program Files (x86)\Yumprint
2015-07-07 16:35 - 2014-08-30 15:35 - 00002368 _____ C:\Users\Christelle-PC\Desktop\Internet Explorer.lnk
2015-07-06 21:10 - 2014-05-31 02:01 - 00000000 ____D C:\ProgramData\Temp

==================== Files in the root of some directories =======

2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Christelle-PC\AppData\Local\Temp\oct5434.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-27 08:20

==================== End of log ============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Christelle-PC at 2015-07-22 18:18:13
Running from C:\Users\TEMP.Christelle.001\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrateur (S-1-5-21-480723060-2539262787-1398444115-500 - Administrator - Disabled)
Christelle-PC (S-1-5-21-480723060-2539262787-1398444115-1002 - Administrator - Enabled) => C:\Users\TEMP.Christelle.001
Invité (S-1-5-21-480723060-2539262787-1398444115-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-480723060-2539262787-1398444115-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.04.3004 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2011.1 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.02.2004.7 - Acer Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.0 - DivXNetworks, Inc.)
Enjoy 5 (HKLM-x32\...\{0FC81DD3-6F81-4904-9AE0-0F96160CF87D}}_is1) (Version: - Editions Didier)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Join Me (HKLM-x32\...\{91719435-F4B9-4D21-814D-7C66959DB632}) (Version: 1.0.0 - ZTE)
K-Lite Codec Pack (64-bit) v4.7.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.7.0 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - )
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mises à jour NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Logiciel système PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Pilote graphique 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
Panneau de configuration NVIDIA 332.35 (Version: 332.35 - NVIDIA Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watchtower Library 2013 - Français (HKLM-x32\...\{6153D264-43A5-4CAF-B54F-BC00A5FB721E}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019AB2ED-70F0-4EC0-9A9A-556D42E1A420} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {0DE6AAD1-4841-4E5F-BE09-85C69D8185DF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {47855FCE-742B-4F0B-A554-AA803A5645F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {5026DB25-087B-44BE-99EB-5F7839AEA968} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {748E85BE-16B5-4F06-8BB5-64893B554D77} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {7C922BD8-0936-443D-AA26-A4A817219497} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {932F51B1-BA88-4412-86B4-E11076775AC6} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {970C5A17-F25F-495A-9DE1-5DC0A0CE72DC} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {A44465F9-2542-4A9E-90C0-120775E6FD22} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated)
Task: {A77FF52B-FAD5-4A51-816E-C9498682C914} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-06] (Microsoft Corporation)
Task: {B261AE57-0EE9-46CB-8403-E02DD3C89742} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {B76239DB-AA08-40A2-A80A-F155E7B71572} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {B89835E3-8EE9-48B1-9313-00D1B518202D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {C676CFAC-C4D1-4FBF-89E5-350E8D6D25D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {EF515163-33DF-4426-8AE3-C51A89708E9A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F5785EC5-6830-4C64-A726-54457B59682A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-31 01:45 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-05-31 02:05 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-08-30 15:31 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-31 01:41 - 2013-12-10 01:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-15 02:40 - 2015-02-15 02:40 - 00381440 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-480723060-2539262787-1398444115-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 841535a4 => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 2
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D30DCC3F-FBFB-497F-8204-EB8525B9733B}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D43B8C4F-2A3A-4C6C-8A70-642F2F33E99C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{361A7F45-18CD-4921-A761-3258E81E6DE6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6A3CD21B-FCA5-422D-B1FD-56D57FAE6B67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{49C18C92-5294-4E48-99AA-03B148F9EBC0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{601618CA-DA7A-4A5E-904C-E393A8CA4B61}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{9B5C7EE7-9829-4143-B43F-E1BB76C1874B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1875BA21-57E1-4E82-9F15-6D75E517CBFE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6FDB8AEE-482D-4D01-8ECB-4E7945DD2583}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{0722631C-A55C-4F41-BC5B-F1E5303D4259}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{46B3B8A5-8898-4472-AF29-1E0F0BFF8ECF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{813337E2-0A8A-49CB-A6FD-DF5705658687}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9727F097-9822-44F4-B336-8186BAA61A46}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{E20A52A9-A4E9-48B5-A102-E6193B747123}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{F8EDF0F5-5C9B-4E04-8418-1C1A222B44D7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{90322DE2-99D0-4BFA-9DAC-99F8428F1579}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{A6332FD1-8B5B-44F5-B10F-BC581ACAF28E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{C882A2B4-7F46-44E3-80D1-9B77071A2738}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{AD75C450-64A4-49DC-A5DB-8517028FA8C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8F5CC1FC-85B4-485E-8621-C1B180268FF8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [TCP Query User{F37B86D8-3275-4AD3-8057-4C6877E8B2A7}C:\program files (x86)\acer\abphoto\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abphoto\dmcdaemon.exe
FirewallRules: [UDP Query User{5DFEB325-9270-4570-A300-E6F32DDFE957}C:\program files (x86)\acer\abphoto\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abphoto\dmcdaemon.exe
FirewallRules: [TCP Query User{408F00FF-2A14-4251-BFBB-F2AEF6303229}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DC67D6FD-68BE-44C8-AA91-3669F8C91722}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DE645793-0451-4E3E-ABD6-2F76502CBD7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1DBE67C7-ABAC-4E29-AFE5-DB3A3F9C0731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A7CAD2E3-7C1D-47F1-8CAD-FF560A42DBEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{104670E3-B1DD-4F2D-A8EF-7C06524A4E8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{93528979-DF20-4A1F-BD65-1868DA1E9FAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48C56267-B715-48EF-BBDF-25C1E8EC3F64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BA649ED5-E61F-4693-B631-3C00BD2A7B3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{66818D12-C1C6-4E03-A94E-C35074BBE32A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C6DB6747-A70F-4FCA-AF87-778D2F619E18}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DE498981-AFD5-4655-B5A8-52182481E382}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A762478A-7357-4E6F-B9DB-3EFF978C8796}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Christelle)
Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Christelle)
Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.

Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Christelle)
Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.

DÉTAIL - Le Registre de configuration est endommagé.

Error: (07/22/2015 05:40:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.

DÉTAIL - Le Registre de configuration est endommagé.
pour C:\Users\Christelle-PC\ntuser.dat

Error: (07/08/2015 12:14:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000022eee
ID du processus défaillant : 0x12b0
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5

Error: (07/08/2015 12:14:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000231ae
ID du processus défaillant : 0x754
Heure de début de l’application défaillante : 0xExplorer.EXE0
Chemin d’accès de l’application défaillante : Explorer.EXE1
Chemin d’accès du module défaillant: Explorer.EXE2
ID de rapport : Explorer.EXE3
Nom complet du package défaillant : Explorer.EXE4
ID de l’application relative au package défaillant : Explorer.EXE5

Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Christelle)
Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Christelle)
Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.

Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Christelle)
Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.

DÉTAIL - Le Registre de configuration est endommagé.

Error: (07/08/2015 12:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.

DÉTAIL - Le Registre de configuration est endommagé.
pour C:\Users\Christelle-PC\ntuser.dat

System errors:
=============
Error: (07/22/2015 06:12:13 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/22/2015 06:12:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (07/22/2015 06:11:59 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/22/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (07/22/2015 06:11:59 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/22/2015 06:11:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (07/22/2015 06:11:54 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/22/2015 06:11:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (07/22/2015 06:11:53 PM) (Source: DCOM) (EventID: 10005) (User: AUTORITE NT)
Description: 1068netprofmNon disponible{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (07/22/2015 06:11:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-07-07 22:39:06.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-07 22:39:05.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-05 22:26:49.762
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-05 22:26:49.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-12 08:42:29.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-12 08:42:29.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-05 09:59:17.179
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-05 09:59:16.994
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-21 09:52:39.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-21 09:52:38.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 21%
Total physical RAM: 3987.27 MB
Available physical RAM: 3123.6 MB
Total Virtual: 4947.27 MB
Available Virtual: 4066.1 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.2 GB) (Free:824.09 GB) NTFS
Drive e: () (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E3C767D2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 123 MB) (Disk ID: 42E84C37)
Partition 1: (Active) - (Size=123 MB) - (Type=06)

==================== End of log ============================

Corrine · Jul 22, 2015

Hi, Vivyka. Welcome to Sysnative Forums.

1. The log shows that your are booting to normal. mode. That being the case, the very first thing you need to do is to change the msconfig settings. Please do the following:

Click Start > type msconfig > Enter (alternatively, Open System Configuration by swiping in from the right edge of the screen, tapping Search (or if you're using a mouse, pointing to the upper-right corner of the screen, moving the mouse pointer down, and then clicking Search), entering msconfig in the search box, and then tapping or clicking msconfig.)
On the General tab, ensure Normal startup is checked.
On the Services tab, select Enable all
Click Apply > Click OK

2. CHR dev: Chrome dev build detected! <======= ATTENTION: Chrome is wide open to infection. I strongly advise you uninstall this version of Chrome.

3. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code:

start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Policies\Google: Policy restriction <======= ATTENTION
2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

4. Please download Adware Cleaner by Xplode. Please save it to your desktop!

Close all open programs and internet browsers.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Vyvika · Jul 22, 2015

Hello Corrine, thanks for answering me. I did the 1st step, the computer reboots opening StartisBack configuration box.

I also removed Chrome. Please find below the results of steps 3 & 4 :

Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Christelle-PC at 2015-07-22 23:58:27 Run:2
Running from C:\Users\TEMP.Christelle.001\Desktop
Loaded Profiles: UpdatusUser & Christelle-PC (Available Profiles: UpdatusUser & Christelle-PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\URLSearchHook: [S-1-5-21-480723060-2539262787-1398444115-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Policies\Google: Policy restriction <======= ATTENTION
2014-05-31 01:38 - 2014-05-31 01:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"C:\ProgramData\DP45977C.lfl" => File/Folder not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => key not found.
EmptyTemp: => 6.9 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 23:58:48 ====

AdwCleaner[R0].txt
# AdwCleaner v4.208 - Rapport crÈÈ le 22/07/2015 ‡ 23:34:53
# Mis ‡ jour le 09/07/2015 par Xplode
# Base de donnÈes : 2015-07-09.2 [Locale]
# SystËme d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : Christelle-PC - CHRISTELLE
# ExÈcutÈ depuis : C:\Users\TEMP.Christelle.001\Desktop\adwcleaner_4.208.exe
# Option : Scanner

***** [ Services ] *****

Service TrouvÈ : 841535a4

***** [ Fichiers / Dossiers ] *****

Dossier TrouvÈ : C:\Program Files (x86)\BBestSaveFOrYou
Dossier TrouvÈ : C:\ProgramData\{3c813800-7834-c234-3c81-13800783e001}
Dossier TrouvÈ : C:\ProgramData\7813591689496387423

***** [ T‚ches planifiÈes ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

ClÈ TrouvÈe : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
ClÈ TrouvÈe : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
ClÈ TrouvÈe : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
ClÈ TrouvÈe : HKLM\SOFTWARE\104729bd-c9b2-b3b2-f759-e6fbb7e72a99
ClÈ TrouvÈe : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
ClÈ TrouvÈe : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
ClÈ TrouvÈe : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
ClÈ TrouvÈe : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
ClÈ TrouvÈe : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
ClÈ TrouvÈe : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [1705 octets] - [22/07/2015 23:34:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1765 octets] ##########

Corrine · Jul 22, 2015

Hi, Vyvika. Thanks for letting me know that start is back! Now let's do some additional cleanup.

1. Double-click AdwCleaner.exe to run the tool again.

Click the Scan button.
AdwCleaner will begin to scan your computer like it did before.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
After the scan has finished,
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Is your computer back to normal now?

Vyvika · Jul 23, 2015

Hello Corinne,

I still have the black screen but after changing the startup setting, the session took longer to open and after I had a popup "StartIsBack". I then pressed OK and back to the black screen.

AdwCleaner[S0].txt
# AdwCleaner v4.208 - Rapport créé le 22/07/2015 à 23:35:41
# Mis à jour le 09/07/2015 par Xplode
# Base de données : 2015-07-09.2 [Locale]
# Système d'exploitation : Windows 8.1 (x64)
# Nom d'utilisateur : Christelle-PC - CHRISTELLE
# Exécuté depuis : C:\Users\TEMP.Christelle.001\Desktop\adwcleaner_4.208.exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : 841535a4

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\7813591689496387423
Dossier Supprimé : C:\ProgramData\{3c813800-7834-c234-3c81-13800783e001}
Dossier Supprimé : C:\Program Files (x86)\BBestSaveFOrYou

***** [ Tâches planifiées ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\104729bd-c9b2-b3b2-f759-e6fbb7e72a99
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Clé Supprimée : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17416

*************************

AdwCleaner[R0].txt - [1853 octets] - [22/07/2015 23:34:53]
AdwCleaner[S0].txt - [1685 octets] - [22/07/2015 23:35:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1745 octets] ##########

JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Christelle-PC on 23/07/2015 at 14:16:16,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/07/2015 at 14:22:00,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I still can't connect to the internet, so the FRST tool can't be updated even if needed.

Corrine · Jul 23, 2015

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Vyvika · Jul 23, 2015

Here is the log :

MiniToolBox by Farbar Version: 01-07-2015
Ran by Christelle-PC (administrator) on 23-07-2015 at 15:22:27
Running from "C:\Users\TEMP.Christelle.001\Desktop"
Microsoft Windows 8.1 (X64)
Model: Aspire E5-571G Manufacturer: Acer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configuration IP de Windows

Cache de r�solution DNS vid�.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Qualcomm Atheros AR956x Wireless Network Adapter = Wi-Fi (Media disconnected)
Intel(R) Technology Access TAP Driver (NDIS 6.30) = Ethernet 2 (Media disconnected)

# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Connexion au r�seau local* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Connexion au r�seau local* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# Fin de la configuration du protocole IPv4

Configuration IP de Windows

Nom de l'h�te . . . . . . . . . . : Christelle
Suffixe DNS principal . . . . . . :
Type de noeud. . . . . . . . . . : Hybride
Routage IP activ� . . . . . . . . : Non
Proxy WINS activ� . . . . . . . . : Non

Carte r�seau sans fil Connexion au r�seau local* 2�:

Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
Suffixe DNS propre � la connexion. . . :
Description. . . . . . . . . . . . . . : Carte virtuelle directe Wi-Fi Microsoft
Adresse physique . . . . . . . . . . . : 12-48-9A-88-91-1F
DHCP activ�. . . . . . . . . . . . . . : Oui
Configuration automatique activ�e. . . : Oui

Carte Ethernet Ethernet 2 :

Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
Suffixe DNS propre � la connexion. . . :
Description. . . . . . . . . . . . . . : Intel(R) Technology Access TAP Driver (NDIS 6.30)
Adresse physique . . . . . . . . . . . : 02-50-F2-D0-BD-7A
DHCP activ�. . . . . . . . . . . . . . : Oui
Configuration automatique activ�e. . . : Oui

Carte r�seau sans fil Connexion au r�seau local* 3�:

Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
Suffixe DNS propre � la connexion. . . :
Description. . . . . . . . . . . . . . : Carte virtuelle de r�seau h�berg� Microsoft
Adresse physique . . . . . . . . . . . : 52-48-9A-88-91-1F
DHCP activ�. . . . . . . . . . . . . . : Oui
Configuration automatique activ�e. . . : Oui

Carte r�seau sans fil Wi-Fi�:

Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
Suffixe DNS propre � la connexion. . . : home
Description. . . . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
Adresse physique . . . . . . . . . . . : 90-48-9A-88-91-1F
DHCP activ�. . . . . . . . . . . . . . : Oui
Configuration automatique activ�e. . . : Oui

Carte Ethernet Ethernet :

Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
Suffixe DNS propre � la connexion. . . : home
Description. . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Adresse physique . . . . . . . . . . . : F8-A9-63-76-50-97
DHCP activ�. . . . . . . . . . . . . . : Oui
Configuration automatique activ�e. . . : Oui
Serveur : UnKnown
Address: 127.0.0.1

La requ�te Ping n'a pas pu trouver l'h�te google.com. V�rifiez le nom et essayez � nouveau.
Serveur : UnKnown
Address: 127.0.0.1

La requ�te Ping n'a pas pu trouver l'h�te yahoo.com. V�rifiez le nom et essayez � nouveau.

Envoi d'une requ�te 'Ping' 127.0.0.1 avec 32 octets de donn�es�:
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=128

Statistiques Ping pour 127.0.0.1:
Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
===========================================================================
Liste d'Interfaces
17...12 48 9a 88 91 1f ......Carte virtuelle directe Wi-Fi Microsoft
8...02 50 f2 d0 bd 7a ......Intel(R) Technology Access TAP Driver (NDIS 6.30)
5...52 48 9a 88 91 1f ......Carte virtuelle de r�seau h�berg� Microsoft
4...90 48 9a 88 91 1f ......Qualcomm Atheros AR956x Wireless Network Adapter
3...f8 a9 63 76 50 97 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Table de routage
===========================================================================
Itin�raires actifs�:
Destination r�seau Masque r�seau Adr. passerelle Adr. interface M�trique
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Itin�raires persistants�:
Aucun

IPv6 Table de routage
===========================================================================
Itin�raires actifs�:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Itin�raires persistants�:
Aucun
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/23/2015 02:47:30 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000022eee
ID du processus défaillant : 0x588
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5

Error: (07/23/2015 02:47:29 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000231ae
ID du processus défaillant : 0x728
Heure de début de l’application défaillante : 0xExplorer.EXE0
Chemin d’accès de l’application défaillante : Explorer.EXE1
Chemin d’accès du module défaillant: Explorer.EXE2
ID de rapport : Explorer.EXE3
Nom complet du package défaillant : Explorer.EXE4
ID de l’application relative au package défaillant : Explorer.EXE5

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé.

DÉTAIL - Le Registre de configuration est endommagé.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: AUTORITE NT)
Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants.

DÉTAIL - Le Registre de configuration est endommagé.
pour C:\Users\Christelle-PC\ntuser.dat

Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante explorer.exe, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000022eee
ID du processus défaillant : 0x880
Heure de début de l’application défaillante : 0xexplorer.exe0
Chemin d’accès de l’application défaillante : explorer.exe1
Chemin d’accès du module défaillant: explorer.exe2
ID de rapport : explorer.exe3
Nom complet du package défaillant : explorer.exe4
ID de l’application relative au package défaillant : explorer.exe5

Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Explorer.EXE, version : 6.3.9600.17667, horodatage : 0x54c6f7c2
Nom du module défaillant : StartIsBack64.dll, version : 3.5.0.39, horodatage : 0x52b9f014
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000231ae
ID du processus défaillant : 0x778
Heure de début de l’application défaillante : 0xExplorer.EXE0
Chemin d’accès de l’application défaillante : Explorer.EXE1
Chemin d’accès du module défaillant: Explorer.EXE2
ID de rapport : Explorer.EXE3
Nom complet du package défaillant : Explorer.EXE4
ID de l’application relative au package défaillant : Explorer.EXE5

Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.

Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.

System errors:
=============
Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
Description: Le service User Experience Improvement Program s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
Description: Le service NVIDIA Update Service Daemon s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:50 PM) (Source: Service Control Manager) (User: )
Description: Le service Nero Update s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
Description: Le service Intel(R) Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
Description: Le service Quick Access RadioMgr Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
Description: Le service ePower Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:49 PM) (Source: Service Control Manager) (User: )
Description: Le service Quick Access Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (07/23/2015 02:16:48 PM) (Source: Service Control Manager) (User: )
Description: Le service Cache de police de Windows Presentation Foundation 3.0.0.0 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Error: (07/23/2015 02:16:48 PM) (Source: Service Control Manager) (User: )
Description: Le service Cyberlink RichVideo Service(CRVS) s’est terminé de façon inattendue pour la 1ème fois.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-07-22 23:15:33.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-22 23:15:32.817
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-07 22:39:06.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-07 22:39:05.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-05 22:26:49.762
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-05 22:26:49.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-12 08:42:29.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-12 08:42:29.466
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-05 09:59:17.179
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-03-05 09:59:16.994
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.04.3004 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2011.1 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.02.2004.7 - Acer Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.0 - DivXNetworks, Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Join Me (HKLM-x32\...\{91719435-F4B9-4D21-814D-7C66959DB632}) (Version: 1.0.0 - ZTE)
K-Lite Codec Pack (64-bit) v4.7.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.7.0 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - )
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mises à jour NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Logiciel système PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Pilote graphique 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
Panneau de configuration NVIDIA 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 332.35 - NVIDIA Corporation) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watchtower Library 2013 - Français (HKLM-x32\...\{6153D264-43A5-4CAF-B54F-BC00A5FB721E}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3987.27 MB
Available physical RAM: 2907.79 MB
Total Virtual: 4947.27 MB
Available Virtual: 3545.64 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:914.2 GB) (Free:824.86 GB) NTFS
3 Drive e: () (Removable) (Total:0.12 GB) (Free:0.03 GB) FAT

========================= Users: ========================================

comptes d'utilisateurs de \\CHRISTELLE

Administrateur Christelle-PC Invit‚
UpdatusUser
La commande s'est termin‚e correctement.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Sorry in advance, it's a "french" computer. The answers are provided in french. User profile couldn't be loaded, connexion with a temporary profile.

Corrine · Jul 23, 2015

I could figure out enough of the French to tell that there is a problem with your user account as well as StartIsBack but ran the Application errors through Bing Translator to get a better picture (copied below). Since the Microsoft account settings are corrupt, let's see if the Microsoft Accounts Troubleshooter can repair the corruption. It is described with images here: Microsoft Accounts Troubleshooter: Fix Sync settings problems. The download link from Microsoft is at the end of the article.

Application errors:
==================
Error: (07/23/2015 02:47:30 PM) (Source: Application Error) (User:)
Description: The name of the application failing explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
Exception code: 0xc0000005
Offset error: 0x0000000000022eee
Faulting process ID: 0 x 588
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
The faulting module path: explorer.exe2
Report ID: explorer.exe3
Full name of the failed package: explorer.exe4
Relative to the package application ID failed: explorer.exe5

Error: (07/23/2015 02:47:29 PM) (Source: Application Error) (User:)
Description: The name of the faulting application Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
Exception code: 0xc0000005
Offset error: 0x00000000000231ae
Faulting process ID: 0 x 728
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
The faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Full name of the failed package: Explorer.EXE4
Relative to the package application ID failed: Explorer.EXE5

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows cannot find the local profile and tries to log in with a temporary profile. Changes to this profile will be lost when you log off.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows saved user's profile. Windows will automatically attempt to use the profile saved the next time that the user opens a connection.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or corrupt local profile.

DETAIL - The configuration registry is damaged.

Error: (07/23/2015 02:46:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT Authority)
Description: Windows cannot load the registry. This problem is often caused by insufficient memory or insufficient access rights.

DETAIL - The configuration registry is damaged.
for C:\Users\Christelle-PC\ntuser.dat

Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User:)
Description: The name of the application failing explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
Exception code: 0xc0000005
Offset error: 0x0000000000022eee
Faulting process ID: 0 x 880
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
The faulting module path: explorer.exe2
Report ID: explorer.exe3
Full name of the failed package: explorer.exe4
Relative to the package application ID failed: explorer.exe5

Error: (07/23/2015 02:04:03 PM) (Source: Application Error) (User:)
Description: The name of the faulting application Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: StartIsBack64.dll, version: 3.5.0.39, time stamp: 0x52b9f014
Exception code: 0xc0000005
Offset error: 0x00000000000231ae
Faulting process ID: 0 x 778
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
The faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Full name of the failed package: Explorer.EXE4
Relative to the package application ID failed: Explorer.EXE5

Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows cannot find the local profile and tries to log in with a temporary profile. Changes to this profile will be lost when you log off.

Error: (07/23/2015 02:02:34 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Christelle)
Description: Windows saved user's profile. Windows will automatically attempt to use the profile saved the next time that the user opens a connection.

Vyvika · Jul 23, 2015

Hello, it is not solving the problem either. I really don't know what to do.
Thanks to your help, I know that the HD is clean from any viruses, malwares. And one bug is fixed, I can connect it to the Internet using an ethernet wire.

So I've decided to run dism.exe /online /cleanup-image /checkhealth & /restorehealth. For the first time it said : problem could be solved. But after restarting the computer, same black screen. I'll have to search for sessions problems then.

Vyvika · Jul 24, 2015

Problem solved, the PC being cleansed with your advices and after the dism.exe and the sfc /scannow, I could perform a restoration of the system.

Thank you very much for your help.

Corrine · Jul 24, 2015

That is great news, Vyvika! My help along with your persistence and follow-though.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log.

Vyvika · Jul 25, 2015

I've done it with Delfix. Thanks again.

Corrine · Jul 25, 2015

You are very welcome!

niw · Oct 18, 2015

I am having similar issue on my dell computer. Let me know what I need to do, to hopefully resolve it. Thank you.

Corrine · Oct 18, 2015

Hi, niw. Welcome to Sysnative.

Please follow the instructions at Malware Removal Posting Instructions and create a new thread of your own.

Thank you.

[SOLVED] Black screen after session opening

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Vyvika

Member

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

Vyvika

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

niw

Active member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

[SOLVED] Black screen after session opening

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Member

Member

Administrator, Microsoft MVP, Security Analyst

Member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst