Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible malware infection [Solved]

Started by ahhhmeddd , Mar 08 2016 11:18 AM

  • This topic is locked This topic is locked

#1
ahhhmeddd
Posted 08 March 2016 - 11:18 AM

ahhhmeddd

    Member

  • Member
  • PipPip
  • 15 posts
Hello! My computer started running really slow, I noticed cpu-usage levels were extremely high (100% at times). Works fine offline but as soon as I connect to wifi it starts acting out. Avast Antivirus keeps notifying me that it blocked a threat and that (URL:Mal process explorer.exe). Been noticing strange processes running in task manager (multiple explorer.exe, notepad.exe etc)
I'm running Windows 7 with Avast Antivirus
 
Just started FARBAR scan as suggested in the Malware and Spyware Cleaning Guide , will post the results when it's complete.

  • 0

Advertisements

#2
ahhhmeddd
Posted 08 March 2016 - 11:22 AM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ahmed (administrator) on AHMED-HP (08-03-2016 09:10:40)
Running from C:\Users\Ahmed\Desktop\antimal
Loaded Profiles: Ahmed (Available Profiles: Ahmed)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Denon DJ) C:\Program Files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Adobe\Adobe InDesign CC 2014\Utilities\adb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-17] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [Dropbox Update] => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-17] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6BBD7C41-CC3A-4F17-B6D4-A83871B860EF}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E013E5E8-65A1-4D8E-9E2C-3A2236F8E9AE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EB1C81B6-A163-4BF3-94BF-2C61C37874BB}: [NameServer] 83.224.66.134 83.224.70.93
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> {7CD59ED9-0F17-4941-8838-13614384223C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-17] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-17] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://home.fao.org/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?pid=20598&r=2015/05/26&hid=6134911927324705430&lg=EN&cc=IT&unqvl=88
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-30] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ahmed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ahmed\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-09-30] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-09-30] (RealPlayer)
FF Extension: Light Switch - C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi [2011-10-13] [not signed]
FF Extension: Google Shortcuts - C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2011-10-13] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-16] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-31] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=122312","hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=0afce1ea0000000000000024d7db3335","hxxp://www.mystartsearch.com/?type=hp&ts=1432633838&z=c6d018ba49c4185bfc0f0b4g3z4cdo1q7c4c5b7z1m&from=wpc&uid=SAMSUNGXHM640JJ_S2AWJ1NB600956"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Honey) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-03-07]
CHR Extension: (Facebook) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2012-08-30]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2016-03-07]
CHR Extension: (Adblock Plus) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Google Play Music) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-02-09]
CHR Extension: (SoundCloud) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-09]
CHR Extension: (Klout) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2016-02-17]
CHR Extension: (Google Play) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (Google Maps) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17]
CHR Extension: (Gmail) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ahmed\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-17]
CHR HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome - C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
S4 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-17] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 DN-X1600AudioDevMon; C:\Program Files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe [2382096 2015-10-07] (Denon DJ)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [51712 2009-10-15] (Apple Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-17] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-17] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-17] (AVAST Software)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [192000 2011-04-27] (© Guillemot R&D, 2010. All rights reserved.) [File not signed]
S3 DN-X1600; C:\Windows\System32\DRIVERS\DenonDJDN-X1600.sys [554256 2015-10-07] (Denon DJ)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [263168 2011-04-27] (© Guillemot R&D, 2010. All rights reserved.) [File not signed]
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [240640 2011-04-27] (© Guillemot R&D, 2011. All rights reserved.) [File not signed]
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2014-01-15] (KORG INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-21] (Corel Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ta6avs; C:\Windows\System32\Drivers\ta6avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 ta6usb_svc; C:\Windows\System32\Drivers\ta6usb.sys [78696 2012-12-18] (Native Instruments GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-17] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 vodafone_K3805-z_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [78336 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [88064 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cpo; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cpo.sys [13824 2010-09-01] (Vodafone)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-12-01] (ZTE Incorporated) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [X]
S3 ONDAusbnet; system32\DRIVERS\ONDAusbnet.sys [X]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [X]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 13:53 - 2016-03-07 13:53 - 00015401 _____ C:\Users\Ahmed\Desktop\Invoice # EM-030716.pdf
2016-03-06 15:58 - 2016-03-06 15:58 - 01880888 _____ C:\Users\Ahmed\Desktop\CD COVER.pdf
2016-03-06 15:42 - 2016-03-06 15:58 - 07753554 _____ C:\Users\Ahmed\Desktop\CD COVER.psd
2016-03-03 10:46 - 2016-03-05 10:59 - 00000000 ____D C:\Users\Ahmed\AppData\Local\CrashDumps
2016-02-28 12:33 - 2014-05-21 11:20 - 07432578 _____ C:\Users\Ahmed\Desktop\DN-X1600_ownersmanual_english.pdf
2016-02-27 18:32 - 2016-02-27 18:32 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Denon DJ
2016-02-27 18:32 - 2016-02-27 18:32 - 00000000 ____D C:\ProgramData\Denon DJ
2016-02-27 18:00 - 2016-02-27 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Denon DJ
2016-02-27 17:58 - 2016-02-27 17:58 - 00000000 ____D C:\Program Files\Denon DJ
2016-02-27 17:58 - 2016-02-27 17:58 - 00000000 ____D C:\Program Files (x86)\Denon DJ
2016-02-27 17:56 - 2016-02-27 17:56 - 00000000 ____D C:\ProgramData\inMusic
2016-02-20 10:22 - 2016-02-20 10:22 - 00144760 _____ C:\Users\Ahmed\Desktop\Invoice 2016.pdf
2016-02-19 14:59 - 2016-03-04 11:41 - 00000000 ____D C:\Users\Ahmed\Desktop\Real Estate Newsletter
2016-02-19 09:49 - 2016-03-08 09:10 - 00000000 ____D C:\Users\Ahmed\Desktop\antimal
2016-02-18 12:04 - 2016-02-18 12:04 - 00000000 ____D C:\Users\Ahmed\Documents\Custom Office Templates
2016-02-17 21:07 - 2016-02-17 21:09 - 00246460 _____ C:\TDSSKiller.3.1.0.9_17.02.2016_21.07.46_log.txt
2016-02-17 19:42 - 2016-02-17 19:42 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 17:56 - 2016-02-17 17:56 - 02407609 ____H C:\Users\Ahmed\AppData\Local\IconCache.db.backup
2016-02-17 16:44 - 2016-02-17 18:57 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-17 16:44 - 2016-02-17 17:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-17 15:14 - 2016-02-17 15:14 - 00000000 ____D C:\Users\Ahmed\AppData\Local\YSearchUtil
2016-02-17 15:12 - 2016-03-08 09:10 - 00000000 ____D C:\FRST
2016-02-17 11:12 - 2016-02-17 11:12 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-17 11:12 - 2016-02-17 11:12 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-16 18:56 - 2016-02-16 19:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-16 18:53 - 2016-02-16 18:53 - 00000000 __HDC C:\ProgramData\{E54DB1D4-CC7D-414E-8BED-584C447836EA}
2016-02-16 18:46 - 2016-02-16 18:46 - 00000000 __HDC C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2016-02-16 18:45 - 2016-02-16 18:45 - 00000000 __HDC C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2016-02-16 16:34 - 2016-02-16 16:38 - 00246470 _____ C:\TDSSKiller.3.1.0.9_16.02.2016_16.34.28_log.txt
2016-02-16 16:33 - 2016-02-16 18:07 - 00000000 ____D C:\EEK
2016-02-16 16:11 - 2016-02-16 16:11 - 00054674 _____ C:\ComboFix.txt
2016-02-16 15:32 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-16 15:32 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-16 15:32 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-16 15:31 - 2016-02-16 16:11 - 00000000 ____D C:\Qoobox
2016-02-16 15:28 - 2016-02-16 16:07 - 00000000 ____D C:\Windows\erdnt
2016-02-16 03:20 - 2016-02-17 20:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 03:20 - 2016-02-16 18:55 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-16 03:20 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-16 03:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-16 02:52 - 2016-02-16 18:19 - 00000000 ____D C:\Users\Ahmed\AppData\LocalLow\uTorrent
2016-02-15 23:48 - 2016-02-15 23:48 - 00047104 _____ C:\Users\Ahmed\Desktop\FW Query an e-card.msg
2016-02-15 22:47 - 2016-02-15 22:47 - 00378408 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-02-15 17:42 - 2016-02-15 17:42 - 00000000 __HDC C:\ProgramData\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}
2016-02-15 17:41 - 2016-02-15 17:41 - 00000000 ____D C:\Backup
2016-02-15 16:01 - 2016-02-15 16:01 - 00000000 ____D C:\Program Files\Movie Maker
2016-02-15 16:01 - 2016-02-15 16:01 - 00000000 ____D C:\drmsoft
2016-02-15 15:49 - 2016-02-17 18:00 - 00000000 ___HD C:\ProgramData\{2F752DAC-F812-4497-9E91-D8701A4745CB}
2016-02-15 15:48 - 2016-02-18 14:01 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Kobigz
2016-02-09 17:17 - 2016-02-11 12:49 - 00000000 ___RD C:\Users\Ahmed\Desktop\first track Project
2016-02-09 11:14 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 11:14 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 11:14 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 11:14 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 11:14 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 11:14 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 11:14 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 11:14 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 11:14 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 11:14 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 11:14 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 11:14 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 11:14 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 11:14 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 11:14 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 11:14 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 11:14 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 11:14 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 11:14 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 11:14 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 11:14 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 11:14 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 11:14 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 11:14 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 11:14 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 11:14 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 11:14 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 11:14 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 11:14 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 11:14 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 11:14 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 11:14 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 11:14 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 11:14 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 11:14 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 11:14 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 11:14 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 11:14 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 11:14 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 11:14 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 11:14 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 11:14 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 11:14 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 11:14 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 11:14 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 11:14 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 11:14 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 11:14 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 11:14 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 11:14 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 11:14 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 11:14 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 11:14 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 11:14 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 11:14 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 11:14 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 11:14 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 11:14 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 11:14 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 11:14 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 11:14 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 11:13 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 11:13 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 11:13 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 11:13 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 11:13 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 11:13 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 11:13 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 11:13 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 11:13 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 11:13 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 11:13 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 11:13 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 11:13 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 11:13 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 11:12 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 11:12 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 11:12 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 11:12 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 11:12 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 11:12 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 11:12 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 11:12 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 11:12 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 11:12 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 11:12 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 11:12 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 11:12 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 11:12 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 11:12 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 11:12 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 11:12 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 11:12 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 11:12 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 11:11 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 11:11 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 11:11 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 11:11 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 11:11 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 11:11 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 11:11 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 11:11 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 09:11 - 2012-11-29 00:28 - 00000000 ____D C:\Users\Ahmed\Documents\Outlook Files
2016-03-08 09:00 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 09:00 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 08:55 - 2015-12-10 11:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job
2016-03-08 08:54 - 2009-07-13 21:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-08 08:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-03-07 13:14 - 2015-12-10 11:42 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job
2016-03-04 10:28 - 2011-09-23 14:06 - 00000000 ____D C:\Users\Ahmed\AppData\Local\ElevatedDiagnostics
2016-03-04 10:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-27 18:17 - 2013-06-06 23:21 - 00000000 ___RD C:\Users\Ahmed\Desktop\Dropbox
2016-02-27 18:16 - 2012-11-02 06:42 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Dropbox
2016-02-27 18:12 - 2013-04-17 01:35 - 00000000 ___RD C:\Users\Ahmed\Google Drive
2016-02-27 18:08 - 2015-02-27 00:16 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-02-27 18:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-27 17:56 - 2014-07-01 05:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 11:36 - 2015-04-05 16:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 11:36 - 2015-04-05 16:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-23 11:15 - 2011-09-05 06:32 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-20 12:32 - 2013-12-10 01:58 - 00000000 ____D C:\Users\Ahmed\Desktop\IFAD
2016-02-19 15:04 - 2012-02-12 18:53 - 00002393 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 09:57 - 2015-06-11 14:57 - 00000803 _____ C:\Users\Ahmed\Desktop\werkkk.txt
2016-02-19 09:47 - 2012-07-11 01:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-18 11:53 - 2015-10-25 13:20 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-02-17 18:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2016-02-17 16:54 - 2012-05-08 07:45 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Downloaded Installations
2016-02-17 16:48 - 2015-09-22 11:01 - 00021295 _____ C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.EML
2016-02-17 15:58 - 2015-09-15 16:35 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Deployment
2016-02-17 15:58 - 2012-07-22 23:24 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Apps\2.0
2016-02-17 15:25 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-17 15:14 - 2014-05-07 00:51 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-02-17 14:52 - 2014-01-28 05:18 - 00007603 _____ C:\Users\Ahmed\AppData\Local\Resmon.ResmonCfg
2016-02-17 13:01 - 2012-07-23 22:59 - 00000000 ____D C:\Users\Ahmed\Documents\CV
2016-02-17 11:56 - 2012-07-11 23:09 - 00000000 ____D C:\Users\Ahmed\Documents\FINANCES
2016-02-17 11:40 - 2012-05-01 05:58 - 03246444 _____ C:\Windows\ntbtlog.txt
2016-02-17 11:16 - 2013-03-14 07:21 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-17 11:12 - 2014-05-13 00:14 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-17 11:12 - 2014-01-05 02:53 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-17 11:12 - 2013-03-14 07:21 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-17 11:12 - 2012-02-25 01:29 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-17 11:12 - 2011-09-05 06:32 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-17 11:11 - 2011-09-05 06:32 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-17 10:44 - 2016-01-30 17:42 - 00000000 ____D C:\Users\Ahmed\Desktop\mark sculptures
2016-02-17 10:24 - 2011-09-11 20:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-16 18:48 - 2014-04-09 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-02-16 18:46 - 2011-09-06 03:39 - 00000000 ____D C:\Program Files\Native Instruments
2016-02-16 18:46 - 2011-09-06 03:39 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-02-16 18:39 - 2012-01-16 05:34 - 00000000 ____D C:\Users\Ahmed\Downloads\software
2016-02-16 16:05 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-02-16 11:50 - 2015-05-25 04:51 - 00000034 _____ C:\Users\Ahmed\AppData\Roaming\AdobeWLCMCache.dat
2016-02-16 09:06 - 2015-10-25 13:20 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-02-16 09:06 - 2014-03-14 05:09 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-16 09:06 - 2013-12-11 04:39 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-16 09:06 - 2013-11-14 06:42 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2016-02-16 09:06 - 2011-09-04 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-16 09:06 - 2009-07-13 20:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-16 09:05 - 2016-01-25 12:04 - 00000829 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-02-16 09:05 - 2013-10-17 00:17 - 00001417 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-16 09:05 - 2013-03-18 01:06 - 00000881 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-02-16 09:05 - 2009-07-13 21:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-16 09:05 - 2009-07-13 20:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-16 09:04 - 2016-01-25 12:04 - 00001034 _____ C:\Users\Ahmed\Desktop\Start Tor Browser.lnk
2016-02-16 09:04 - 2013-04-17 01:35 - 00001709 _____ C:\Users\Ahmed\Desktop\Google Drive.lnk
2016-02-15 22:58 - 2011-09-04 06:42 - 00378408 _____ C:\Users\Ahmed\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-15 22:47 - 2009-07-13 20:45 - 07302936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-15 18:36 - 2013-12-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-15 18:36 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-11 17:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-09 19:29 - 2014-12-12 01:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-09 19:29 - 2014-05-06 23:50 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-09 19:13 - 2013-07-15 23:12 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 19:00 - 2011-09-04 17:55 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 18:55 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2016-02-09 18:43 - 2011-05-18 18:17 - 00779276 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-09 17:20 - 2014-05-07 00:39 - 00205212 _____ C:\Windows\hpwins26.dat
 
==================== Files in the root of some directories =======
 
2011-12-31 08:27 - 2011-12-31 08:27 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-07-19 07:09 - 2012-07-20 02:13 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2012-11-06 06:31 - 2015-05-04 08:30 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2011-09-06 16:41 - 2012-07-20 03:25 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-23 03:16 - 2015-05-18 07:18 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-05-25 04:51 - 2016-02-16 11:50 - 0000034 _____ () C:\Users\Ahmed\AppData\Roaming\AdobeWLCMCache.dat
2015-09-22 11:33 - 2015-09-22 12:48 - 0037929 _____ () C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.ADR
2015-09-22 11:01 - 2016-02-17 16:48 - 0021295 _____ () C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.EML
2011-09-18 05:22 - 2012-05-17 09:09 - 0002380 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.Desktop.Exception.log
2011-09-18 05:19 - 2013-09-13 01:19 - 0002021 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-18 05:22 - 2012-05-17 09:09 - 0000308 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-09-20 01:49 - 2011-09-20 01:49 - 0001456 _____ () C:\Users\Ahmed\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-07 23:34 - 2015-02-19 03:45 - 0001456 _____ () C:\Users\Ahmed\AppData\Local\Adobe Save for Web 13.0 Prefs
2011-09-04 12:05 - 2013-04-25 04:11 - 0009216 _____ () C:\Users\Ahmed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-23 10:39 - 2011-11-23 10:39 - 0002425 _____ () C:\Users\Ahmed\AppData\Local\FastClean.20111123.193949.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0002264 _____ () C:\Users\Ahmed\AppData\Local\IWDAudHelper.20111123.194029.txt
2011-11-23 10:40 - 2011-11-23 10:41 - 0048842 _____ () C:\Users\Ahmed\AppData\Local\IWDAudHelper.20111123.194047.txt
2013-09-02 01:00 - 2013-09-02 01:00 - 0004096 ____H () C:\Users\Ahmed\AppData\Local\keyfile3.drm
2011-11-23 10:39 - 2011-11-23 10:39 - 0000673 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.193956.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001682 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194002.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0000673 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194011.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001229 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194028.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001247 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194040.txt
2014-02-06 00:03 - 2014-02-06 00:03 - 0001655 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20140206.090331.txt
2013-12-19 01:22 - 2013-12-19 01:22 - 0000218 _____ () C:\Users\Ahmed\AppData\Local\recently-used.xbel
2014-01-28 05:18 - 2016-02-17 14:52 - 0007603 _____ () C:\Users\Ahmed\AppData\Local\Resmon.ResmonCfg
2015-05-27 23:29 - 2015-05-27 23:29 - 0000000 _____ () C:\Users\Ahmed\AppData\Local\Temp.dat
2014-05-07 00:05 - 2016-02-09 17:19 - 0003620 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Ahmed\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-11 16:52
 
==================== End of FRST.txt ============================

  • 0

#3
ahhhmeddd
Posted 08 March 2016 - 11:22 AM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

ADDITION LOG

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ahmed (2016-03-08 09:12:03)
Running from C:\Users\Ahmed\Desktop\antimal
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-04 14:39:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3886721561-2564760882-2778430979-500 - Administrator - Disabled)
Ahmed (S-1-5-21-3886721561-2564760882-2778430979-1000 - Administrator - Enabled) => C:\Users\Ahmed
Guest (S-1-5-21-3886721561-2564760882-2778430979-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3886721561-2564760882-2778430979-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABL 2.9.2 (HKLM-x32\...\AudioRealism Bass Line 2_is1) (Version:  - AudioRealism)
Ableton Live 9 Suite (HKLM-x32\...\{A8D189F5-A5BD-4F59-94C3-BD39662B96F7}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.2.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.2 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{C62850D7-40DA-4401-897B-1B2275B6FEEC}) (Version: 2014.0.0.328 - Adobe Systems, Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.0 - PainteR)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Music (HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Audio Converter 4.0.3 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArtRage Studio (HKLM-x32\...\{A35086FB-486A-47FB-8D29-92A7DA63B0D2}) (Version: 3.5.12 - Ambient Design)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5.3817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Denon DJ DN-X1600 1.0.1 (x64) (HKLM\...\{8F6CA484-A3C1-4E9D-88F3-F1736FA5AF0B}) (Version: 1.0.1 - Denon DJ)
DfontSplitter 0.3.1 (HKLM-x32\...\{19B98EFB-9493-4651-96DD-A6768A5024E3}_is1) (Version:  - Peter Upfold)
Dropbox (HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A82F706D-6456-4E76-A037-4A00C4F0259D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6330.0 - IDT)
INet (HKLM-x32\...\Alcatel Limo INet_is1) (Version:  - Alcatel)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel Digital Logo (HKLM-x32\...\{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}) (Version: 1.0.5 - Hewlett-Packard Company)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2a04474-104a-49b3-9bf5-33afee260030}) (Version: 17.14.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KORG KONTROL Editor (HKLM-x32\...\{7A758BA6-3B7E-4182-8319-02F64CF1EB77}) (Version: 1.30.0003 - KORG Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LockHunter version 1.0 beta 3, 64 bit edition (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
mapbox-studio (HKLM-x32\...\mapbox-studio) (Version:  - Mapbox)
Max 6.1.1 (HKLM\...\{7EDD147B-8918-4715-94D5-987995044696}) (Version: 136.1.1 - Cycling '74)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 14 CTP Redistributable (x64) - 14.0.22129 (HKLM-x32\...\{8a6c0ef2-b24e-4897-a1d7-367c3212a70b}) (Version: 14.0.22129.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\MusicManager) (Version:  - Google, Inc.)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.5.6.1344 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.3.1177 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.3.144 - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pioneer CDJ Driver (HKLM-x32\...\Pioneer CDJ) (Version: 1.200.000.000 - Pioneer Corporation.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5015 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5015 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QGIS Chugiak 2.4.0 Chugiak (HKLM\...\QGIS Chugiak) (Version:  - QGIS Development Team)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
RTC Client API v1.3 msm (HKLM-x32\...\{DF487E0B-8B2F-430B-A7F9-94DEF592555D}) (Version: 1.3 - Microsoft)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
sign pro PDF (novaPDF OEM 7.7 printer) (HKLM\...\sign pro PDF_is1) (Version: 7.7.396 - Softland)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom sign pro PDF (HKLM-x32\...\{FF489CB2-9356-424B-8AB6-B6299807727E}) (Version: 2.0.13 - Wacom Co., Ltd.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\929413420CDE2F0C2C08C06E73FF16D9CB6C9807) (Version: 09/17/2009 3.0.0.5 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Word uTIlities version 1.7 (HKLM-x32\...\{B37D51F7-7F4E-4244-A118-13E83A0CAD81}_is1) (Version: 1.7 - J. Raubenheimer)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01F493E7-46C3-49D1-8898-A075720C403F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0AC8E017-1C78-4A70-86B3-0C0DB1007D76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {0C2AF2E7-CD62-4FC1-9BA0-33593859E91A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-17] (AVAST Software)
Task: {141B2D8B-FC90-460B-B21F-DD2AB6EB4546} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {184BDE7D-8AF9-48C1-8E78-CB7EAB2FE102} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e77a487fc07f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {1906EA1E-EEBD-4D43-B2CD-85F755F0E796} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1C7FB1C3-ABCB-4FE3-B59D-F199D8140B6A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3886721561-2564760882-2778430979-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1C88E3CC-8E24-4351-9288-E0353D935B21} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3886721561-2564760882-2778430979-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1E87DF55-721B-40F2-80ED-BC9DAC6E87B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97 => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {1F6B0135-C619-4FEE-B565-90CF2144973C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3886721561-2564760882-2778430979-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2535ADA6-70FA-4679-8EA6-C1B09CD4A6D5} - System32\Tasks\{FA5B94F7-8815-47A9-AC9C-CD99C548E578} => pcalua.exe -a G:\Windows/Setup.exe -d G:\
Task: {2BBC3CFE-E22E-4861-A4F4-5B98669C7AEB} - System32\Tasks\GoogleUpdateTaskMachineCore1d13382d7c92e76 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {2CFE0AA8-AA8E-4973-BCAD-597E1D2EAC2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {2EC9805A-14CC-4C05-9530-F1CE616DE612} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {34AAD9F9-6898-4A88-8538-A80B3E297411} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {3BD9125A-B1FD-491A-80D8-D7AC96BC7641} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {3FB0F3BE-581E-4FCE-9F53-096B374F4631} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {541BD230-565E-4E8C-87AC-1CBBC85B8B3B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6D0A4EB9-707C-41EA-9754-62028199B845} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d0e77b90479d50 => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7D6823FB-7723-42F1-A88C-5F52ACCFF517} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d0e77b9028ab6d => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {82D36B4C-3079-4DEC-B8EB-61D3E11060BD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {85A5AE34-B941-464C-B5B8-DF86FD7FC260} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {8BEBA9C8-C5C4-4BCD-BB27-BFAA1F53119E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {A1140D74-BB0C-40D3-A88E-152EBC0F3573} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A7124FBC-D4CA-45C6-BA0E-3B194AFD0EE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNFF317366 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {AA4E113F-8389-496F-A388-8E4685B46BDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-01] (Adobe Systems Incorporated)
Task: {AA523E47-0916-4F04-A180-551B4D926E52} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3886721561-2564760882-2778430979-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AA5BCCCB-5625-4302-8C95-2305A422ED7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e77a48d310a8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BB0336CA-4269-4565-945E-DAB9038D3849} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNFF729066 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {BE27F837-D84F-4E26-AE04-FF6C376EAA14} - System32\Tasks\Amazon Music Helper => C:\Users\Ahmed\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-07] ()
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D74108B8-DC8D-49F7-980E-78F6F4141819} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {D7700250-C2D7-4128-AFA0-2731DC34EA1A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {D9C2DDB8-C429-4D28-AFC7-015DA8174F88} - System32\Tasks\{0327B490-AB21-4C47-AD89-0C5264A7407C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-10-14] (Skype Technologies S.A.)
Task: {DE40464B-806A-4612-9820-20AC560FB285} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E24DD3CD-C43A-4AA5-9194-8BE99588EC59} - System32\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {E6E8FBF7-D9E6-4F1E-BA83-19FE25BEC16F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNF9DCPB2B => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {EDE1C5B9-EE0F-4C06-B955-943C92D82DB6} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3886721561-2564760882-2778430979-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EEF9A64E-D1EF-4AA1-8264-3DFE576B414F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EFE98684-CE8F-4862-ADF0-B3238682ACD3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {F758F61D-3103-4AE8-A5BE-62A92FFDF4C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F9BAE739-8CF0-4CEC-B0C2-39EDD2A606E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d13382d8392ffa => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {F9F3DFA0-0859-4D9B-96C5-03A66CFF8F27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e77a487fc07f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d13382d7c92e76.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e77a48d310a8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d0e77b9028ab6d.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d0e77b90479d50.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000UA1d13382d8392ffa.job => C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ahmed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\QGIS Desktop 2.4.0.lnk -> C:\Program Files\QGIS Chugiak\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISCH~1\bin\qgis.bat
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 13:35 - 2015-01-20 13:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 09:27 - 2012-12-07 09:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-03-25 17:28 - 2011-03-25 17:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-03 02:55 - 2014-09-03 02:55 - 00815104 _____ () C:\Program Files\Adobe\Adobe InDesign CC 2014\Utilities\adb.exe
2015-04-16 07:42 - 2015-04-16 07:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-22 07:23 - 2015-04-22 07:23 - 00170656 _____ () C:\Program Files\Microsoft Office\Office15\OUTLCTL.DLL
2011-09-04 08:55 - 2011-05-28 12:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-02-17 11:12 - 2016-02-17 11:12 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-17 11:12 - 2016-02-17 11:12 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-27 17:33 - 2016-02-27 17:33 - 02835456 _____ () C:\Program Files\AVAST Software\Avast\defs\16022701\algo.dll
2016-02-17 11:12 - 2016-02-17 11:12 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-17 11:12 - 2016-02-17 11:12 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-03-08 08:54 - 2016-03-08 08:54 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030800\algo.dll
2016-01-05 10:45 - 2016-01-05 10:45 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-27 18:11 - 2016-02-27 18:11 - 00098816 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32api.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00110080 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\pywintypes27.dll
2016-02-27 18:11 - 2016-02-27 18:11 - 00364544 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\pythoncom27.dll
2016-02-27 18:11 - 2016-02-27 18:11 - 00320512 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32com.shell.shell.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00776704 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_hashlib.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 01176576 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._core_.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00806400 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._gdi_.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00816128 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._windows_.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 01067008 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._controls_.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00733184 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._misc_.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00682496 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\pysqlite2._sqlite.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00088064 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_ctypes.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00119808 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32file.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00108544 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32security.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00007168 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\hashobjs_ext.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00017920 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\thumbnails_ext.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00088064 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\usb_ext.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00167936 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32gui.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00018432 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32event.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00046080 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_socket.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 01208320 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_ssl.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00128512 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_elementtree.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00127488 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\pyexpat.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00013824 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\common.time34.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00036864 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_psutil_windows.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00038912 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32inet.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00525240 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\windows._lib_cacheinvalidation.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00011264 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32crypt.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00077312 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._html2.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00027136 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_multiprocessing.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00020480 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\_yappi.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00035840 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32process.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00686080 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\unicodedata.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00078848 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._animate.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00123392 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\wx._wizard.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00024064 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32pipe.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00010240 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\select.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00025600 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32pdh.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00017408 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32profile.pyd
2016-02-27 18:11 - 2016-02-27 18:11 - 00022528 _____ () C:\Users\Ahmed\AppData\Local\Temp\_MEI45562\win32ts.pyd
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 04:17 - 2014-01-20 04:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-12 01:50 - 2014-02-10 03:44 - 04592128 _____ () C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 01:50 - 2014-02-10 03:44 - 00112128 _____ () C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-02-19 15:03 - 2016-02-17 20:15 - 16808600 _____ () C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\Ahmed\Local Settings:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Application Data:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temp:QlHfkLwD7sC2ruKsOnJNZSis [2326]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temporary Internet Files:qIMv6HXms16O280lUQpZausSzM [2394]
AlternateDataStreams: C:\ProgramData\Microsoft:B9luYKN8JV1DdbvMcnS [2098]
AlternateDataStreams: C:\ProgramData\Microsoft:bziNIvelVVIWG8Zoc31E [2328]
AlternateDataStreams: C:\ProgramData\Microsoft:D43ckA9xRqZThAtxrjMexr0 [2634]
AlternateDataStreams: C:\ProgramData\Microsoft:rDvylPmKYECUsSMmEdWVyWt [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:SWXVImA9KJP2xsMdTct35i1eonF8JF [2450]
AlternateDataStreams: C:\ProgramData\Microsoft:xduKw2Ij6EmZCTlDGG4k [2660]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-02-16 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Alcatel Limo Modem Device Helper => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HerculesDJControlMP3 => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TabletServiceWacom => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WTabletServicePro => 2
MSCONFIG\Services: ZeroConfigService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Alcatel Limo ModemListener => C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: Amazon Music => "C:\Users\Ahmed\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Ahmed\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\Ahmed\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: Google Update => "C:\Users\Ahmed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hercules DJ Series => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Ahmed\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SmartVoip => "C:\Program Files (x86)\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Ahmed\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{36375CC7-09C8-4CBD-933B-B5468D1AF99E}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{67FAADF0-9859-46CF-9FB3-B901DF8AD6A7}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{122A3EEB-C842-49DD-9CAE-A581A2F460DF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{893CC9E2-3B45-4FD6-8E06-C6A57C433953}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{0DAFDA73-72C8-4182-9BA9-4C843C7976C0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1FE6C373-2D6F-4A99-B97A-514CB501E1B2}] => (Allow) LPort=2869
FirewallRules: [{92A74957-4C22-4B59-9298-D4B26E136E66}] => (Allow) LPort=1900
FirewallRules: [{7C545B9E-AB70-4024-BC10-7B5A655D5796}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{668295EA-4C0B-49DD-9845-DA5A2401AC3F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{95E7902A-6BA4-457F-AF6A-43967A07BCDE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5E909154-380E-4D07-BA6E-636B1B8440B2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{854FE9F4-2FCF-4947-B9AF-73C1DD780FB4}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{42D6632F-4B74-4F93-92BF-9AF0AD1A688B}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{3D497511-7FC4-466A-B145-5F60FAB0FE1E}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) C:\program files (x86)\ea sports\fifa 11\game\fifa.exe
FirewallRules: [UDP Query User{DFB6E98B-B480-43DF-B509-BB20875AB860}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) C:\program files (x86)\ea sports\fifa 11\game\fifa.exe
FirewallRules: [TCP Query User{D6DF80EA-8FFF-4CD5-BFDB-73B2135522BF}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) C:\program files (x86)\ea sports\fifa 11\game\fifa.exe
FirewallRules: [UDP Query User{C305D99A-05DB-4D29-86DC-70B9C0C4FE4A}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe] => (Allow) C:\program files (x86)\ea sports\fifa 11\game\fifa.exe
FirewallRules: [TCP Query User{651C7041-7F32-4D3B-92C7-0323B8A27FA3}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{882234CB-672E-4614-B380-0DD280B2D2E4}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [TCP Query User{5C032FCC-67ED-4ABF-879D-283950C4D9EC}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{8C8067E9-0032-4DC0-9E43-B8D08210B30A}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{3840A179-28B1-4192-8E01-E66FC9C08059}C:\program files (x86)\fifa 12\game\fifa.exe] => (Allow) C:\program files (x86)\fifa 12\game\fifa.exe
FirewallRules: [UDP Query User{C6E849D6-A0F1-4CDC-8DA3-1DDC14D7A680}C:\program files (x86)\fifa 12\game\fifa.exe] => (Allow) C:\program files (x86)\fifa 12\game\fifa.exe
FirewallRules: [TCP Query User{F9606EF3-F316-4ECC-9C30-8BF61F210DF5}C:\Program Files (x86)\FIFA 12\Game\fifa.exe] => (Block) C:\Program Files (x86)\FIFA 12\Game\fifa.exe
FirewallRules: [UDP Query User{50AE34E4-D260-4B3B-8F85-A13538BE0A37}C:\Program Files (x86)\FIFA 12\Game\fifa.exe] => (Block) C:\Program Files (x86)\FIFA 12\Game\fifa.exe
FirewallRules: [{1EF1627F-A807-4CA0-AC67-AFC985F88D82}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{DAFE098B-BB8C-4176-B614-DE08EC5862BD}] => (Allow) C:\Program Files (x86)\SmartVoip.com\SmartVoip\SmartVoip.exe
FirewallRules: [{A529D9B1-E9DB-4A8E-9D76-38EF4264C077}] => (Allow) C:\Program Files (x86)\SmartVoip.com\SmartVoip\SmartVoip.exe
FirewallRules: [{CCA8D606-3C66-460C-8274-8FBB2A9DB1CA}] => (Allow) C:\Program Files (x86)\SmartVoip.com\SmartVoip\SmartVoip.exe
FirewallRules: [{A9288359-3913-4F84-A06C-F7C5E5ED25F4}] => (Allow) C:\Program Files (x86)\SmartVoip.com\SmartVoip\SmartVoip.exe
FirewallRules: [{2D0D2A50-451D-46F5-AC74-339C7A9AC422}] => (Allow) C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
FirewallRules: [{C9B37005-95DA-4B83-B31A-4DEA647D4F87}] => (Allow) C:\Program Files (x86)\Rynga.com\Rynga\Rynga.exe
FirewallRules: [{E6BE3E86-8B06-4C91-97F7-3CBF055514A6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{AFCB70DB-585D-4FEE-812C-7C8587B9306D}C:\program files (x86)\pioneer\rekordbox 2.0.3\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\psvnfsd.exe
FirewallRules: [UDP Query User{CE55CF05-053F-4332-810E-D53C62DEB0E4}C:\program files (x86)\pioneer\rekordbox 2.0.3\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\psvnfsd.exe
FirewallRules: [TCP Query User{79734E9A-4EAD-4CCA-85A8-F3483D2F03BF}C:\program files (x86)\pioneer\rekordbox 2.0.3\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\psvlinksysmgr.exe
FirewallRules: [UDP Query User{A9D12D4F-21B8-45D5-B5CE-931567C635D6}C:\program files (x86)\pioneer\rekordbox 2.0.3\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\psvlinksysmgr.exe
FirewallRules: [TCP Query User{4F36D074-F87C-48EF-818A-C695526DB7B6}C:\program files (x86)\pioneer\rekordbox 2.0.3\rekordbox.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\rekordbox.exe
FirewallRules: [UDP Query User{D57FB8F7-130B-4435-948E-D96ABC1513CC}C:\program files (x86)\pioneer\rekordbox 2.0.3\rekordbox.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 2.0.3\rekordbox.exe
FirewallRules: [{4C9AA063-4506-4D25-B3E0-72BF956B94FA}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{69F13EC4-FA5A-426D-8C87-DB7AD638F8E8}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C8DE7456-D73E-45E3-B35A-E7504CD29677}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{2515B78B-E502-4179-88AA-4E4EF9446B48}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{F0B5761F-AFDD-4B34-A871-76D3EE454234}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3054F035-E676-457B-9EF9-5B358AC1728A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9C415FB8-EF8C-4E7C-8F69-98F99658B33B}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{C4867658-C5FD-4B4E-BA67-D0BD286072BC}] => (Allow) C:\Users\Ahmed\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{2060A3A4-AFF0-490F-A1B2-78EBE2BD79ED}C:\users\ahmed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ahmed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C4D25590-930A-41E9-ABEF-2C9D786F076E}C:\users\ahmed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ahmed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{37533E6F-F452-4B54-B8D7-4BAAE8F984EB}C:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe] => (Allow) C:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe
FirewallRules: [UDP Query User{B92EED29-5DE1-4E3C-A662-86EDD563D05D}C:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe] => (Allow) C:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe
FirewallRules: [TCP Query User{6663546B-D7E5-4837-B673-AFC8C152CC44}C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe] => (Allow) C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe
FirewallRules: [UDP Query User{1A0328C6-C011-43D5-B364-90E9E10B232D}C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe] => (Allow) C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe
FirewallRules: [TCP Query User{17C79663-9693-4320-BE7F-FA3867701C19}C:\users\ahmed\downloads\microsoft toolkit.exe] => (Allow) C:\users\ahmed\downloads\microsoft toolkit.exe
FirewallRules: [UDP Query User{B563BD0C-ED4A-4EF9-B8B7-976339C8DB61}C:\users\ahmed\downloads\microsoft toolkit.exe] => (Allow) C:\users\ahmed\downloads\microsoft toolkit.exe
FirewallRules: [TCP Query User{8EF08D57-93C0-4676-ADB2-92312C665377}C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe] => (Allow) C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe
FirewallRules: [UDP Query User{C164544C-3BAE-4ADF-B716-1DB33771E9F3}C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe] => (Allow) C:\users\ahmed\desktop\dropbox\microsoft toolkit.exe
FirewallRules: [{1DA7B863-D766-40B9-9E91-6B142BC496DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA722812-AE89-4E96-8B7B-660EE94D5883}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{617807BF-AFD7-41EC-BEDC-B563BDBF9BF7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A32953EF-5DAA-411A-8185-1E58E0DF6B82}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EA55DF6B-10B6-45FD-AA4D-3A247247C999}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{69927EEC-1F9E-411E-8A4D-AA4F13143583}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4E893051-76ED-4E39-9009-D0E36BDFBED1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8F4AAC08-0B05-4DFD-95FD-F93BC0463A64}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6BD37C0D-D829-4F23-ACA6-A40A69A846CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1CCB88B9-B589-4981-A76D-DA658FF1A0F7}] => (Allow) C:\Users\Ahmed\AppData\Local\Temp\HP\OJ4500vG510g-m_Full_13_en\setup\hpznui40.exe
FirewallRules: [{32ACF12F-E19F-42E2-B4AF-356482B237EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4589CE71-A4AE-4373-97BE-032F968DC0E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{0086E96C-81D6-44F4-BFDE-8835613C1BA7}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F84A6EA6-9262-4D80-9286-203BCBB25D05}] => (Allow) C:\Users\Ahmed\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0BDF0EA-EFA6-4948-8855-3A90F63F8526}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{452005D1-4235-4FF7-AF27-535DE0B9AF58}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0790095A-3F57-45E4-8AAA-3952DD69F861}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{7DE288D6-C56D-4382-9162-2CFF89EBDFD1}] => (Allow) C:\Program Files\mapbox-studio\resources\app\vendor\node.exe
FirewallRules: [{51A8456E-BB98-40B2-8037-91254BE7B733}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{87F9E311-E4A7-4461-AC5D-3AA7AEFC0B74}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7932148-C010-4BA7-A13E-2F62401424FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DF3BFDB6-2E80-4342-8036-A92F94080B1C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{26D79712-24D6-45DC-92FF-69C7F7B456BE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A1D9C1E6-5934-40BB-8883-6495359DA68D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{537251BC-E2DA-4457-99A2-11633990E936}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{892AB9E2-4E69-4CD1-91EC-C32B17116AEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FE60C8D-F112-4527-88CC-E54AB388232F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B969D3BD-841E-4AF9-8F2B-BE9FEB548DFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{20695E81-CD3E-43D8-BD53-1E97F35E5B15}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{C67CC163-5F83-4137-880E-98ECCE0D6ED2}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [{ADC2F268-1B20-4A66-B09C-90F11C09CFEC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{16439454-D35A-478B-81F6-C40F7BA812C3}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
FirewallRules: [{36698AF9-AD27-4A78-8C6C-A7896C8D0BDA}] => (Allow) C:\Users\Ahmed\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet M4555 MFP
Description: HP LaserJet M4555 MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Designjet T2300
Description: HP Designjet T2300
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2016 03:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19126
 
Error: (03/07/2016 03:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19126
 
Error: (03/07/2016 03:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/07/2016 03:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18128
 
Error: (03/07/2016 03:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18128
 
Error: (03/07/2016 03:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/07/2016 03:01:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17129
 
Error: (03/07/2016 03:01:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17129
 
Error: (03/07/2016 03:01:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/07/2016 03:01:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16115
 
 
System errors:
=============
Error: (03/03/2016 09:36:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/27/2016 06:16:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/27/2016 06:14:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (02/27/2016 06:09:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/27/2016 06:07:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%2
 
Error: (02/27/2016 06:05:55 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (02/27/2016 06:05:52 PM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
 
Error: (02/27/2016 06:05:11 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (02/27/2016 05:32:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
 
Error: (02/26/2016 12:10:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-16 16:02:48.488
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-16 16:02:48.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:41:01.783
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:41:01.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:41:01.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:41:01.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:40:07.713
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:40:07.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:40:07.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-10-03 16:40:07.664
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 8139.86 MB
Available physical RAM: 3791.95 MB
Total Virtual: 20346.06 MB
Available Virtual: 13216.13 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:578.49 GB) (Free:208.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.39 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: D5226363)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=578.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#4
Essexboy
Posted 08 March 2016 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2016-02-16 18:53 - 2016-02-16 18:53 - 00000000 __HDC C:\ProgramData\{E54DB1D4-CC7D-414E-8BED-584C447836EA}
2016-02-16 18:46 - 2016-02-16 18:46 - 00000000 __HDC C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2016-02-16 18:45 - 2016-02-16 18:45 - 00000000 __HDC C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2016-02-15 17:42 - 2016-02-15 17:42 - 00000000 __HDC C:\ProgramData\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}
2016-02-15 15:49 - 2016-02-17 18:00 - 00000000 ___HD C:\ProgramData\{2F752DAC-F812-4497-9E91-D8701A4745CB}
2016-02-15 15:48 - 2016-02-18 14:01 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Kobigz
AlternateDataStreams: C:\Users\Ahmed\Local Settings:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Application Data:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temp:QlHfkLwD7sC2ruKsOnJNZSis [2326]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temporary Internet Files:qIMv6HXms16O280lUQpZausSzM [2394]
AlternateDataStreams: C:\ProgramData\Microsoft:B9luYKN8JV1DdbvMcnS [2098]
AlternateDataStreams: C:\ProgramData\Microsoft:bziNIvelVVIWG8Zoc31E [2328]
AlternateDataStreams: C:\ProgramData\Microsoft:D43ckA9xRqZThAtxrjMexr0 [2634]
AlternateDataStreams: C:\ProgramData\Microsoft:rDvylPmKYECUsSMmEdWVyWt [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:SWXVImA9KJP2xsMdTct35i1eonF8JF [2450]
AlternateDataStreams: C:\ProgramData\Microsoft:xduKw2Ij6EmZCTlDGG4k [2660]
C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Essexboy
Posted 08 March 2016 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops I forgot this bit

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
  • 0

#6
ahhhmeddd
Posted 08 March 2016 - 12:44 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Wow thanks for spotting that! I did notice something strange about chrome, all the extensions were gone but I wasn't sure if it was related. I'll post the results as soon as they're done. Thank you!
  • 0

#7
Essexboy
Posted 08 March 2016 - 12:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#8
ahhhmeddd
Posted 08 March 2016 - 01:41 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ahmed (2016-03-08 10:38:29) Run:1
Running from C:\Users\Ahmed\Desktop\antimal
Loaded Profiles: Ahmed (Available Profiles: Ahmed)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\285_286_4184_1_d4edc.rs"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
2016-02-16 18:53 - 2016-02-16 18:53 - 00000000 __HDC C:\ProgramData\{E54DB1D4-CC7D-414E-8BED-584C447836EA}
2016-02-16 18:46 - 2016-02-16 18:46 - 00000000 __HDC C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2016-02-16 18:45 - 2016-02-16 18:45 - 00000000 __HDC C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2016-02-15 17:42 - 2016-02-15 17:42 - 00000000 __HDC C:\ProgramData\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2}
2016-02-15 15:49 - 2016-02-17 18:00 - 00000000 ___HD C:\ProgramData\{2F752DAC-F812-4497-9E91-D8701A4745CB}
2016-02-15 15:48 - 2016-02-18 14:01 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Kobigz
AlternateDataStreams: C:\Users\Ahmed\Local Settings:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Application Data:QhY8tEiCxwvPNfVka1 [2136]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temp:QlHfkLwD7sC2ruKsOnJNZSis [2326]
AlternateDataStreams: C:\Users\Ahmed\AppData\Local\Temporary Internet Files:qIMv6HXms16O280lUQpZausSzM [2394]
AlternateDataStreams: C:\ProgramData\Microsoft:B9luYKN8JV1DdbvMcnS [2098]
AlternateDataStreams: C:\ProgramData\Microsoft:bziNIvelVVIWG8Zoc31E [2328]
AlternateDataStreams: C:\ProgramData\Microsoft:D43ckA9xRqZThAtxrjMexr0 [2634]
AlternateDataStreams: C:\ProgramData\Microsoft:rDvylPmKYECUsSMmEdWVyWt [2326]
AlternateDataStreams: C:\ProgramData\Microsoft:SWXVImA9KJP2xsMdTct35i1eonF8JF [2450]
AlternateDataStreams: C:\ProgramData\Microsoft:xduKw2Ij6EmZCTlDGG4k [2660]
C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt2" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt3" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt4" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt5" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt6" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt7" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt8" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
C:\ProgramData\{E54DB1D4-CC7D-414E-8BED-584C447836EA} => moved successfully
C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF} => moved successfully
C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A} => moved successfully
C:\ProgramData\{9E7BD413-9B42-4EEC-96F4-6FF3CF9791A2} => moved successfully
C:\ProgramData\{2F752DAC-F812-4497-9E91-D8701A4745CB} => moved successfully
C:\Users\Ahmed\AppData\Roaming\Kobigz => moved successfully
"C:\Users\Ahmed\Local Settings" => ":QhY8tEiCxwvPNfVka1" ADS not found.
C:\Users\Ahmed\AppData\Local => ":QhY8tEiCxwvPNfVka1" ADS removed successfully.
"C:\Users\Ahmed\AppData\Local\Application Data" => ":QhY8tEiCxwvPNfVka1" ADS not found.
C:\Users\Ahmed\AppData\Local\Temp => ":QlHfkLwD7sC2ruKsOnJNZSis" ADS removed successfully.
"C:\Users\Ahmed\AppData\Local\Temporary Internet Files" => ":qIMv6HXms16O280lUQpZausSzM" ADS not found.
C:\ProgramData\Microsoft => ":B9luYKN8JV1DdbvMcnS" ADS removed successfully.
C:\ProgramData\Microsoft => ":bziNIvelVVIWG8Zoc31E" ADS removed successfully.
C:\ProgramData\Microsoft => ":D43ckA9xRqZThAtxrjMexr0" ADS removed successfully.
C:\ProgramData\Microsoft => ":rDvylPmKYECUsSMmEdWVyWt" ADS removed successfully.
C:\ProgramData\Microsoft => ":SWXVImA9KJP2xsMdTct35i1eonF8JF" ADS removed successfully.
C:\ProgramData\Microsoft => ":xduKw2Ij6EmZCTlDGG4k" ADS removed successfully.

"C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" folder move:

Could not move "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" => Scheduled to move on reboot.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {84D980EA-1471-42C9-9877-7BB7E933C2A9}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 2.4 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-08 11:03:07)

"C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" => Could not move

==== End of Fixlog 11:03:08 ====


  • 0

#9
ahhhmeddd
Posted 08 March 2016 - 01:42 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 11:26:17
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ahmed - AHMED-HP
# Running from : C:\Users\Ahmed\Desktop\antimal\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\QuickSet
[-] Folder Deleted : C:\ProgramData\{3ce0aa40-c450-adc0-3ce0-0aa40c45a903}
[-] Folder Deleted : C:\Users\Ahmed\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] Folder Deleted : C:\Users\Ahmed\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] File Deleted : C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojhmphdkpgbibohbnpbfiefkgieacjmh

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\c7218a43-62dc-badb-09c2-56c691fc9b8c
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Ask&Record
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\PIP
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\websearch.searchtotal.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\allin1convert.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\televisionfanatic.dl.tb.ask.com
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\mobilegeni daemon
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\NextLive

***** [ Web browsers ] *****

[-] [C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\prefs.js] [Preference] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[-] [C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\prefs.js] [Preference] Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=0afce1ea0000000000000024d7db3335
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&ts=1432633838&z=c6d018ba49c4185bfc0f0b4g3z4cdo1q7c4c5b7z1m&from=wpc&uid=SAMSUNGXHM640JJ_S2AWJ1NB600956
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bejbohlohkkgompgecdcbbglkpjfjgdj
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : iabeihobmhlgpkcgjiloemdbofjbdcic
[-] [C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : niapdbllcanepiiimjjndipklodoedlc

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [14948 bytes] - [08/03/2016 11:26:17]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [14421 bytes] - [08/03/2016 11:18:40]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [15136 bytes] ##########


  • 0

#10
Essexboy
Posted 08 March 2016 - 02:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-install Chrome please and then run a fresh FRST scan, as the infected folder did not want to move
  • 0

Advertisements

#11
ahhhmeddd
Posted 08 March 2016 - 02:22 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ahmed (administrator) on AHMED-HP (08-03-2016 12:18:56)
Running from C:\Users\Ahmed\Desktop\antimal
Loaded Profiles: Ahmed (Available Profiles: Ahmed)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Denon DJ) C:\Program Files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-17] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [Dropbox Update] => C:\Users\Ahmed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-17] (AVAST Software)
Startup: C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ahmed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6BBD7C41-CC3A-4F17-B6D4-A83871B860EF}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E013E5E8-65A1-4D8E-9E2C-3A2236F8E9AE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EB1C81B6-A163-4BF3-94BF-2C61C37874BB}: [NameServer] 83.224.66.134 83.224.70.93
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> {7CD59ED9-0F17-4941-8838-13614384223C} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3886721561-2564760882-2778430979-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-17] (AVAST Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-17] (AVAST Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://home.fao.org/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?pid=20598&r=2015/05/26&hid=6134911927324705430&lg=EN&cc=IT&unqvl=88
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-09-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-09-30] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ahmed\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ahmed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-06-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3886721561-2564760882-2778430979-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ahmed\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-09-30] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-09-30] (RealPlayer)
FF Extension: Light Switch - C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\extensions\{600452e8-6851-46db-80fd-fa571b2deaa7}.xpi [2011-10-13] [not signed]
FF Extension: Google Shortcuts - C:\Users\Ahmed\AppData\Roaming\Mozilla\Firefox\Profiles\oor8krg6.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2011-10-13] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-16] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-31] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-03-08]
CHR Extension: (Adguard AdBlocker) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-03-08]
CHR Extension: (Google Photos) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-03-08]
CHR Extension: (Google Hangouts) - C:\Users\Ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-08]
CHR HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ahmed\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-04-17]
CHR HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
S4 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-17] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 DN-X1600AudioDevMon; C:\Program Files (x86)\Denon DJ\DN-X1600\AudioDevMon.exe [2382096 2015-10-07] (Denon DJ)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [51712 2009-10-15] (Apple Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-17] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-17] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-17] (AVAST Software)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [192000 2011-04-27] (© Guillemot R&D, 2010. All rights reserved.) [File not signed]
S3 DN-X1600; C:\Windows\System32\DRIVERS\DenonDJDN-X1600.sys [554256 2015-10-07] (Denon DJ)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [263168 2011-04-27] (© Guillemot R&D, 2010. All rights reserved.) [File not signed]
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [240640 2011-04-27] (© Guillemot R&D, 2011. All rights reserved.) [File not signed]
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2014-01-15] (KORG INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-21] (Corel Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 ta6avs; C:\Windows\System32\Drivers\ta6avs.sys [359784 2012-12-18] (Native Instruments GmbH)
S3 ta6usb_svc; C:\Windows\System32\Drivers\ta6usb.sys [78696 2012-12-18] (Native Instruments GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-17] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 vodafone_K3805-z_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [78336 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [88064 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cpo; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cpo.sys [13824 2010-09-01] (Vodafone)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [237056 2011-12-01] (ZTE Incorporated) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ONDAusbmdm6k; system32\DRIVERS\ONDAusbmdm6k.sys [X]
S3 ONDAusbnet; system32\DRIVERS\ONDAusbnet.sys [X]
S3 ONDAusbnmea; system32\DRIVERS\ONDAusbnmea.sys [X]
S3 ONDAusbser6k; system32\DRIVERS\ONDAusbser6k.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 11:57 - 2016-03-08 11:57 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-08 11:51 - 2016-03-08 11:51 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-08 11:18 - 2016-03-08 11:26 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-06 15:58 - 2016-03-06 15:58 - 01880888 _____ C:\Users\Ahmed\Desktop\CD COVER.pdf
2016-03-06 15:42 - 2016-03-06 15:58 - 07753554 _____ C:\Users\Ahmed\Desktop\CD COVER.psd
2016-03-03 10:46 - 2016-03-05 10:59 - 00000000 ____D C:\Users\Ahmed\AppData\Local\CrashDumps
2016-02-28 12:33 - 2014-05-21 11:20 - 07432578 _____ C:\Users\Ahmed\Desktop\DN-X1600_ownersmanual_english.pdf
2016-02-27 18:32 - 2016-02-27 18:32 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Denon DJ
2016-02-27 18:32 - 2016-02-27 18:32 - 00000000 ____D C:\ProgramData\Denon DJ
2016-02-27 18:00 - 2016-02-27 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Denon DJ
2016-02-27 17:58 - 2016-02-27 17:58 - 00000000 ____D C:\Program Files\Denon DJ
2016-02-27 17:58 - 2016-02-27 17:58 - 00000000 ____D C:\Program Files (x86)\Denon DJ
2016-02-27 17:56 - 2016-02-27 17:56 - 00000000 ____D C:\ProgramData\inMusic
2016-02-19 14:59 - 2016-03-08 10:55 - 00000000 ____D C:\Users\Ahmed\Desktop\Real Estate Newsletter
2016-02-19 09:49 - 2016-03-08 10:56 - 00000000 ____D C:\Users\Ahmed\Desktop\antimal
2016-02-18 12:04 - 2016-02-18 12:04 - 00000000 ____D C:\Users\Ahmed\Documents\Custom Office Templates
2016-02-17 21:07 - 2016-02-17 21:09 - 00246460 _____ C:\TDSSKiller.3.1.0.9_17.02.2016_21.07.46_log.txt
2016-02-17 19:42 - 2016-02-17 19:42 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 17:56 - 2016-02-17 17:56 - 02407609 ____H C:\Users\Ahmed\AppData\Local\IconCache.db.backup
2016-02-17 16:44 - 2016-02-17 18:57 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-17 16:44 - 2016-02-17 17:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-17 15:12 - 2016-03-08 12:18 - 00000000 ____D C:\FRST
2016-02-17 11:12 - 2016-02-17 11:12 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-17 11:12 - 2016-02-17 11:12 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-16 18:56 - 2016-02-16 19:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-16 16:34 - 2016-02-16 16:38 - 00246470 _____ C:\TDSSKiller.3.1.0.9_16.02.2016_16.34.28_log.txt
2016-02-16 16:33 - 2016-02-16 18:07 - 00000000 ____D C:\EEK
2016-02-16 16:11 - 2016-02-16 16:11 - 00054674 _____ C:\ComboFix.txt
2016-02-16 15:32 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-16 15:32 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-16 15:32 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-16 15:32 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-16 15:31 - 2016-02-16 16:11 - 00000000 ____D C:\Qoobox
2016-02-16 15:28 - 2016-02-16 16:07 - 00000000 ____D C:\Windows\erdnt
2016-02-16 03:20 - 2016-02-17 20:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 03:20 - 2016-02-16 18:55 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-16 03:20 - 2016-02-16 03:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-16 03:20 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-16 03:20 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-16 02:52 - 2016-02-16 18:19 - 00000000 ____D C:\Users\Ahmed\AppData\LocalLow\uTorrent
2016-02-15 22:47 - 2016-02-15 22:47 - 00378408 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-02-15 17:41 - 2016-02-15 17:41 - 00000000 ____D C:\Backup
2016-02-15 16:01 - 2016-02-15 16:01 - 00000000 ____D C:\Program Files\Movie Maker
2016-02-15 16:01 - 2016-02-15 16:01 - 00000000 ____D C:\drmsoft
2016-02-09 17:17 - 2016-02-11 12:49 - 00000000 ___RD C:\Users\Ahmed\Desktop\first track Project
2016-02-09 11:14 - 2016-02-06 02:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 11:14 - 2016-02-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 11:14 - 2016-02-06 02:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 11:14 - 2016-02-06 02:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 11:14 - 2016-02-06 02:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 11:14 - 2016-02-06 02:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-09 11:14 - 2016-02-06 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-09 11:14 - 2016-02-06 01:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 11:14 - 2016-02-06 01:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-09 11:14 - 2016-02-06 01:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-09 11:14 - 2016-02-06 01:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 11:14 - 2016-02-06 01:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-09 11:14 - 2016-02-06 01:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 11:14 - 2016-02-06 00:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 11:14 - 2016-01-22 12:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-09 11:14 - 2016-01-22 12:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-09 11:14 - 2016-01-21 22:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-09 11:14 - 2016-01-21 22:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 11:14 - 2016-01-21 22:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-09 11:14 - 2016-01-21 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-09 11:14 - 2016-01-21 22:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 11:14 - 2016-01-21 22:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-09 11:14 - 2016-01-21 22:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-09 11:14 - 2016-01-21 22:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-09 11:14 - 2016-01-21 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-09 11:14 - 2016-01-21 22:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 11:14 - 2016-01-21 22:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-09 11:14 - 2016-01-21 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-09 11:14 - 2016-01-21 22:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-09 11:14 - 2016-01-21 22:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 11:14 - 2016-01-21 22:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-09 11:14 - 2016-01-21 22:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-09 11:14 - 2016-01-21 22:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-09 11:14 - 2016-01-21 22:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-09 11:14 - 2016-01-21 22:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-09 11:14 - 2016-01-21 21:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-09 11:14 - 2016-01-21 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-09 11:14 - 2016-01-21 21:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-09 11:14 - 2016-01-21 21:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-09 11:14 - 2016-01-21 21:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-09 11:14 - 2016-01-21 21:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-09 11:14 - 2016-01-21 21:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 11:14 - 2016-01-21 21:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 11:14 - 2016-01-21 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-09 11:14 - 2016-01-21 21:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-09 11:14 - 2016-01-21 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-09 11:14 - 2016-01-21 21:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-09 11:14 - 2016-01-21 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-09 11:14 - 2016-01-21 21:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-09 11:14 - 2016-01-21 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-09 11:14 - 2016-01-21 21:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-09 11:14 - 2016-01-21 21:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-09 11:14 - 2016-01-21 21:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 11:14 - 2016-01-21 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-09 11:14 - 2016-01-21 21:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-09 11:14 - 2016-01-21 21:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-09 11:14 - 2016-01-21 21:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-09 11:14 - 2016-01-21 21:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-09 11:14 - 2016-01-21 21:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 11:14 - 2016-01-21 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-09 11:14 - 2016-01-16 11:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 11:14 - 2016-01-16 10:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 11:14 - 2016-01-11 06:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 11:14 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 11:14 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 11:13 - 2016-01-16 11:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 11:13 - 2016-01-16 10:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 11:13 - 2016-01-11 11:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 11:13 - 2016-01-11 10:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 11:13 - 2016-01-11 10:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 11:13 - 2016-01-11 10:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 11:13 - 2016-01-11 10:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 11:13 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 11:13 - 2016-01-11 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 11:13 - 2016-01-11 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 11:13 - 2016-01-11 10:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 11:13 - 2016-01-11 10:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 11:13 - 2016-01-07 09:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 11:13 - 2016-01-07 09:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 11:13 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 11:13 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 11:13 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 11:12 - 2016-01-21 22:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 11:12 - 2016-01-21 22:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 11:12 - 2016-01-21 22:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 11:12 - 2016-01-21 22:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 11:12 - 2016-01-21 22:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 11:12 - 2016-01-21 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 11:12 - 2016-01-21 22:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 11:12 - 2016-01-21 22:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 11:12 - 2016-01-21 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 11:12 - 2016-01-21 22:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 11:12 - 2016-01-21 22:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 11:12 - 2016-01-21 22:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 22:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 11:12 - 2016-01-21 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 11:12 - 2016-01-21 22:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 11:12 - 2016-01-21 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 11:12 - 2016-01-21 22:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 11:12 - 2016-01-21 22:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 11:12 - 2016-01-21 22:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 21:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 11:12 - 2016-01-21 21:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 11:12 - 2016-01-21 21:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 11:12 - 2016-01-21 21:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 11:12 - 2016-01-21 20:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 11:12 - 2016-01-21 20:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 11:12 - 2016-01-21 20:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 11:12 - 2016-01-21 20:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 11:12 - 2016-01-21 20:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 11:12 - 2016-01-21 20:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 11:12 - 2016-01-21 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 11:12 - 2016-01-21 20:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 11:12 - 2016-01-21 20:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 11:11 - 2016-01-21 22:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 11:11 - 2016-01-21 22:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 11:11 - 2016-01-21 22:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 11:11 - 2016-01-21 22:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 11:11 - 2016-01-21 22:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 11:11 - 2016-01-21 21:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 11:11 - 2016-01-21 21:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 11:11 - 2016-01-21 21:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 12:18 - 2012-11-29 00:28 - 00000000 ____D C:\Users\Ahmed\Documents\Outlook Files
2016-03-08 11:55 - 2015-10-25 13:20 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-08 11:51 - 2011-09-11 20:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-08 11:50 - 2015-09-15 16:35 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Deployment
2016-03-08 11:45 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 11:45 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 11:33 - 2015-02-27 00:16 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-03-08 11:32 - 2012-07-11 01:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-08 11:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 11:26 - 2014-05-07 00:51 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Yahoo!
2016-03-08 11:23 - 2015-12-10 11:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13382d806114a.job
2016-03-08 11:07 - 2009-07-13 21:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-08 11:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-03-08 10:56 - 2015-12-10 11:42 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3886721561-2564760882-2778430979-1000Core1d13382d7c97c97.job
2016-03-08 10:55 - 2013-12-10 01:58 - 00000000 ____D C:\Users\Ahmed\Desktop\IFAD
2016-03-08 10:39 - 2011-09-04 08:49 - 00000000 ____D C:\Users\Ahmed\AppData\LocalLow\Temp
2016-03-08 10:04 - 2011-09-06 12:18 - 00000000 ____D C:\Users\Ahmed\Documents\Youcam
2016-03-04 10:28 - 2011-09-23 14:06 - 00000000 ____D C:\Users\Ahmed\AppData\Local\ElevatedDiagnostics
2016-03-04 10:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-27 18:17 - 2013-06-06 23:21 - 00000000 ___RD C:\Users\Ahmed\Desktop\Dropbox
2016-02-27 18:16 - 2012-11-02 06:42 - 00000000 ____D C:\Users\Ahmed\AppData\Roaming\Dropbox
2016-02-27 18:12 - 2013-04-17 01:35 - 00000000 ___RD C:\Users\Ahmed\Google Drive
2016-02-27 17:56 - 2014-07-01 05:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 11:36 - 2015-04-05 16:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 11:36 - 2015-04-05 16:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-23 11:15 - 2011-09-05 06:32 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-19 09:57 - 2015-06-11 14:57 - 00000803 _____ C:\Users\Ahmed\Desktop\werkkk.txt
2016-02-17 18:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Vss
2016-02-17 16:54 - 2012-05-08 07:45 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Downloaded Installations
2016-02-17 16:48 - 2015-09-22 11:01 - 00021295 _____ C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.EML
2016-02-17 15:58 - 2012-07-22 23:24 - 00000000 ____D C:\Users\Ahmed\AppData\Local\Apps\2.0
2016-02-17 15:25 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-17 15:14 - 2014-05-07 00:51 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-02-17 14:52 - 2014-01-28 05:18 - 00007603 _____ C:\Users\Ahmed\AppData\Local\Resmon.ResmonCfg
2016-02-17 13:01 - 2012-07-23 22:59 - 00000000 ____D C:\Users\Ahmed\Documents\CV
2016-02-17 11:56 - 2012-07-11 23:09 - 00000000 ____D C:\Users\Ahmed\Documents\FINANCES
2016-02-17 11:40 - 2012-05-01 05:58 - 03246444 _____ C:\Windows\ntbtlog.txt
2016-02-17 11:16 - 2013-03-14 07:21 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-17 11:12 - 2014-05-13 00:14 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-17 11:12 - 2014-01-05 02:53 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-17 11:12 - 2013-03-14 07:21 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-17 11:12 - 2012-02-25 01:29 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-17 11:12 - 2011-09-05 06:32 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-17 11:11 - 2011-09-05 06:32 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-17 10:44 - 2016-01-30 17:42 - 00000000 ____D C:\Users\Ahmed\Desktop\mark sculptures
2016-02-16 18:48 - 2014-04-09 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-02-16 18:46 - 2011-09-06 03:39 - 00000000 ____D C:\Program Files\Native Instruments
2016-02-16 18:46 - 2011-09-06 03:39 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-02-16 18:39 - 2012-01-16 05:34 - 00000000 ____D C:\Users\Ahmed\Downloads\software
2016-02-16 16:05 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-02-16 11:50 - 2015-05-25 04:51 - 00000034 _____ C:\Users\Ahmed\AppData\Roaming\AdobeWLCMCache.dat
2016-02-16 09:06 - 2015-10-25 13:20 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-02-16 09:06 - 2014-03-14 05:09 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-16 09:06 - 2013-12-11 04:39 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-16 09:06 - 2013-11-14 06:42 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2016-02-16 09:06 - 2011-09-04 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-16 09:06 - 2009-07-13 20:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-16 09:05 - 2016-01-25 12:04 - 00000829 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-02-16 09:05 - 2013-10-17 00:17 - 00001417 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-16 09:05 - 2013-03-18 01:06 - 00000881 _____ C:\Users\Ahmed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-02-16 09:05 - 2009-07-13 21:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-16 09:05 - 2009-07-13 20:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-16 09:04 - 2016-01-25 12:04 - 00001034 _____ C:\Users\Ahmed\Desktop\Start Tor Browser.lnk
2016-02-16 09:04 - 2013-04-17 01:35 - 00001709 _____ C:\Users\Ahmed\Desktop\Google Drive.lnk
2016-02-15 22:58 - 2011-09-04 06:42 - 00378408 _____ C:\Users\Ahmed\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-15 22:47 - 2009-07-13 20:45 - 07302936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-15 18:36 - 2013-12-08 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-15 18:36 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-11 17:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-02-09 19:29 - 2014-12-12 01:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-09 19:29 - 2014-05-06 23:50 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-09 19:13 - 2013-07-15 23:12 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 19:00 - 2011-09-04 17:55 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-09 18:55 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2016-02-09 18:43 - 2011-05-18 18:17 - 00779276 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-09 17:20 - 2014-05-07 00:39 - 00205212 _____ C:\Windows\hpwins26.dat
 
==================== Files in the root of some directories =======
 
2011-12-31 08:27 - 2011-12-31 08:27 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-07-19 07:09 - 2012-07-20 02:13 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2012-11-06 06:31 - 2015-05-04 08:30 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2011-09-06 16:41 - 2012-07-20 03:25 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-23 03:16 - 2015-05-18 07:18 - 0000132 _____ () C:\Users\Ahmed\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-05-25 04:51 - 2016-02-16 11:50 - 0000034 _____ () C:\Users\Ahmed\AppData\Roaming\AdobeWLCMCache.dat
2015-09-22 11:33 - 2015-09-22 12:48 - 0037929 _____ () C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.ADR
2015-09-22 11:01 - 2016-02-17 16:48 - 0021295 _____ () C:\Users\Ahmed\AppData\Roaming\Comma Separated Values.EML
2011-09-18 05:22 - 2012-05-17 09:09 - 0002380 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.Desktop.Exception.log
2011-09-18 05:19 - 2013-09-13 01:19 - 0002021 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-18 05:22 - 2012-05-17 09:09 - 0000308 _____ () C:\Users\Ahmed\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-09-20 01:49 - 2011-09-20 01:49 - 0001456 _____ () C:\Users\Ahmed\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-08-07 23:34 - 2015-02-19 03:45 - 0001456 _____ () C:\Users\Ahmed\AppData\Local\Adobe Save for Web 13.0 Prefs
2011-09-04 12:05 - 2013-04-25 04:11 - 0009216 _____ () C:\Users\Ahmed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-23 10:39 - 2011-11-23 10:39 - 0002425 _____ () C:\Users\Ahmed\AppData\Local\FastClean.20111123.193949.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0002264 _____ () C:\Users\Ahmed\AppData\Local\IWDAudHelper.20111123.194029.txt
2011-11-23 10:40 - 2011-11-23 10:41 - 0048842 _____ () C:\Users\Ahmed\AppData\Local\IWDAudHelper.20111123.194047.txt
2013-09-02 01:00 - 2013-09-02 01:00 - 0004096 ____H () C:\Users\Ahmed\AppData\Local\keyfile3.drm
2011-11-23 10:39 - 2011-11-23 10:39 - 0000673 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.193956.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001682 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194002.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0000673 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194011.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001229 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194028.txt
2011-11-23 10:40 - 2011-11-23 10:40 - 0001247 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20111123.194040.txt
2014-02-06 00:03 - 2014-02-06 00:03 - 0001655 _____ () C:\Users\Ahmed\AppData\Local\PDLSetup.20140206.090331.txt
2013-12-19 01:22 - 2013-12-19 01:22 - 0000218 _____ () C:\Users\Ahmed\AppData\Local\recently-used.xbel
2014-01-28 05:18 - 2016-02-17 14:52 - 0007603 _____ () C:\Users\Ahmed\AppData\Local\Resmon.ResmonCfg
2015-05-27 23:29 - 2015-05-27 23:29 - 0000000 _____ () C:\Users\Ahmed\AppData\Local\Temp.dat
2014-05-07 00:05 - 2016-02-09 17:19 - 0003620 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Ahmed\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-11 16:52
 
==================== End of FRST.txt ============================

  • 0

#12
Essexboy
Posted 08 March 2016 - 03:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If this one fails I will need to use a stronger tool

Run this fix from safe mode please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#13
ahhhmeddd
Posted 08 March 2016 - 03:56 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you. I had to leave so I won't be able to perform the fix right at the moment. I will respond back to you first thing tomorrow. Thanks for your help so far and we'll talk soon.

Ahmed
  • 0

#14
ahhhmeddd
Posted 08 March 2016 - 07:58 PM

ahhhmeddd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi, I'm back! here is the FRST fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ahmed (2016-03-08 17:44:10) Run:2
Running from C:\Users\Ahmed\Desktop\antimal
Loaded Profiles: Ahmed (Available Profiles: Ahmed)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\Run: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect\288_289_1284_3_232fb.rs"
C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect
EmptyTemp:
*****************
 
Error: Restore point can only be created in normal mode.
HKU\S-1-5-21-3886721561-2564760882-2778430979-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\WinResSync => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WinResSync => value removed successfully
 
"C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" folder move:
 
Could not move "C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" => Scheduled to move on reboot.
 
EmptyTemp: => 152.9 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-08 17:47:46)
 
"C:\Users\Ahmed\AppData\Roaming\Microsoft\Protect" => Could not move
 
==== End of Fixlog 17:47:46 ====

  • 0

#15
Essexboy
Posted 09 March 2016 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that did not want to go... Bigger hammer time

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP