Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Hacked [Closed]

Started by bhzendner , Jun 17 2016 02:49 PM

hacked malware

This topic is locked

#1
bhzendner

Posted 17 June 2016 - 02:49 PM

Member

Member
226 posts

I am told someone took payroll data off this machine, found some malware but nothing that bad, help can we dig deeper?

Windows 7 Ultimate, have run Superantispyware, Malwarebytes, ...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01

Ran by Imad (administrator) on IMAD-HP (17-06-2016 14:01:23)

Running from C:\Users\Imad\Downloads

Loaded Profiles: Imad (Available Profiles: Imad & COS)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

() C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe

(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe

(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

(Memeo Inc.) C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)

HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.)

HKLM-x32\...\Run: [Memeo Send] => C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [236816 2009-11-04] ()

HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()

HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.)

HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)

HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] <==== ATTENTION

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\...\MountPoints2: {1a86c09a-3120-11e3-9447-806e6f6e6963} - E:\AUTORUN.exe

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100 Smart Wizard.lnk [2011-07-21]

ShortcutTarget: NETGEAR WNDA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-04-21]

ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{E44903B9-ACD5-4B35-B425-14AA395ED373}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:

==================

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKLM -> DefaultScope {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> DefaultScope {1EE6AD67-E1B2-47D9-88B5-4DD33EE5AE5C} URL =

SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {22AF4F20-8451-4D2A-A321-47B28C89ED3C} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {4BB1282C-C04B-4501-8349-8B816E09D5A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {5DEFC874-1F48-4B1E-8B2D-78AD0E433EF7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> {79588D8D-6EBF-4361-9460-B0DA0022B265} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-27] (Sun Microsystems, Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO-x32: No Name -> {912C156F-05CF-4B62-851A-96E167A677B0} -> No File

BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-27] (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File

Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File

Toolbar: HKU\S-1-5-21-1996245975-2301006141-3792022614-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-02-27] (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [No File]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-20] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1996245975-2301006141-3792022614-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [No File]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox => not found

Chrome:

=======

CHR Profile: C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]

CHR Extension: (Google Search) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]

CHR Extension: (No Name) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-10]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]

CHR Extension: (Gmail) - C:\Users\Imad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-04-09] (SUPERAntiSpyware.com)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2014-05-20] (Two Pilots) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-20] (Macrovision Europe Ltd.) [File not signed]

R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-06-07] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)

R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)

R2 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-05] (AVG Technologies)

S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)

S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)

S4 LMIRfsClientNP; no ImagePath

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-17] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))

R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 WNDA3100; C:\Windows\System32\DRIVERS\WNDA31w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 13:59 - 2016-06-17 14:03 - 00022207 _____ C:\Users\Imad\Downloads\FRST.txt

2016-06-17 13:59 - 2016-06-17 14:00 - 00000000 ____D C:\FRST

2016-06-17 13:57 - 2016-06-17 13:57 - 02386944 _____ (Farbar) C:\Users\Imad\Downloads\FRST64 (1).exe

2016-06-17 13:52 - 2016-06-17 13:52 - 02386944 _____ (Farbar) C:\Users\Imad\Downloads\FRST64.exe

2016-06-16 22:39 - 2016-06-06 09:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2016-06-16 22:39 - 2016-06-06 09:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2016-06-16 22:39 - 2016-06-03 06:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2016-06-16 22:39 - 2016-05-27 06:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2016-06-16 22:39 - 2016-05-27 06:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2016-06-16 22:39 - 2016-05-27 06:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2016-06-16 22:39 - 2016-05-27 06:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2016-06-16 22:39 - 2016-05-22 06:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2016-06-16 22:39 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-06-16 22:39 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-06-16 22:39 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2016-06-16 22:39 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2016-06-16 22:39 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2016-06-16 22:39 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2016-06-16 22:39 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2016-06-16 22:39 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2016-06-16 22:39 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2016-06-16 22:39 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2016-06-16 22:39 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2016-06-16 22:39 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2016-06-16 22:39 - 2016-05-12 10:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-06-16 22:39 - 2016-05-12 10:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-06-16 22:39 - 2016-05-12 10:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-06-16 22:39 - 2016-05-12 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-06-16 22:39 - 2016-05-12 10:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-06-16 22:39 - 2016-05-12 10:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-06-16 22:39 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-06-16 22:39 - 2016-05-12 10:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-06-16 22:39 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2016-06-16 22:39 - 2016-05-12 08:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-06-16 22:39 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2016-06-16 22:39 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2016-06-16 22:39 - 2016-05-12 07:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-06-16 22:39 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2016-06-16 22:39 - 2016-05-12 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-06-16 22:39 - 2016-05-12 07:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-06-16 22:39 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-06-16 22:39 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-06-16 22:39 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-06-16 22:39 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-06-16 22:39 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2016-06-16 22:39 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2016-06-16 22:38 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-06-16 22:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2016-06-16 22:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-06-16 22:38 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-06-16 22:38 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-06-16 22:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-06-16 22:38 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-06-16 22:38 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-06-16 22:38 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-06-16 22:38 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-06-16 22:38 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-06-16 22:38 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-06-16 22:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-06-16 22:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2016-06-16 22:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2016-06-16 22:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-06-16 22:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2016-06-16 22:38 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-06-16 22:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-06-16 22:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-06-16 22:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2016-06-16 22:38 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-06-16 22:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-06-16 22:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-06-16 22:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-06-16 22:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2016-06-16 22:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-06-16 22:38 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-06-16 22:38 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2016-06-16 22:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-06-16 22:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-06-16 22:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2016-06-16 22:38 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-06-16 22:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2016-06-16 22:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-06-16 22:38 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-06-16 22:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-06-16 22:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2016-06-16 22:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-06-16 22:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2016-06-16 22:38 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-06-16 22:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-06-16 22:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-06-16 22:38 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-06-16 22:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2016-06-16 22:38 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-06-16 22:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-06-16 22:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-06-16 22:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-06-16 22:38 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-06-16 22:38 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-06-16 22:38 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll

2016-06-16 22:38 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll

2016-06-16 22:38 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL

2016-06-16 22:38 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll

2016-06-16 22:38 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll

2016-06-16 22:38 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll

2016-06-16 22:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll

2016-06-16 22:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll

2016-06-16 22:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll

2016-06-16 22:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll

2016-06-16 22:38 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-06-16 22:38 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll

2016-06-16 22:38 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

2016-06-16 22:38 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2016-06-16 22:38 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll

2016-06-16 22:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll

2016-06-16 22:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

2016-06-16 22:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2016-06-16 22:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll

2016-06-16 22:38 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe

2016-06-16 22:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe

2016-06-16 22:38 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys

2016-06-16 22:38 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2016-06-16 22:38 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2016-06-16 22:38 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2016-06-16 22:38 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2016-06-16 22:38 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2016-06-16 22:38 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll

2016-06-16 22:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2016-06-16 22:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2016-06-16 22:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2016-06-16 22:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll

2016-06-16 22:38 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2016-06-16 22:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

2016-06-16 22:38 - 2016-04-08 23:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2016-06-16 22:38 - 2016-04-08 23:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2016-06-16 22:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2016-06-16 22:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2016-06-16 22:38 - 2016-04-08 22:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2016-06-16 22:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2016-06-16 22:38 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

2016-06-16 22:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll

2016-06-16 22:37 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-06-16 22:37 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-06-16 22:37 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-06-16 22:37 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-06-16 22:37 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-06-16 22:37 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-06-16 22:37 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-06-16 22:37 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-06-16 22:37 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-06-16 22:37 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-06-16 22:37 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-06-16 22:37 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-06-16 22:37 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-06-16 22:37 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-06-16 22:37 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-06-16 12:27 - 2016-06-07 13:17 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

2016-06-16 12:01 - 2016-06-16 12:01 - 00000000 ____D C:\$SysReset

2016-06-10 15:38 - 2016-06-10 15:38 - 00197673 _____ C:\Users\Imad\Downloads\SP_Deposit-Account-Vertification_Sept_4.pdf

2016-06-08 12:16 - 2016-06-08 12:16 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s (1).pdf

2016-06-08 12:15 - 2016-06-08 12:15 - 00132295 _____ C:\Users\Imad\Downloads\34B4W2s.pdf

2016-06-07 18:54 - 2016-06-07 18:54 - 00008192 _____ C:\Windows\system32\config\userdiff

2016-06-07 17:22 - 2016-06-07 18:45 - 00014263 _____ C:\Windows\diagerr.xml

2016-06-07 17:22 - 2016-06-07 18:45 - 00013338 _____ C:\Windows\diagwrn.xml

2016-05-31 13:13 - 2016-06-17 03:19 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2016-05-31 13:13 - 2016-06-07 13:17 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll

2016-05-31 13:13 - 2016-05-31 13:13 - 00000000 ____D C:\Users\Imad\AppData\Local\LogMeIn

2016-05-31 13:13 - 2015-10-13 08:29 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr.dll

2016-05-31 13:13 - 2015-10-13 08:29 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\LMImirr2.dll

2016-05-31 13:13 - 2015-10-13 08:29 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMImirr.sys

2016-05-31 13:13 - 2015-06-15 09:14 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys

2016-05-31 13:09 - 2016-05-31 13:09 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn (1).msi

2016-05-31 13:05 - 2016-05-31 13:05 - 23113728 _____ C:\Users\Imad\Downloads\LogMeIn.msi

2016-05-27 12:27 - 2016-05-27 12:27 - 00007628 _____ C:\Users\Imad\AppData\Local\Resmon.ResmonCfg

2016-05-26 17:22 - 2016-05-26 17:22 - 00314506 _____ C:\Users\Imad\Documents\cc_20160526_172211.reg

2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ C:\Program Files (x86)\GUT912B.tmp

2016-05-26 14:36 - 2016-05-26 14:36 - 00000000 ____D C:\Program Files (x86)\GUM910B.tmp

2016-05-26 14:33 - 2016-05-26 14:35 - 06893688 _____ (Piriform Ltd) C:\Users\Imad\Downloads\ccsetup518.exe

2016-05-26 14:22 - 2016-05-26 14:22 - 00000000 ____D C:\SUPERDelete

2016-05-20 21:45 - 2016-03-09 11:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2016-05-20 21:45 - 2016-03-09 11:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2016-05-20 21:44 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2016-05-20 21:44 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2016-05-20 21:44 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2016-05-20 21:43 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2016-05-20 21:43 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2016-05-20 21:43 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2016-05-20 21:41 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2016-05-20 21:41 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-05-20 21:41 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2016-05-20 21:41 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-05-20 21:41 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-05-20 21:41 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-05-20 21:41 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2016-05-20 21:41 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2016-05-20 21:41 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2016-05-20 21:41 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-05-20 21:41 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-05-20 21:41 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-05-20 21:41 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-05-20 21:41 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-05-20 21:41 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-05-20 21:41 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-05-20 21:41 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-05-20 21:41 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-05-20 21:40 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2016-05-20 21:40 - 2016-04-08 20:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 13:54 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-06-17 13:54 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-06-17 13:49 - 2015-04-09 14:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-06-17 13:40 - 2013-10-08 14:33 - 00000000 ____D C:\ProgramData\LogMeIn

2016-06-17 13:17 - 2014-07-29 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-06-17 13:05 - 2012-07-24 14:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-06-17 12:21 - 2015-10-30 02:42 - 00000000 ___HD C:\$WINDOWS.~BT

2016-06-17 12:21 - 2012-07-24 14:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-06-17 03:25 - 2012-07-24 14:41 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-06-17 03:25 - 2012-07-24 14:41 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-06-17 03:16 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-06-17 03:15 - 2009-07-13 21:45 - 00280544 _____ C:\Windows\system32\FNTCACHE.DAT

2016-06-17 03:12 - 2014-12-10 04:49 - 00000000 ____D C:\Windows\system32\appraiser

2016-06-17 03:10 - 2013-10-10 03:06 - 00000000 ____D C:\Windows\system32\MRT

2016-06-17 03:05 - 2013-10-10 03:06 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-06-16 13:10 - 2015-04-09 14:50 - 00000000 ____D C:\Users\COS

2016-06-16 13:10 - 2013-04-24 14:19 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2016-06-16 13:10 - 2013-03-20 03:02 - 00000000 ____D C:\Windows\system32\SPReview

2016-06-16 13:10 - 2013-03-20 03:00 - 00000000 ____D C:\Windows\system32\EventProviders

2016-06-16 13:10 - 2013-01-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

2016-06-16 13:10 - 2011-06-25 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\Users\Imad

2016-06-16 13:10 - 2011-06-25 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides

2016-06-16 13:10 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2016-06-16 13:10 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Downloaded Program Files

2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media

2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF

2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports

2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf

2016-06-16 13:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help

2016-06-16 13:09 - 2015-08-22 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat

2016-06-16 13:09 - 2015-04-09 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2

2016-06-16 13:09 - 2015-04-09 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-06-16 13:09 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-06-16 13:09 - 2012-12-16 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard

2016-06-16 13:09 - 2012-11-28 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo

2016-06-16 13:09 - 2012-10-31 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2016-06-16 13:09 - 2012-07-24 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

2016-06-16 13:09 - 2012-07-24 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-06-16 13:09 - 2012-07-24 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2016-06-16 13:09 - 2012-07-24 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!

2016-06-16 13:09 - 2011-09-09 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011

2016-06-16 13:09 - 2011-07-21 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100 Adapter

2016-06-16 13:09 - 2011-07-20 09:52 - 00000000 ____D C:\ProgramData\HP

2016-06-16 13:09 - 2011-04-21 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders

2016-06-16 13:09 - 2011-04-21 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

2016-06-16 13:09 - 2011-04-21 09:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services

2016-06-16 13:09 - 2011-04-21 09:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager

2016-06-16 13:09 - 2011-04-21 09:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies

2016-06-16 13:09 - 2011-04-21 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete

2016-06-16 13:09 - 2011-04-21 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2016-06-16 13:09 - 2011-04-21 09:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools

2016-06-16 13:09 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-06-16 13:09 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2016-06-16 12:22 - 2012-07-24 14:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2016-06-16 12:02 - 2011-12-01 08:40 - 00000000 ____D C:\Users\Imad\AppData\Roaming\SoftGrid Client

2016-06-15 13:40 - 2011-09-09 15:32 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2016-06-08 12:02 - 2013-10-08 14:33 - 00001024 _____ C:\.rnd

2016-06-07 18:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration

2016-06-07 18:44 - 2015-08-22 12:03 - 00003212 _____ C:\Windows\System32\Tasks\{8EE2A088-684C-455F-B285-3584916727C3}

2016-06-07 18:44 - 2014-09-11 14:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad5 Merge

2016-06-07 18:44 - 2014-09-11 10:55 - 00003990 _____ C:\Windows\System32\Tasks\Imad5

2016-06-07 18:44 - 2014-09-11 10:52 - 00003820 _____ C:\Windows\System32\Tasks\Imad4 Merge

2016-06-07 18:44 - 2014-09-11 10:52 - 00003804 _____ C:\Windows\System32\Tasks\Imad4

2016-06-07 18:44 - 2014-08-17 11:58 - 00003990 _____ C:\Windows\System32\Tasks\Imad3

2016-06-07 18:44 - 2014-08-17 11:58 - 00003820 _____ C:\Windows\System32\Tasks\Imad3 Merge

2016-06-07 18:44 - 2014-08-15 15:00 - 00003820 _____ C:\Windows\System32\Tasks\Imad2 Merge

2016-06-07 18:44 - 2014-08-15 10:56 - 00003990 _____ C:\Windows\System32\Tasks\Imad2

2016-06-07 18:44 - 2014-08-14 11:56 - 00003820 _____ C:\Windows\System32\Tasks\Imad1 Merge

2016-06-07 18:44 - 2014-08-14 11:54 - 00003990 _____ C:\Windows\System32\Tasks\Imad1

2016-06-07 18:44 - 2014-08-14 11:53 - 00003818 _____ C:\Windows\System32\Tasks\Imad Merge

2016-06-07 18:44 - 2014-08-14 11:53 - 00003802 _____ C:\Windows\System32\Tasks\Imad

2016-06-07 18:44 - 2014-08-14 11:52 - 00003594 _____ C:\Windows\System32\Tasks\Imad DBAgent 2 0

2016-06-07 18:44 - 2014-08-14 11:51 - 00003606 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch

2016-06-07 18:44 - 2014-08-01 12:49 - 00003706 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6700

2016-06-07 18:44 - 2014-07-29 12:42 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-06-07 18:44 - 2013-02-04 14:03 - 00003694 _____ C:\Windows\System32\Tasks\mxsjydwwoupd

2016-06-07 18:44 - 2012-07-24 14:43 - 00002880 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2016-06-07 18:44 - 2012-07-24 14:40 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-06-07 18:44 - 2012-07-24 14:40 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-06-07 18:44 - 2011-07-21 09:16 - 00004028 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C2A4FB7-FAC9-4E14-948D-0554338DD147}

2016-06-07 18:44 - 2011-06-25 17:52 - 00003852 _____ C:\Windows\System32\Tasks\RecoveryCDWin7

2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop

2016-06-07 18:34 - 2011-04-21 10:11 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop

2016-06-07 17:18 - 2009-07-24 12:22 - 00000000 ____D C:\Windows\Panther

2016-06-07 16:03 - 2011-11-28 22:03 - 00000000 ____D C:\Users\Imad\AppData\Local\CrashDumps

2016-06-07 13:18 - 2013-10-08 14:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn

2016-06-02 13:02 - 2012-01-26 10:41 - 00000000 ____D C:\Users\Imad\Documents\New Dawn Eldercare

2016-05-31 13:07 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2016-05-31 12:59 - 2013-10-08 14:23 - 00000000 ____D C:\Users\Imad\AppData\Local\Deployment

2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2016-05-29 03:00 - 2015-04-04 03:02 - 00000000 ___SD C:\Windows\system32\GWX

2016-05-28 13:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors

2016-05-26 14:38 - 2012-07-24 14:43 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-05-26 14:28 - 2012-08-23 10:06 - 00000000 ____D C:\temp

2016-05-26 14:25 - 2015-04-09 14:53 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-26 14:25 - 2015-04-09 14:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-05-21 13:17 - 2012-07-24 14:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-05-21 13:17 - 2011-07-21 09:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-05-21 05:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2016-05-21 04:04 - 2009-07-13 22:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI

2016-05-21 03:45 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2016-05-26 14:36 - 2016-05-28 13:18 - 50063360 _____ () C:\Program Files (x86)\GUT912B.tmp

2016-05-27 12:27 - 2016-05-27 12:27 - 0007628 _____ () C:\Users\Imad\AppData\Local\Resmon.ResmonCfg

2015-04-20 15:06 - 2015-04-20 15:06 - 0000000 _____ () C:\Users\Imad\AppData\Local\{FED1FB60-3755-4B41-ABD8-3885FC184BA2}

2014-08-01 12:45 - 2014-08-01 12:45 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-05-18 00:08

==================== End of FRST.txt ============================

LastRegBack: 2016-05-18 00:08

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01

Ran by Imad (2016-06-17 14:04:54)

Running from C:\Users\Imad\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-06-26 00:42:25)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1996245975-2301006141-3792022614-500 - Administrator - Disabled)

COS (S-1-5-21-1996245975-2301006141-3792022614-1003 - Administrator - Enabled) => C:\Users\COS

Guest (S-1-5-21-1996245975-2301006141-3792022614-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1996245975-2301006141-3792022614-1002 - Limited - Enabled)

Imad (S-1-5-21-1996245975-2301006141-3792022614-1000 - Administrator - Enabled) => C:\Users\Imad

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-22 12:07 - 2014-05-20 12:01 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll

2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

2010-03-11 17:50 - 2010-03-11 17:50 - 00107576 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

2010-04-22 17:33 - 2010-04-22 17:33 - 00323808 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

2009-06-08 16:45 - 2009-06-08 16:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-04-21 09:45 - 2011-04-21 09:45 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-01-18 10:21 - 2010-01-18 10:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll

2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll

2009-11-04 17:29 - 2009-11-04 17:29 - 00378128 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Memeo.Client.dll

2009-11-04 17:29 - 2009-11-04 17:29 - 00837904 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Utility.dll

2009-11-04 17:29 - 2009-11-04 17:29 - 00040208 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.Interop.dll

2009-11-04 17:29 - 2009-11-04 17:29 - 00300816 _____ () C:\Program Files (x86)\Memeo\Memeo Send\Tanagra.DataClad.DataAccess.dll

2010-04-22 17:33 - 2010-04-22 17:33 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

2010-04-22 17:33 - 2010-04-22 17:33 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL

2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll

2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2016-06-17 03:24 - 2016-06-03 18:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll

2016-06-17 03:24 - 2016-06-03 18:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

1394 Devices"

6B8-00C04FA372A7} => ""="SBP2 IEEE 1394 Devices"

ver Group"

Group"

"Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

vice"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""

ice"

Group"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""

"="Service"

ice"

er"

02BE10318} => ""="CD-ROM Drive"

002BE10318} => ""="Standard floppy disk controller"

08002BE10318} => ""="Hdc"

1-08002BE10318} => ""="NetClient"

318} => ""="PCMCIA Adapters"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1996245975-2301006141-3792022614-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 68.105.28.11 - 68.105.29.11

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

16-06-2016 12:31:08 Windows Update

17-06-2016 03:00:17 Windows Update

Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name:

Description:

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/17/2016 12:32:29 PM) (Source: ESENT) (EventID: 467) (User: )

Description: DllHost (4580) WebCacheLocal: Database C:\Users\Imad\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Index PartitionIdIndex of table Containers is corrupted (0).

Error: (06/17/2016 03:29:50 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Stream product id=0x0066): Streaming Failed

Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=E10}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

Too many failures while downloading ranges: 2

Error: (06/17/2016 03:20:05 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {tid=E10}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (06/16/2016 12:38:11 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (06/16/2016 12:28:13 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )

Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}

The client was unable to connect to an Application Virtualization Server (rc 24604E0A-40000193)

Error: (06/16/2016 12:28:12 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )

Description: {hap=12:app=OfficeVirt 9014006604090000:tid=DD0}

The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....6120.5005.sft'(rc 24604E0A-40000193, original rc 24604E0A-40000193).

Error: (06/07/2016 03:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096

Faulting module name: SUPERAntiSpyware.exe, version: 6.0.0.1220, time stamp: 0x5717e096

Exception code: 0xc0000005

Fault offset: 0x00000000000aad23

Faulting process id: 0xae4

Faulting application start time: 0xSUPERAntiSpyware.exe0

Faulting application path: SUPERAntiSpyware.exe1

Faulting module path: SUPERAntiSpyware.exe2

Report Id: SUPERAntiSpyware.exe3

System errors:

=============

Error: (06/17/2016 03:18:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1070 = After starting, the service hung in a start-pending state.

Error: (06/17/2016 03:18:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Server service hung on starting.

Error: (06/17/2016 03:16:21 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.

Error: (06/16/2016 12:25:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1070 = After starting, the service hung in a start-pending state.

Error: (06/16/2016 12:25:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Server service hung on starting.

Error: (06/16/2016 12:23:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Firewall service terminated with service-specific error %%5 = Access is denied.

Error: (06/16/2016 12:22:43 PM) (Source: volmgr) (EventID: 46) (User: )

Description: Crash dump initialization failed!

Error: (06/07/2016 01:18:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2016 08:18:45 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/01/2016 02:10:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.223.427.0).

06/17/2016 03:20:05 AM) (Source: CVHSVC) (EventID: 100) (User: )