Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Registry Console Window pops up several times / File System Error -214

Started by KassD7 , Jan 26 2017 05:32 AM
malware virus error windows10 Filesystemerror registryconsole

  • Please log in to reply

#1
KassD7
Posted 26 January 2017 - 05:32 AM

KassD7

    Member

  • Member
  • PipPip
  • 33 posts

Hello!

 

I am currently using Windows 10 (64-bit) and I have noticed that Registry Console keeps asking for permission, once the window pops up if I select "no" it opens five more windows and they keep popping up, so I am obliged to select "yes". Also if I try to enter to Programs and Features using the search bar (not Win+X) I get a pop up that says File System Error (-2144926975), the same happens if I try to access User Accounts.

 

PD: I will attach some screenshots related to this issue.

 

I also followed a related post and downloaded the FRST64 tool and got the two log files (attached), however after I got these two files I downloaded MalwareBytes and found around 581 threats which I removed.

 

HELP!

 

Thank you in advance,

K.D.

Attached Thumbnails

  • FileSystemError.JPG

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 26 January 2017 - 05:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Please run a new FRST Scan with Addition.txt checked and post both logs.  No point in trying to remove stuff that MBAM has already removed.


  • 0

#3
KassD7
Posted 26 January 2017 - 03:17 PM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I apologize for the late reply, I am new to the forum so I wasn't following this topic.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Kassem (administrator) on KASSEM-PC (26-01-2017 23:13:08)
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126656 2015-10-13] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kassem\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2012-06-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2015-08-08]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-08-07] (Sun Microsystems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-07] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562"
CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [220952 2016-08-17] (Beijing Rising Information Technology Co., Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed]
S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-26 23:13 - 2017-01-26 23:13 - 00030994 _____ C:\Users\Kassem\Desktop\FRST.txt
2017-01-26 16:42 - 2017-01-26 16:45 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\dvdcss
2017-01-26 02:28 - 2017-01-26 02:28 - 00100301 _____ C:\Users\Kassem\Desktop\Malwarebytes Summary.txt
2017-01-26 01:56 - 2017-01-26 21:55 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-26 01:56 - 2017-01-26 17:14 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-26 01:56 - 2017-01-26 01:56 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-26 01:55 - 2017-01-26 17:14 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 01:55 - 2017-01-26 17:14 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-26 01:55 - 2017-01-26 01:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 01:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-26 01:49 - 2017-01-26 01:54 - 55566792 _____ (Malwarebytes ) C:\Users\Kassem\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 00:56 - 2017-01-26 23:13 - 00000000 ____D C:\FRST
2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe
2017-01-25 22:05 - 2017-01-26 00:11 - 01516566 _____ C:\Users\Kassem\Desktop\Façade Cleaning Robot – Technical Overview.pptx
2017-01-25 20:55 - 2017-01-25 20:58 - 01440499 _____ C:\Users\Kassem\Desktop\Document for Meeting.pptx
2017-01-25 20:19 - 2016-05-29 23:49 - 07718022 _____ C:\Users\Kassem\Desktop\Video_1.mp4
2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4
2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf
2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4
2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino
2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe
2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso
2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent
2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf
2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf
2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf
2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf
2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files
2017-01-01 21:33 - 2017-01-26 02:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe
2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake
2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe
2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech
2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe
2016-12-28 19:28 - 2016-12-28 19:28 - 00715009 _____ C:\Users\Kassem\Downloads\15399632_1335495143141991_2885647561060777984_n.mp4
2016-12-28 16:36 - 2016-12-28 17:31 - 1513308160 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso
2016-12-28 15:30 - 2016-12-28 15:30 - 00058080 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso.torrent
2016-12-28 15:26 - 2016-12-28 16:22 - 1531445248 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso
2016-12-28 15:26 - 2016-12-28 15:26 - 00058759 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso.torrent
2016-12-27 18:56 - 2016-12-27 18:56 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-27 18:51 - 2016-12-27 18:53 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-27 18:10 - 2016-12-27 18:10 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-26 23:04 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype
2017-01-26 23:03 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 21:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 20:11 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc
2017-01-26 17:20 - 2015-08-19 21:55 - 02455762 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-26 17:15 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox
2017-01-26 17:13 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 17:13 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem
2017-01-26 17:13 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-26 17:13 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-26 02:56 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 02:55 - 2016-05-20 23:53 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Google Talk
2017-01-26 02:55 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-26 02:55 - 2013-12-19 19:41 - 00000000 ____D C:\Users\Kass\AppData\Local\VNT
2017-01-26 02:34 - 2016-10-24 12:40 - 00000000 ____D C:\Windows10Upgrade
2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages
2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents
2017-01-16 17:12 - 2015-08-07 18:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics
2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6}
2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent
2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino
2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15
2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB
2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google
2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent
2017-01-01 21:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite
2016-12-28 04:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-28 04:48 - 2016-07-16 08:04 - 00131072 _____ C:\WINDOWS\system32\config\SAM
2016-12-27 18:17 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-27 18:11 - 2016-07-16 08:04 - 00000000 ___RD C:\Users
2016-12-27 18:07 - 2009-07-14 05:18 - 00000000 __SHD C:\$Recycle.Bin
2016-12-27 18:00 - 2015-08-19 22:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-27 17:56 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem\AppData\Local\Microsoft
2016-12-27 17:51 - 2016-07-16 13:47 - 00000000 ___SD C:\ProgramData\Microsoft
 
==================== Files in the root of some directories =======
 
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM
2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt
2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND
2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg
2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt
2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml
 
Some files in TEMP:
====================
2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation                                   ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 16:54
 
==================== End of FRST.txt ============================
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (26-01-2017 23:14:02)
Running from C:\Users\Kassem\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 15:45:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-198589097-2935813840-3369481996-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-198589097-2935813840-3369481996-503 - Limited - Disabled)
Guest (S-1-5-21-198589097-2935813840-3369481996-501 - Limited - Disabled)
Kassem (S-1-5-21-198589097-2935813840-3369481996-1000 - Administrator - Enabled) => C:\Users\Kassem
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CMU 1394 Digital Camera Driver (HKLM-x32\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ExpressPCB (HKLM-x32\...\{277CA10D-4B11-4848-A5E6-F1CEA050BF90}) (Version: 7.3.4 - ExpressPCB, LLC)
FluidDraw P5 Demo (HKLM-x32\...\{47016B92-473D-4100-8B5F-A14FD5BE88DA}) (Version: 5.3.385.0 - Festo AG & Co. KG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
VI Package Manager 2014 (HKLM-x32\...\{E78DE7EA-62EB-4D92-A62F-F92CC16EADB0}) (Version: 14.2.1976 - JKI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5448469) (HKLM\...\A-WIN-Extras 10.3.1 5448469_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.1 5448563) (HKLM\...\M-WIN-L 10.3.1 5448563_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram SystemModeler 4.0.1 (HKLM-x32\...\{6fb6a5cb-f810-4953-bf31-b9aaba97e64f}_is1) (Version: 4.0.1 - Wolfram Research, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744}\localserver32 -> C:\Program Files\National Instruments\LabVIEW 2013\LabVIEW.exe /Automation => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B4A60F2-19C8-4EDD-8D63-523CA1A61B1E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {0FBFA02F-40B5-4C0A-9B93-B2FBF1890D88} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14B04005-2B05-4C7F-8E19-C3247EB2AA53} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1EA962F3-23DD-4295-A5A6-EA0CD9E0963C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EB15669-A19E-4401-A68E-E6BE037BD666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBEFACB-3E8A-47D0-8D3A-507CD8E82925} - System32\Tasks\{3192BC34-7C3E-4D50-872E-1EBE5AB9F771} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {37E92736-5B9D-4FF4-9DED-DA603D409F4E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AE14C8-AE2D-4DD4-9BD4-70A9BD715615} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3AF0AE5F-8187-4CB1-8ADF-C41268626ECD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {49CEA312-C566-40E0-916F-6948BC8BD10A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2015-03-24] (JKI)
Task: {4AB18B9E-4D85-47A1-A2EB-2EE5CB302835} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7E67FB-6C9E-47A1-9642-650DBCA5934F} - System32\Tasks\{22E23AC4-6BBE-40D2-98C4-C1942E7F364E} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\APP_IO_WXP_VSTA_W7_A02_Setup-7W7T4_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {4C7D7A1C-38BE-40CB-ADEE-C6C125A6DB80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5628C60A-1BDF-4C16-996B-7E7F3F59166C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {58486E92-6688-4C3A-BA1C-324163CE80B3} - System32\Tasks\habugcus => C:\Program Files\Common Files\pamuag55\55cdej5nzumzk.exe [2015-08-18] () <==== ATTENTION
Task: {5A42204C-449A-46B3-99ED-D70DAADE2404} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {5A73D528-C3F2-4F18-B7BE-7D7EA20CA41B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {60EB7A4F-59F4-4511-B659-B2BBD035AE0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-17] (Microsoft Corporation)
Task: {634D81D4-6392-44B2-8813-F1C7A1475593} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {701700C3-64F0-4C55-A8F9-0D905EC56AF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {78731B9D-4EFA-450B-9293-0FBD0F58F417} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {7D25C6F3-E10E-4FDD-B5C3-698C9FEA91BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A3C1B8B-EAC7-4FE6-BE81-54849CD866E4} - System32\Tasks\Uninstaller_SkipUac_Kassem => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {938C8DBC-0FA6-4948-BE91-614E66A397DF} - System32\Tasks\0l3eyysl => C:\Program Files\Common Files\umiw00s3\3d46esdi4g0vv.exe [2015-08-18] () <==== ATTENTION
Task: {95243289-6FE9-467A-9200-BA17965BED22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {96D5B8C5-BC8D-4A5E-8CE3-556DECB15E18} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9F4F16DD-E2F1-49AC-A0DB-540CAA7460B9} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {A6A80D1B-C801-4FB2-ACB9-915EF254C487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A8E0BBFE-199E-4B20-9925-A24D6121C7E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFDB3F5E-47CF-49AF-B810-EF1968B650CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29EFFC4-2FEF-42AF-9E07-131265D46E61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {C063D582-9B08-4045-AB68-DD4DF99962AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C331AEA7-992A-4504-941C-657E5876FC4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3B6B960-7726-467F-8979-EB3ED1741083} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3D78503-BBB6-4433-AFF1-10693E11DC5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4F2B3CB-8910-42CA-9F4E-27EB420A17D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {C9D5D34E-CE63-4A34-8748-D3E67F818068} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {CB15E7F1-BCCF-4594-AA8E-13175AE75D5A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBCAB27D-18E5-4FFD-A17B-A251CCB6C2E9} - System32\Tasks\{A49D78C7-89EF-4065-BA38-B7C2F239E663} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {CEFBB51A-5D00-4533-B08C-8184D8F7E139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF499570-78BE-47A3-BF42-AF058BBCA96D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0E8724C-684D-432D-A652-1427DA023D68} - System32\Tasks\{6FDD6B59-F353-4A60-9852-25DDE6C44BDF} => pcalua.exe -a "C:\Program Files (x86)\Rising\RSD\Setup.exe" -c /UNINSTALL /PRODUCT=RAV
Task: {D3AD1CF0-D0B0-4E47-9E24-D19D407A23BA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8F5122-F577-4CE2-8BCE-21DF593C76C5} - System32\Tasks\{15565041-D8C6-4DE0-A853-F74ADBF150C6} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\R311884.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {EBFB50D7-C13F-4D36-91EB-E46DAAD7AC5A} - System32\Tasks\{545F917C-120D-49C6-BD5A-DFD56746C6D5} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\Video_Nvidia_W74_A09_Setup_RRN66_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {F7480211-4F5D-476C-8F17-BC0788618A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC7D9652-FAF1-43A4-AD1F-0617FD1B1DA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCE585F-D376-4299-96B3-1CEF1BBB02AD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kassem.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:31 - 2015-09-14 00:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-28 09:05 - 2012-09-29 12:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-08-28 09:06 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 17:48 - 2016-09-24 17:48 - 01864384 _____ () C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-24 22:08 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 13:48 - 2016-11-11 11:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:20 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:20 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:20 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:20 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 00:40 - 2015-08-21 00:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-09-06 18:15 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-01-23 21:44 - 2017-01-18 20:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-12-22 18:07 - 2016-12-21 10:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 21:44 - 2016-12-21 10:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-22 18:07 - 2016-12-21 10:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 21:44 - 2016-12-21 10:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 21:44 - 2016-12-21 10:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-23 21:44 - 2016-12-04 08:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 21:44 - 2016-12-21 10:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 21:44 - 2016-12-21 10:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-10-26 07:57 - 2011-10-26 07:57 - 00102912 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kassem\Desktop\Video_1.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kassem\Documents\arduino-1.6.10-windows.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Documents\Gravity - A Facade Cleaning Robot.zip:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: Icad.load.scr =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\sharepoint.com -> hxxps://mailaub.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2017-01-04 01:51 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting (64-bit).lnk"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "gpuminer"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "NIRegistrationWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{380B4C1F-F1DD-4810-8C9C-9CC25C4CCF1D}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [TCP Query User{D702A0E8-2880-4146-8C24-C07FCF42FA3F}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [{D37845D4-8F89-4B44-B4B9-DCDDA0052A7D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59CC8569-C174-415A-9832-83631C207960}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7B6AAA16-FAB0-42C9-8D85-083702411848}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{53855477-072D-4B0B-B7B9-2C2D3594C223}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07AF11F7-CDE2-415A-9D26-56C65D81E2E2}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AA5F80B0-3B7E-4470-A35F-57CD4D40C17F}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CF0C465-91EE-4595-8C7C-07EE6AA6638E}] => C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{27E14EC2-9550-4E33-9A78-7E4350DD7C16}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SessionMgr.exe
FirewallRules: [{1A5A77EE-46A0-46A1-A611-0A13B04D12C9}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SimulationCenter.exe
FirewallRules: [{5CBA7A71-0283-4577-8461-C07F0BBE5918}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\ModelCenter.exe
FirewallRules: [{4290AD3D-664C-4129-AC2A-B47EDCEA36CA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B04860F9-5A41-482E-BCB4-A0BA339B6890}] => LPort=1900
FirewallRules: [{65AFF168-BF59-4CC0-ABB8-92D9B9E69BD1}] => LPort=2869
FirewallRules: [{B0950348-B26B-4CCF-9864-BDB552AC5154}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E577A04A-907B-476E-BFA8-A7DB296AEBE6}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6039DE07-8F47-4539-9C58-2D575D7A187C}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{679AEF19-2695-426B-B233-6B26E1F1484D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{F1982A83-B281-414A-8AAA-CCDA0F7B441F}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{8CB7EBDD-2550-4273-9862-4DE9E4EA769C}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{08D398BC-A114-4A76-BFB7-878F36DED37D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{B04ED7D0-B4D9-42D1-A5DC-FBDE9A561666}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{317CD395-EA98-4FEF-BC21-7CD31A70C57D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{8CE2EB46-B9D5-4383-8F63-296BCD3E4F41}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{72E96E81-D97C-4FDD-9217-39F92386CBD6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2250131-BF94-4860-A682-A6CC6B7C1BF9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD35E675-6BAC-4C66-A793-78C64BA55457}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E53D540D-E81A-46EC-B8BB-C0C4AED7C2B2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{804DE3CD-A3DC-451E-83A5-5823D5D3087E}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{E7D18337-7B21-4D31-9BA3-8A62AB75FC63}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{C580C769-22C9-4016-A839-2D245213EEF2}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{21BA8E18-D2C4-4549-8FDA-E2C7AC08280D}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4131E414-6D22-4521-AC13-2F37322410D3}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{FE82D18A-5A5B-4040-ABD7-750E347A1D1B}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{38AB335E-7D61-4A0F-9D7B-C112E638762F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4162FDB-8FFF-4B91-A0E1-E31341889FB2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE0D05FE-F726-4FF0-A9EF-8A8764E47665}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7780E7CA-490A-47B2-88F7-74A1E33D84F3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F03FF52A-ED2B-4E7B-BA96-B1B548F1A3AA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FAF9DD8-C708-4626-AFF7-0CBEB9BF45C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4234DC87-1E2A-4249-9FD2-D6C42059470E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C2040B5-E917-4849-8A1D-C326602426B1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F3507DEB-B4FE-4015-86BC-0741BE8223EF}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{0355AAB6-6CF0-4395-A863-E27795CA6F69}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFE911B6-7C90-4FD9-9B50-B16B6246BD86}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{356799BF-842E-4151-89D8-71D7B52F2CC1}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E46C3910-1606-4614-B95C-EAD1FB2BB44C}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF84336F-C710-4FFD-B138-B8A7B0BBC7E7}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{719DBA33-5B5B-4EF0-857B-762231D2C973}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7466C32D-6D89-4C46-BD80-82D6BFAB132C}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AA1725A-C230-4D65-9EA0-223DC84A86E5}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6AEC447-E968-446F-9738-739A5F1E7533}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3EF15CEB-7552-491E-96AB-ED82F4184443}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{B632DC00-9D50-49D5-9FD2-C4D592C585FE}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [UDP Query User{C5DB7824-9DFD-404A-B453-F2084797EC1D}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [{26B8A7EE-18A2-4414-A0B7-B43BEAD43F61}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D21F9F11-C21C-4AF7-B0F8-6044B1B8E1DE}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A093865A-364C-4AEA-BBAC-99A18D04CDFA}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{02ECCBE7-01AC-44E2-BCEE-09B4872AD01A}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{510E86F8-96DD-463C-B221-DD25556C049F}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C47A5D70-AB7B-429B-9E4F-29176C0607D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{092C9577-F0B8-43C7-A077-B7EEE24FF6A1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A73CF2E2-F448-45F9-8228-A56361487656}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A345293E-E02B-43CE-9A47-1ED56169A32A}] => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{ABAA7FFB-4E92-4729-A074-6B8C3B354376}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3A2CB042-0B07-48D0-9CAA-4283D1ED46F1}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACD6B98D-5A25-4525-AA4F-3123AD0D734A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7D355E3C-4FF6-4875-8F3B-C6AC22F9F27F}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DED493-E947-4ED7-AA2D-C584AB91FE45}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{801C87DE-678E-4858-B52A-51920ACE38E7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
27-12-2016 18:55:08 Removed Skype™ 7.30
07-01-2017 14:52:11 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2017 11:03:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/26/2017 11:03:54 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
 
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
 
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/26/2017 09:50:37 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/26/2017 09:50:35 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/26/2017 09:50:34 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (01/26/2017 09:48:47 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/26/2017 09:48:46 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
 
System errors:
=============
Error: (01/26/2017 05:18:10 PM) (Source: DCOM) (EventID: 10016) (User: Kassem-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user Kassem-PC\Kassem SID (S-1-5-21-198589097-2935813840-3369481996-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:15:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Camera Frame Server service terminated with the following error: 
General access denied error
 
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:14:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (TEW_SQLEXPRESS) service terminated with the following service-specific error: 
Access is denied.
 
Error: (01/26/2017 05:13:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FrameServer service terminated with the following error: 
General access denied error
 
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-26 23:13:26.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 23:13:26.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:53:33.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:53:27.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:50:30.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:50:24.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:48:26.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 16:48:15.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 14:08:45.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-26 14:08:35.134
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 8083.88 MB
Available physical RAM: 4785.97 MB
Total Virtual: 16275.88 MB
Available Virtual: 12956.13 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:190.94 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9057C8E4)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0

#4
RKinner
Posted 26 January 2017 - 07:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Delays are no problem buyt you should be getting a notification via email so check your spam filter and also check your profile to make sure you have the email address correctly entered.

 

Uninstall:

 

Bonjour (your version is not compatible with Win 10.  You will probably get a new one if you update your Apple software.)

 

Java™ 6 Update 24 (64-bit) (obsolete and dangerous to have)

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Are you still getting your error?

  • 0

#5
KassD7
Posted 27 January 2017 - 04:37 AM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I uninstalled both programs and followed your instructions but the File System Error is still there, however the popups issue might be solved.

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (27-01-2017 12:22:29) Run:2
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126656 2015-10-13] (Beijing Rising Information Technology Co., Ltd.)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kassem\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126656 2015-10-13] (Beijing Rising Information Technology Co., Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744}\localserver32 -> C:\Program Files\National Instruments\LabVIEW 2013\LabVIEW.exe /Automation => No File
Task: {14B04005-2B05-4C7F-8E19-C3247EB2AA53} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {58486E92-6688-4C3A-BA1C-324163CE80B3} - System32\Tasks\habugcus => C:\Program Files\Common Files\pamuag55\55cdej5nzumzk.exe [2015-08-18] () <==== ATTENTION
Task: {938C8DBC-0FA6-4948-BE91-614E66A397DF} - System32\Tasks\0l3eyysl => C:\Program Files\Common Files\umiw00s3\3d46esdi4g0vv.exe [2015-08-18] () <==== ATTENTION
Task: {D0E8724C-684D-432D-A652-1427DA023D68} - System32\Tasks\{6FDD6B59-F353-4A60-9852-25DDE6C44BDF} => pcalua.exe -a "C:\Program Files (x86)\Rising\RSD\Setup.exe" -c /UNINSTALL /PRODUCT=RAV
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kassem.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\Rising
C:\Program Files\Common Files\umiw00s3
C:\Program Files\Common Files\pamuag55
AlternateDataStreams: C:\Users\Kassem\Desktop\Video_1.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kassem\Documents\arduino-1.6.10-windows.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Documents\Gravity - A Facade Cleaning Robot.zip:com.dropbox.attributes [168]
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
 
 
 
 
  
 
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value not found.
C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => not found.
C:\Users\Kassem\AppData\Roaming\Dropbox\bin\Dropbox.exe => not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value not found.
dbx => service not found.
idsvc => service not found.
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14B04005-2B05-4C7F-8E19-C3247EB2AA53} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58486E92-6688-4C3A-BA1C-324163CE80B3} => key not found. 
C:\WINDOWS\System32\Tasks\habugcus => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\habugcus => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938C8DBC-0FA6-4948-BE91-614E66A397DF} => key not found. 
C:\WINDOWS\System32\Tasks\0l3eyysl => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0l3eyysl => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0E8724C-684D-432D-A652-1427DA023D68} => key not found. 
C:\WINDOWS\System32\Tasks\{6FDD6B59-F353-4A60-9852-25DDE6C44BDF} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FDD6B59-F353-4A60-9852-25DDE6C44BDF} => key not found. 
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => not found.
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kassem.job => not found.
"C:\Program Files (x86)\Rising" => not found.
"C:\Program Files\Common Files\umiw00s3" => not found.
"C:\Program Files\Common Files\pamuag55" => not found.
"C:\Users\Kassem\Desktop\Video_1.mp4" => ":com.dropbox.attributes" ADS not found.
C:\Users\Kassem\Downloads\Cerificate.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Kassem\Downloads\Cerificate.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\Kassem\Documents\arduino-1.6.10-windows.zip => ":com.dropbox.attributes" ADS could not remove.
"C:\Users\Kassem\Documents\Gravity - A Facade Cleaning Robot.zip" => ":com.dropbox.attributes" ADS not found.
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:23:50 ====
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Kassem (administrator) on KASSEM-PC (27-01-2017 12:27:26)
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2012-06-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2015-08-08]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 193.188.129.75 193.188.129.5
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 193.188.129.75 193.188.129.5
Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562"
CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]
CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed]
S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-27] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 12:27 - 2017-01-27 12:27 - 00032151 _____ C:\Users\Kassem\Desktop\FRST.txt
2017-01-27 12:22 - 2017-01-27 12:23 - 00006449 _____ C:\Users\Kassem\Desktop\Fixlog.txt
2017-01-26 16:42 - 2017-01-26 16:45 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\dvdcss
2017-01-26 01:56 - 2017-01-27 12:25 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-26 01:56 - 2017-01-27 12:25 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-26 01:56 - 2017-01-26 01:56 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-26 01:55 - 2017-01-27 12:25 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 01:55 - 2017-01-27 12:25 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-26 01:55 - 2017-01-26 01:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 01:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-26 01:49 - 2017-01-26 01:54 - 55566792 _____ (Malwarebytes ) C:\Users\Kassem\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 00:56 - 2017-01-27 12:27 - 00000000 ____D C:\FRST
2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe
2017-01-25 22:05 - 2017-01-26 00:11 - 01516566 _____ C:\Users\Kassem\Desktop\Façade Cleaning Robot – Technical Overview.pptx
2017-01-25 20:55 - 2017-01-25 20:58 - 01440499 _____ C:\Users\Kassem\Desktop\Document for Meeting.pptx
2017-01-25 20:19 - 2016-05-29 23:49 - 07718022 _____ C:\Users\Kassem\Desktop\Video_1.mp4
2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4
2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf
2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4
2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino
2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe
2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso
2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent
2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf
2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf
2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf
2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf
2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files
2017-01-01 21:33 - 2017-01-27 12:18 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe
2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake
2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe
2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech
2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe
2016-12-28 19:28 - 2016-12-28 19:28 - 00715009 _____ C:\Users\Kassem\Downloads\15399632_1335495143141991_2885647561060777984_n.mp4
2016-12-28 16:36 - 2016-12-28 17:31 - 1513308160 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso
2016-12-28 15:30 - 2016-12-28 15:30 - 00058080 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso.torrent
2016-12-28 15:26 - 2016-12-28 16:22 - 1531445248 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso
2016-12-28 15:26 - 2016-12-28 15:26 - 00058759 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 12:26 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox
2017-01-27 12:25 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-27 12:25 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-27 12:25 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-27 12:21 - 2015-08-19 21:55 - 02475308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-27 12:18 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem
2017-01-27 12:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-27 12:16 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-27 12:14 - 2016-07-15 15:05 - 00000000 ___RD C:\Users\Kassem\OneDrive - American University of Beirut
2017-01-27 12:14 - 2015-08-19 22:52 - 00002366 _____ C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 12:10 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype
2017-01-27 12:09 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 21:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 20:11 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc
2017-01-26 02:56 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 02:55 - 2016-05-20 23:53 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Google Talk
2017-01-26 02:55 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-26 02:55 - 2013-12-19 19:41 - 00000000 ____D C:\Users\Kass\AppData\Local\VNT
2017-01-26 02:34 - 2016-10-24 12:40 - 00000000 ____D C:\Windows10Upgrade
2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages
2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics
2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6}
2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent
2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino
2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15
2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB
2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google
2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent
2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite
2016-12-28 04:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-28 04:48 - 2016-07-16 08:04 - 00131072 _____ C:\WINDOWS\system32\config\SAM
 
==================== Files in the root of some directories =======
 
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM
2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt
2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND
2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg
2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt
2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml
 
Some files in TEMP:
====================
2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation                                   ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 16:54
 
==================== End of FRST.txt ============================

 

 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (27-01-2017 12:28:14)
Running from C:\Users\Kassem\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 15:45:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-198589097-2935813840-3369481996-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-198589097-2935813840-3369481996-503 - Limited - Disabled)
Guest (S-1-5-21-198589097-2935813840-3369481996-501 - Limited - Disabled)
Kassem (S-1-5-21-198589097-2935813840-3369481996-1000 - Administrator - Enabled) => C:\Users\Kassem
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CMU 1394 Digital Camera Driver (HKLM-x32\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ExpressPCB (HKLM-x32\...\{277CA10D-4B11-4848-A5E6-F1CEA050BF90}) (Version: 7.3.4 - ExpressPCB, LLC)
FluidDraw P5 Demo (HKLM-x32\...\{47016B92-473D-4100-8B5F-A14FD5BE88DA}) (Version: 5.3.385.0 - Festo AG & Co. KG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
VI Package Manager 2014 (HKLM-x32\...\{E78DE7EA-62EB-4D92-A62F-F92CC16EADB0}) (Version: 14.2.1976 - JKI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5448469) (HKLM\...\A-WIN-Extras 10.3.1 5448469_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.1 5448563) (HKLM\...\M-WIN-L 10.3.1 5448563_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram SystemModeler 4.0.1 (HKLM-x32\...\{6fb6a5cb-f810-4953-bf31-b9aaba97e64f}_is1) (Version: 4.0.1 - Wolfram Research, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncApi64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B4A60F2-19C8-4EDD-8D63-523CA1A61B1E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {0FBFA02F-40B5-4C0A-9B93-B2FBF1890D88} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EA962F3-23DD-4295-A5A6-EA0CD9E0963C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EB15669-A19E-4401-A68E-E6BE037BD666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBEFACB-3E8A-47D0-8D3A-507CD8E82925} - System32\Tasks\{3192BC34-7C3E-4D50-872E-1EBE5AB9F771} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {37E92736-5B9D-4FF4-9DED-DA603D409F4E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AE14C8-AE2D-4DD4-9BD4-70A9BD715615} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3AF0AE5F-8187-4CB1-8ADF-C41268626ECD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {49CEA312-C566-40E0-916F-6948BC8BD10A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2015-03-24] (JKI)
Task: {4AB18B9E-4D85-47A1-A2EB-2EE5CB302835} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7E67FB-6C9E-47A1-9642-650DBCA5934F} - System32\Tasks\{22E23AC4-6BBE-40D2-98C4-C1942E7F364E} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\APP_IO_WXP_VSTA_W7_A02_Setup-7W7T4_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {4C7D7A1C-38BE-40CB-ADEE-C6C125A6DB80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5628C60A-1BDF-4C16-996B-7E7F3F59166C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5A42204C-449A-46B3-99ED-D70DAADE2404} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {5A73D528-C3F2-4F18-B7BE-7D7EA20CA41B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {60EB7A4F-59F4-4511-B659-B2BBD035AE0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-17] (Microsoft Corporation)
Task: {634D81D4-6392-44B2-8813-F1C7A1475593} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {701700C3-64F0-4C55-A8F9-0D905EC56AF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {78731B9D-4EFA-450B-9293-0FBD0F58F417} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {7D25C6F3-E10E-4FDD-B5C3-698C9FEA91BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A3C1B8B-EAC7-4FE6-BE81-54849CD866E4} - System32\Tasks\Uninstaller_SkipUac_Kassem => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {95243289-6FE9-467A-9200-BA17965BED22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {9B747309-E0BD-4B88-8709-612635A28725} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9F4F16DD-E2F1-49AC-A0DB-540CAA7460B9} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {A6A80D1B-C801-4FB2-ACB9-915EF254C487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A8E0BBFE-199E-4B20-9925-A24D6121C7E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFDB3F5E-47CF-49AF-B810-EF1968B650CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29EFFC4-2FEF-42AF-9E07-131265D46E61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {C063D582-9B08-4045-AB68-DD4DF99962AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C331AEA7-992A-4504-941C-657E5876FC4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3B6B960-7726-467F-8979-EB3ED1741083} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3D78503-BBB6-4433-AFF1-10693E11DC5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4F2B3CB-8910-42CA-9F4E-27EB420A17D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {C9D5D34E-CE63-4A34-8748-D3E67F818068} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {CB15E7F1-BCCF-4594-AA8E-13175AE75D5A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBCAB27D-18E5-4FFD-A17B-A251CCB6C2E9} - System32\Tasks\{A49D78C7-89EF-4065-BA38-B7C2F239E663} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {CEFBB51A-5D00-4533-B08C-8184D8F7E139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF499570-78BE-47A3-BF42-AF058BBCA96D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3AD1CF0-D0B0-4E47-9E24-D19D407A23BA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8F5122-F577-4CE2-8BCE-21DF593C76C5} - System32\Tasks\{15565041-D8C6-4DE0-A853-F74ADBF150C6} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\R311884.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {EBFB50D7-C13F-4D36-91EB-E46DAAD7AC5A} - System32\Tasks\{545F917C-120D-49C6-BD5A-DFD56746C6D5} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\Video_Nvidia_W74_A09_Setup_RRN66_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {F7480211-4F5D-476C-8F17-BC0788618A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC7D9652-FAF1-43A4-AD1F-0617FD1B1DA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCE585F-D376-4299-96B3-1CEF1BBB02AD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:31 - 2015-09-14 00:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-28 09:05 - 2012-09-29 12:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-08-28 09:06 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 22:08 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 13:48 - 2016-11-11 11:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:20 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:20 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:20 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:20 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-09 20:20 - 2016-11-02 12:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-08-21 00:40 - 2015-08-21 00:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-09-06 18:15 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-01-23 21:44 - 2017-01-18 20:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-12-22 18:07 - 2016-12-21 10:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 21:44 - 2016-12-21 10:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-22 18:07 - 2016-12-21 10:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 21:44 - 2016-12-21 10:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 21:44 - 2016-12-21 10:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-23 21:44 - 2016-12-04 08:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 21:44 - 2016-12-21 10:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 21:44 - 2016-12-21 10:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-10-26 07:57 - 2011-10-26 07:57 - 00102912 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: Icad.load.scr =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\sharepoint.com -> hxxps://mailaub.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2017-01-04 01:51 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting (64-bit).lnk"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "gpuminer"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "NIRegistrationWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{380B4C1F-F1DD-4810-8C9C-9CC25C4CCF1D}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [TCP Query User{D702A0E8-2880-4146-8C24-C07FCF42FA3F}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [{D37845D4-8F89-4B44-B4B9-DCDDA0052A7D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59CC8569-C174-415A-9832-83631C207960}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7B6AAA16-FAB0-42C9-8D85-083702411848}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{53855477-072D-4B0B-B7B9-2C2D3594C223}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07AF11F7-CDE2-415A-9D26-56C65D81E2E2}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AA5F80B0-3B7E-4470-A35F-57CD4D40C17F}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CF0C465-91EE-4595-8C7C-07EE6AA6638E}] => C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{27E14EC2-9550-4E33-9A78-7E4350DD7C16}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SessionMgr.exe
FirewallRules: [{1A5A77EE-46A0-46A1-A611-0A13B04D12C9}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SimulationCenter.exe
FirewallRules: [{5CBA7A71-0283-4577-8461-C07F0BBE5918}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\ModelCenter.exe
FirewallRules: [{4290AD3D-664C-4129-AC2A-B47EDCEA36CA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B04860F9-5A41-482E-BCB4-A0BA339B6890}] => LPort=1900
FirewallRules: [{65AFF168-BF59-4CC0-ABB8-92D9B9E69BD1}] => LPort=2869
FirewallRules: [{B0950348-B26B-4CCF-9864-BDB552AC5154}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E577A04A-907B-476E-BFA8-A7DB296AEBE6}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6039DE07-8F47-4539-9C58-2D575D7A187C}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{679AEF19-2695-426B-B233-6B26E1F1484D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{F1982A83-B281-414A-8AAA-CCDA0F7B441F}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{8CB7EBDD-2550-4273-9862-4DE9E4EA769C}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{08D398BC-A114-4A76-BFB7-878F36DED37D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{B04ED7D0-B4D9-42D1-A5DC-FBDE9A561666}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{317CD395-EA98-4FEF-BC21-7CD31A70C57D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{8CE2EB46-B9D5-4383-8F63-296BCD3E4F41}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{804DE3CD-A3DC-451E-83A5-5823D5D3087E}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{E7D18337-7B21-4D31-9BA3-8A62AB75FC63}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{C580C769-22C9-4016-A839-2D245213EEF2}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{21BA8E18-D2C4-4549-8FDA-E2C7AC08280D}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4131E414-6D22-4521-AC13-2F37322410D3}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{FE82D18A-5A5B-4040-ABD7-750E347A1D1B}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{38AB335E-7D61-4A0F-9D7B-C112E638762F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4162FDB-8FFF-4B91-A0E1-E31341889FB2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE0D05FE-F726-4FF0-A9EF-8A8764E47665}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7780E7CA-490A-47B2-88F7-74A1E33D84F3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F03FF52A-ED2B-4E7B-BA96-B1B548F1A3AA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FAF9DD8-C708-4626-AFF7-0CBEB9BF45C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4234DC87-1E2A-4249-9FD2-D6C42059470E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C2040B5-E917-4849-8A1D-C326602426B1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F3507DEB-B4FE-4015-86BC-0741BE8223EF}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{0355AAB6-6CF0-4395-A863-E27795CA6F69}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFE911B6-7C90-4FD9-9B50-B16B6246BD86}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{356799BF-842E-4151-89D8-71D7B52F2CC1}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E46C3910-1606-4614-B95C-EAD1FB2BB44C}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF84336F-C710-4FFD-B138-B8A7B0BBC7E7}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{719DBA33-5B5B-4EF0-857B-762231D2C973}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7466C32D-6D89-4C46-BD80-82D6BFAB132C}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AA1725A-C230-4D65-9EA0-223DC84A86E5}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6AEC447-E968-446F-9738-739A5F1E7533}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3EF15CEB-7552-491E-96AB-ED82F4184443}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{B632DC00-9D50-49D5-9FD2-C4D592C585FE}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [UDP Query User{C5DB7824-9DFD-404A-B453-F2084797EC1D}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [{26B8A7EE-18A2-4414-A0B7-B43BEAD43F61}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D21F9F11-C21C-4AF7-B0F8-6044B1B8E1DE}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A093865A-364C-4AEA-BBAC-99A18D04CDFA}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{02ECCBE7-01AC-44E2-BCEE-09B4872AD01A}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{510E86F8-96DD-463C-B221-DD25556C049F}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C47A5D70-AB7B-429B-9E4F-29176C0607D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{092C9577-F0B8-43C7-A077-B7EEE24FF6A1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A73CF2E2-F448-45F9-8228-A56361487656}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A345293E-E02B-43CE-9A47-1ED56169A32A}] => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{ABAA7FFB-4E92-4729-A074-6B8C3B354376}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3A2CB042-0B07-48D0-9CAA-4283D1ED46F1}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACD6B98D-5A25-4525-AA4F-3123AD0D734A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7D355E3C-4FF6-4875-8F3B-C6AC22F9F27F}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DED493-E947-4ED7-AA2D-C584AB91FE45}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{801C87DE-678E-4858-B52A-51920ACE38E7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
27-12-2016 18:55:08 Removed Skype™ 7.30
07-01-2017 14:52:11 Scheduled Checkpoint
27-01-2017 12:13:02 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2017 12:27:29 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 12:27:28 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 12:25:47 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 12:25:45 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (01/27/2017 12:26:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Camera Frame Server service terminated with the following error: 
General access denied error
 
Error: (01/27/2017 12:25:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2017 12:25:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2017 12:25:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2017 12:25:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (TEW_SQLEXPRESS) service terminated with the following service-specific error: 
Access is denied.
 
Error: (01/27/2017 12:25:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RsMgrSvc service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/27/2017 12:25:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FrameServer service terminated with the following error: 
General access denied error
 
Error: (01/27/2017 12:24:29 PM) (Source: DCOM) (EventID: 10010) (User: Kassem-PC)
Description: The server {2E3EA04A-5ECA-47C0-9CD1-AEFDF7BEFC20} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 8083.88 MB
Available physical RAM: 5277.44 MB
Total Virtual: 16275.88 MB
Available Virtual: 13482.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:191.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9057C8E4)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 

 

 

-


  • 0

#6
RKinner
Posted 27 January 2017 - 07:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached SvcRestartTask.zip

 

 

and save it.  Open the folder where you saved it (usually your Downloads folder) and right click and Extract All, Extract.  Note where the file is.  Usually it creates a folder called svcrestarttask in your downloads folder.

 

Search for:

 

task scheduler 

 

hit Enter

 

this should bring up the Task Scheduler window

 

Click on the arrow in front of Task Sceduler Library

then on the arrow in front of Microsoft

then on the arrow in front of Windows.

 

Scroll down to and left click on SoftwareProtectionPlatform

right click on  SoftwareProtectionPlatform

and select Import Task

 

Point it at the file you just extracted which should be called SvcRestartTask.xml (tho you may not be able to see the .xml extension) and click Open.  If it asks you are you sure tell it Yes.

 

This should replace the task that was missing and hopefully stop the errors like these:

 

Error: (01/27/2017 12:27:29 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 

 

 

Close Task Scheduler.
 
Now download wmf.zip
Right click on it and Extract All, Extract.
Right click on the file wmf.reg (you may not see the .reg) and MERGE.  
 
This will hopefully fix this error:

Error: (01/27/2017 12:25:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FrameServer service terminated with the following error: 
General access denied error

 

 

and maybe make your webcam work again (if you have one)
 
Finally I have another fixlist for you:
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

The fixlist is going to clean up some deadwood that I missed the first time and also look into why we are getting these errors:
 
 
Error: (01/27/2017 12:25:36 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 

 

 

Hopefully if we clean up all of the system errors that will make Windows stop complaining.

  • 0

#7
KassD7
Posted 27 January 2017 - 07:43 AM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

When I try to import the Task a window pops up saying : Error message: a task folder with this name already exists.


  • 0

#8
KassD7
Posted 27 January 2017 - 08:39 AM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Okay so I managed to replace the task, and the text files are shown below:

 

The file system error is still there.. Error (-2144926975)

 

Fixlog

 

Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 16:32:24 ====
 
------------------------------------------------------------------------------------------------------------------------------------------------
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Kassem (administrator) on KASSEM-PC (27-01-2017 16:33:42)
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2012-06-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2015-08-08]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 193.188.129.75 193.188.129.5
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 193.188.129.75 193.188.129.5
Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562"
CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]
CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed]
S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-27] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 16:33 - 2017-01-27 16:34 - 00029657 _____ C:\Users\Kassem\Desktop\FRST.txt
2017-01-27 16:32 - 2017-01-27 16:32 - 00000582 _____ C:\Users\Kassem\Desktop\Fixlog.txt
2017-01-27 16:29 - 2017-01-27 16:29 - 00000350 _____ C:\Users\Kassem\Downloads\wmf.zip
2017-01-27 16:29 - 2017-01-27 16:29 - 00000000 ____D C:\Users\Kassem\Downloads\wmf
2017-01-27 15:35 - 2017-01-27 15:35 - 00000000 ____D C:\Users\Kassem\Downloads\SvcRestartTask
2017-01-27 15:33 - 2017-01-27 15:33 - 00001371 _____ C:\Users\Kassem\Downloads\SvcRestartTask.zip
2017-01-27 14:43 - 2017-01-27 14:43 - 00100316 _____ C:\Users\Kassem\Desktop\Amazon Order 3.pdf
2017-01-27 14:42 - 2017-01-27 14:42 - 00100240 _____ C:\Users\Kassem\Desktop\Amazon Order 2.pdf
2017-01-26 16:42 - 2017-01-26 16:45 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\dvdcss
2017-01-26 01:56 - 2017-01-27 16:32 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-26 01:56 - 2017-01-27 16:32 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-26 01:56 - 2017-01-26 01:56 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-26 01:55 - 2017-01-27 16:32 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 01:55 - 2017-01-27 16:32 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-26 01:55 - 2017-01-26 01:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 01:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-26 01:49 - 2017-01-26 01:54 - 55566792 _____ (Malwarebytes ) C:\Users\Kassem\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 00:56 - 2017-01-27 16:33 - 00000000 ____D C:\FRST
2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe
2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4
2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf
2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4
2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino
2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe
2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso
2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent
2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf
2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf
2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf
2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf
2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files
2017-01-01 21:33 - 2017-01-27 12:18 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe
2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake
2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe
2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech
2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe
2016-12-28 19:28 - 2016-12-28 19:28 - 00715009 _____ C:\Users\Kassem\Downloads\15399632_1335495143141991_2885647561060777984_n.mp4
2016-12-28 16:36 - 2016-12-28 17:31 - 1513308160 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso
2016-12-28 15:30 - 2016-12-28 15:30 - 00058080 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso.torrent
2016-12-28 15:26 - 2016-12-28 16:22 - 1531445248 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso
2016-12-28 15:26 - 2016-12-28 15:26 - 00058759 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-27 16:34 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype
2017-01-27 16:34 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox
2017-01-27 16:32 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-27 16:32 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem
2017-01-27 16:32 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-27 16:32 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-27 16:26 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-27 12:32 - 2015-08-19 21:55 - 02494854 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-27 12:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-27 12:16 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-27 12:14 - 2016-07-15 15:05 - 00000000 ___RD C:\Users\Kassem\OneDrive - American University of Beirut
2017-01-27 12:14 - 2015-08-19 22:52 - 00002366 _____ C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 21:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 20:11 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc
2017-01-26 02:56 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 02:55 - 2016-05-20 23:53 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Google Talk
2017-01-26 02:55 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-26 02:55 - 2013-12-19 19:41 - 00000000 ____D C:\Users\Kass\AppData\Local\VNT
2017-01-26 02:34 - 2016-10-24 12:40 - 00000000 ____D C:\Windows10Upgrade
2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages
2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics
2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6}
2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent
2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino
2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15
2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB
2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google
2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent
2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite
2016-12-28 04:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-28 04:48 - 2016-07-16 08:04 - 00131072 _____ C:\WINDOWS\system32\config\SAM
 
==================== Files in the root of some directories =======
 
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM
2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt
2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND
2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg
2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt
2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml
 
Some files in TEMP:
====================
2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation                                   ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 16:54
 
==================== End of FRST.txt ============================
 
------------------------------------------------------------------------------------------------------------------------------------------------
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (27-01-2017 16:35:14)
Running from C:\Users\Kassem\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 15:45:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-198589097-2935813840-3369481996-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-198589097-2935813840-3369481996-503 - Limited - Disabled)
Guest (S-1-5-21-198589097-2935813840-3369481996-501 - Limited - Disabled)
Kassem (S-1-5-21-198589097-2935813840-3369481996-1000 - Administrator - Enabled) => C:\Users\Kassem
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CMU 1394 Digital Camera Driver (HKLM-x32\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ExpressPCB (HKLM-x32\...\{277CA10D-4B11-4848-A5E6-F1CEA050BF90}) (Version: 7.3.4 - ExpressPCB, LLC)
FluidDraw P5 Demo (HKLM-x32\...\{47016B92-473D-4100-8B5F-A14FD5BE88DA}) (Version: 5.3.385.0 - Festo AG & Co. KG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
VI Package Manager 2014 (HKLM-x32\...\{E78DE7EA-62EB-4D92-A62F-F92CC16EADB0}) (Version: 14.2.1976 - JKI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5448469) (HKLM\...\A-WIN-Extras 10.3.1 5448469_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.1 5448563) (HKLM\...\M-WIN-L 10.3.1 5448563_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram SystemModeler 4.0.1 (HKLM-x32\...\{6fb6a5cb-f810-4953-bf31-b9aaba97e64f}_is1) (Version: 4.0.1 - Wolfram Research, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B4A60F2-19C8-4EDD-8D63-523CA1A61B1E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {0FBFA02F-40B5-4C0A-9B93-B2FBF1890D88} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EA962F3-23DD-4295-A5A6-EA0CD9E0963C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EB15669-A19E-4401-A68E-E6BE037BD666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBEFACB-3E8A-47D0-8D3A-507CD8E82925} - System32\Tasks\{3192BC34-7C3E-4D50-872E-1EBE5AB9F771} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {37E92736-5B9D-4FF4-9DED-DA603D409F4E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AE14C8-AE2D-4DD4-9BD4-70A9BD715615} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3AF0AE5F-8187-4CB1-8ADF-C41268626ECD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {49CEA312-C566-40E0-916F-6948BC8BD10A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2015-03-24] (JKI)
Task: {4AB18B9E-4D85-47A1-A2EB-2EE5CB302835} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7E67FB-6C9E-47A1-9642-650DBCA5934F} - System32\Tasks\{22E23AC4-6BBE-40D2-98C4-C1942E7F364E} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\APP_IO_WXP_VSTA_W7_A02_Setup-7W7T4_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {4C7D7A1C-38BE-40CB-ADEE-C6C125A6DB80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5628C60A-1BDF-4C16-996B-7E7F3F59166C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {5A42204C-449A-46B3-99ED-D70DAADE2404} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {5A73D528-C3F2-4F18-B7BE-7D7EA20CA41B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {60EB7A4F-59F4-4511-B659-B2BBD035AE0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-17] (Microsoft Corporation)
Task: {634D81D4-6392-44B2-8813-F1C7A1475593} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {701700C3-64F0-4C55-A8F9-0D905EC56AF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {78731B9D-4EFA-450B-9293-0FBD0F58F417} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {7D25C6F3-E10E-4FDD-B5C3-698C9FEA91BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A3C1B8B-EAC7-4FE6-BE81-54849CD866E4} - System32\Tasks\Uninstaller_SkipUac_Kassem => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {95243289-6FE9-467A-9200-BA17965BED22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {9B747309-E0BD-4B88-8709-612635A28725} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9F4F16DD-E2F1-49AC-A0DB-540CAA7460B9} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {A6A80D1B-C801-4FB2-ACB9-915EF254C487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A8E0BBFE-199E-4B20-9925-A24D6121C7E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFDB3F5E-47CF-49AF-B810-EF1968B650CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29EFFC4-2FEF-42AF-9E07-131265D46E61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {C063D582-9B08-4045-AB68-DD4DF99962AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C331AEA7-992A-4504-941C-657E5876FC4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3B6B960-7726-467F-8979-EB3ED1741083} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3D78503-BBB6-4433-AFF1-10693E11DC5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4F2B3CB-8910-42CA-9F4E-27EB420A17D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {C9D5D34E-CE63-4A34-8748-D3E67F818068} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {CB15E7F1-BCCF-4594-AA8E-13175AE75D5A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBCAB27D-18E5-4FFD-A17B-A251CCB6C2E9} - System32\Tasks\{A49D78C7-89EF-4065-BA38-B7C2F239E663} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {CEFBB51A-5D00-4533-B08C-8184D8F7E139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF499570-78BE-47A3-BF42-AF058BBCA96D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3AD1CF0-D0B0-4E47-9E24-D19D407A23BA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8F5122-F577-4CE2-8BCE-21DF593C76C5} - System32\Tasks\{15565041-D8C6-4DE0-A853-F74ADBF150C6} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\R311884.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {EBFB50D7-C13F-4D36-91EB-E46DAAD7AC5A} - System32\Tasks\{545F917C-120D-49C6-BD5A-DFD56746C6D5} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\Video_Nvidia_W74_A09_Setup_RRN66_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {F7480211-4F5D-476C-8F17-BC0788618A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC7D9652-FAF1-43A4-AD1F-0617FD1B1DA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCE585F-D376-4299-96B3-1CEF1BBB02AD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:31 - 2015-09-14 00:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 22:08 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 13:48 - 2016-11-11 11:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:20 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:20 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:20 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:20 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-29 20:20 - 2016-09-15 19:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-24 22:01 - 2016-09-07 07:36 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-11-09 20:20 - 2016-11-02 12:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-12-16 20:44 - 2016-12-16 20:46 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-11-09 20:20 - 2016-11-02 12:13 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-11-09 20:20 - 2016-11-02 12:13 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 13:43 - 2016-07-16 16:28 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 13:43 - 2016-07-16 16:27 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 13:43 - 2016-07-16 16:28 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 13:43 - 2016-07-16 16:28 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 13:43 - 2016-07-16 16:28 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 13:43 - 2016-07-16 16:28 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 13:43 - 2016-07-16 16:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 13:43 - 2016-07-16 16:27 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-08-21 00:40 - 2015-08-21 00:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-09-06 18:15 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-01-23 21:44 - 2017-01-18 20:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-12-22 18:07 - 2016-12-21 10:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 21:44 - 2016-12-21 10:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-22 18:07 - 2016-12-21 10:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 21:44 - 2016-12-21 10:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 21:44 - 2016-12-21 10:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-23 21:44 - 2016-12-04 08:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 21:44 - 2016-12-21 10:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 21:44 - 2016-12-21 10:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-10-26 07:57 - 2011-10-26 07:57 - 00102912 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: Icad.load.scr =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\sharepoint.com -> hxxps://mailaub.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2017-01-04 01:51 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting (64-bit).lnk"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "gpuminer"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "NIRegistrationWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{380B4C1F-F1DD-4810-8C9C-9CC25C4CCF1D}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [TCP Query User{D702A0E8-2880-4146-8C24-C07FCF42FA3F}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [{D37845D4-8F89-4B44-B4B9-DCDDA0052A7D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59CC8569-C174-415A-9832-83631C207960}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7B6AAA16-FAB0-42C9-8D85-083702411848}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{53855477-072D-4B0B-B7B9-2C2D3594C223}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07AF11F7-CDE2-415A-9D26-56C65D81E2E2}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AA5F80B0-3B7E-4470-A35F-57CD4D40C17F}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CF0C465-91EE-4595-8C7C-07EE6AA6638E}] => C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{27E14EC2-9550-4E33-9A78-7E4350DD7C16}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SessionMgr.exe
FirewallRules: [{1A5A77EE-46A0-46A1-A611-0A13B04D12C9}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SimulationCenter.exe
FirewallRules: [{5CBA7A71-0283-4577-8461-C07F0BBE5918}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\ModelCenter.exe
FirewallRules: [{4290AD3D-664C-4129-AC2A-B47EDCEA36CA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B04860F9-5A41-482E-BCB4-A0BA339B6890}] => LPort=1900
FirewallRules: [{65AFF168-BF59-4CC0-ABB8-92D9B9E69BD1}] => LPort=2869
FirewallRules: [{B0950348-B26B-4CCF-9864-BDB552AC5154}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E577A04A-907B-476E-BFA8-A7DB296AEBE6}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6039DE07-8F47-4539-9C58-2D575D7A187C}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{679AEF19-2695-426B-B233-6B26E1F1484D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{F1982A83-B281-414A-8AAA-CCDA0F7B441F}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{8CB7EBDD-2550-4273-9862-4DE9E4EA769C}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{08D398BC-A114-4A76-BFB7-878F36DED37D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{B04ED7D0-B4D9-42D1-A5DC-FBDE9A561666}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{317CD395-EA98-4FEF-BC21-7CD31A70C57D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{8CE2EB46-B9D5-4383-8F63-296BCD3E4F41}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{804DE3CD-A3DC-451E-83A5-5823D5D3087E}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{E7D18337-7B21-4D31-9BA3-8A62AB75FC63}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{C580C769-22C9-4016-A839-2D245213EEF2}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{21BA8E18-D2C4-4549-8FDA-E2C7AC08280D}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4131E414-6D22-4521-AC13-2F37322410D3}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{FE82D18A-5A5B-4040-ABD7-750E347A1D1B}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{38AB335E-7D61-4A0F-9D7B-C112E638762F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4162FDB-8FFF-4B91-A0E1-E31341889FB2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE0D05FE-F726-4FF0-A9EF-8A8764E47665}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7780E7CA-490A-47B2-88F7-74A1E33D84F3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F03FF52A-ED2B-4E7B-BA96-B1B548F1A3AA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FAF9DD8-C708-4626-AFF7-0CBEB9BF45C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4234DC87-1E2A-4249-9FD2-D6C42059470E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C2040B5-E917-4849-8A1D-C326602426B1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F3507DEB-B4FE-4015-86BC-0741BE8223EF}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{0355AAB6-6CF0-4395-A863-E27795CA6F69}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFE911B6-7C90-4FD9-9B50-B16B6246BD86}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{356799BF-842E-4151-89D8-71D7B52F2CC1}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E46C3910-1606-4614-B95C-EAD1FB2BB44C}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF84336F-C710-4FFD-B138-B8A7B0BBC7E7}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{719DBA33-5B5B-4EF0-857B-762231D2C973}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7466C32D-6D89-4C46-BD80-82D6BFAB132C}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AA1725A-C230-4D65-9EA0-223DC84A86E5}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6AEC447-E968-446F-9738-739A5F1E7533}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3EF15CEB-7552-491E-96AB-ED82F4184443}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{B632DC00-9D50-49D5-9FD2-C4D592C585FE}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [UDP Query User{C5DB7824-9DFD-404A-B453-F2084797EC1D}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [{26B8A7EE-18A2-4414-A0B7-B43BEAD43F61}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D21F9F11-C21C-4AF7-B0F8-6044B1B8E1DE}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A093865A-364C-4AEA-BBAC-99A18D04CDFA}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{02ECCBE7-01AC-44E2-BCEE-09B4872AD01A}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{510E86F8-96DD-463C-B221-DD25556C049F}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C47A5D70-AB7B-429B-9E4F-29176C0607D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{092C9577-F0B8-43C7-A077-B7EEE24FF6A1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A73CF2E2-F448-45F9-8228-A56361487656}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A345293E-E02B-43CE-9A47-1ED56169A32A}] => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{ABAA7FFB-4E92-4729-A074-6B8C3B354376}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3A2CB042-0B07-48D0-9CAA-4283D1ED46F1}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACD6B98D-5A25-4525-AA4F-3123AD0D734A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7D355E3C-4FF6-4875-8F3B-C6AC22F9F27F}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DED493-E947-4ED7-AA2D-C584AB91FE45}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{801C87DE-678E-4858-B52A-51920ACE38E7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
27-12-2016 18:55:08 Removed Skype™ 7.30
07-01-2017 14:52:11 Scheduled Checkpoint
27-01-2017 12:13:02 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2017 04:34:56 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 04:34:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 04:33:15 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 04:33:13 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (01/27/2017 04:32:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (TEW_SQLEXPRESS) service terminated with the following service-specific error: 
Access is denied.
 
Error: (01/27/2017 04:32:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/27/2017 04:32:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FrameServer service terminated with the following error: 
General access denied error
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 8083.88 MB
Available physical RAM: 4792.17 MB
Total Virtual: 16275.88 MB
Available Virtual: 12970.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:191.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9057C8E4)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 

 

------------------------------------------------------------------------------------------------------------------------------------------------


  • 0

#9
RKinner
Posted 27 January 2017 - 09:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

That cleared up the deadwood but didn't seem to do anything about our errors.  Also for some reason all I see is the last part of the fixlog.  Can you open it again and do a Ctrl + a to make sure you select it all then copy it (Ctrl + c) and paste it (Ctrl + v)  into a reply?


  • 0

#10
KassD7
Posted 27 January 2017 - 10:26 AM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Ineed the last Logfile was as shown above for some reason, maybe the fix wasn't well applied, however I just re-ran it and the text file is shown below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (27-01-2017 18:21:11) Run:4
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
S2 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\FileSyncApi64.dll => No File
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s
CMD: dir /a \windows\system32\eapsvc.dll
CMD: dir /a \windows\system32\SimCfg.dll
CMD: dir /a \windows\system32\SimAuth.dll
CMD: dir /a \windows\system32\TtlsCfg.dll
CMD: dir /a \windows\system32\TtlsAuth.dll
CMD: dir /a \windows\system32\WcnEapPeerProxy.dll
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
 
 
 
 
 
  
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive1 => key not found. 
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive2 => key not found. 
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive3 => key not found. 
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive4 => key not found. 
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive5 => key not found. 
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive1 => key not found. 
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive2 => key not found. 
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive3 => key not found. 
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive4 => key not found. 
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OneDrive5 => key not found. 
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found. 
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
RsMgrSvc => service not found.
Processes closed successfully.
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} => key not found. 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost
    DisplayName    REG_SZ    @%systemroot%\system32\eapsvc.dll,-1
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k netsvcs
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    Description    REG_SZ    @%systemroot%\system32\eapsvc.dll,-2
    DependOnService    REG_MULTI_SZ    RPCSS\0KeyIso
    ObjectName    REG_SZ    localSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeTcbPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000C0D401000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Configuration
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311
    Name    REG_SZ    Microsoft
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\18
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\21
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\TtlsCfg.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x173cd8af
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\23
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1002
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122\1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x848000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\50
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1003
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086
    (Default)    REG_SZ    Intel
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\18
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerFriendlyName    REG_SZ    EAP-SIM
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\21
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-TTLS
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\23
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    PeerInvokePasswordDialog    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-AKA
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9
    (Default)    REG_EXPAND_SZ    Cisco
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\17
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117
    Properties    REG_DWORD    0x32c406e
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\25
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119
    Properties    REG_DWORD    0x173cd9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119
    Properties    REG_DWORD    0x173ef9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43\UserData
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters
    PeerInstalled    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\eapsvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters\EapProvPlugin
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\eapprovp.dll
    DllEntryPoint    REG_SZ    EapProvPlugGetInfo
 
 
 
========= End of Reg: =========
 
 
========= dir /a \windows\system32\eapsvc.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM           112,128 eapsvc.dll
               1 File(s)        112,128 bytes
               0 Dir(s)  205,184,253,952 bytes free
 
========= End of CMD: =========
 
 
========= dir /a \windows\system32\SimCfg.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM           102,912 SimCfg.dll
               1 File(s)        102,912 bytes
               0 Dir(s)  205,184,200,704 bytes free
 
========= End of CMD: =========
 
 
========= dir /a \windows\system32\SimAuth.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM           160,768 SimAuth.dll
               1 File(s)        160,768 bytes
               0 Dir(s)  205,184,143,360 bytes free
 
========= End of CMD: =========
 
 
========= dir /a \windows\system32\TtlsCfg.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM           224,256 TtlsCfg.dll
               1 File(s)        224,256 bytes
               0 Dir(s)  205,184,086,016 bytes free
 
========= End of CMD: =========
 
 
========= dir /a \windows\system32\TtlsAuth.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM           246,272 TtlsAuth.dll
               1 File(s)        246,272 bytes
               0 Dir(s)  205,184,032,768 bytes free
 
========= End of CMD: =========
 
 
========= dir /a \windows\system32\WcnEapPeerProxy.dll =========
 
 Volume in drive C has no label.
 Volume Serial Number is FA57-0F00
 
 Directory of C:\windows\system32
 
07/16/2016  01:42 PM            37,888 WcnEapPeerProxy.dll
               1 File(s)         37,888 bytes
               0 Dir(s)  205,183,975,424 bytes free
 
========= End of CMD: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:21:58 ====

  • 0

Advertisements

#11
RKinner
Posted 27 January 2017 - 12:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
These three errors:
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (01/27/2017 04:33:03 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 

 

 

 
Correspond to these three entries in the registry:
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\18
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerFriendlyName    REG_SZ    EAP-SIM
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\21
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-TTLS
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\23
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    PeerInvokePasswordDialog    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerRequireConfigUI    REG_DWORD    0x0

    PeerFriendlyName    REG_SZ    EAP-AKA

 

 

 

Which I think comes from one of these two installed programs:

 

Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

 

 

 
Intel says they are no longer supported on Win 8 & 10 since it's now a windows ability.
 
Intel has made the decision to discontinue marketing and development of Intel® WiDi and Intel® Pro WiDi applications and related receiver certification program effective immediately. Now that the Miracast* standard is natively supported in the Microsoft Windows* 8.1 and 10 operating system for wireless display capabilities with strong user experience, Intel is redirecting its resources and focus to future areas of growth.

 

 
 
The other three errors correspond to these entries in the same way.  
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\17
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117
    Properties    REG_DWORD    0x32c406e
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\25
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119
    Properties    REG_DWORD    0x173cd9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119
    Properties    REG_DWORD    0x173ef9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0

 

 
I do not have any of the above on my win 10.   Don't see anything from Cisco in your list of installed programs so maybe they are all added by the intel stuff.
 
Have you tried to use either of the two programs?
 
Intel® WiDi
Intel® Wireless Display
 
since upgrading to Win 10?
If you can live without them I would uninstall them and see if that gets rid of new errors of this type.  I'll give you a new fixlist to just look at the registry entries and not cause a reboot.
 
 
Tho I expect that they are triggered by a reboot.
 
You can look at the alarms with VEW:
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* Application
 
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply.  
 
 

 


  • 0

#12
KassD7
Posted 27 January 2017 - 01:15 PM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Okay, I have never used none of the 2 programs mentioned above; In my Programs and Features list I only have Intel WiDi and when I try to uninstall it I receive a message saying:

 

Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _E0A705FB_6503_474B_B5BE_9BC472330AC9, location: C:\Program Files (x86)\Common Files\Intel Corporation\WidiAgent\WiFiDnSServer.exe, command:\unregserver

 

I did not run the FSRT fix again since I couldn't delete the program, the VEW Output Log is shown below:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/01/2017 9:01:00 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/01/2017 6:58:27 PM
Type: Error Category: 0
Event: 11721 Source: MsiInstaller
Product: Intel® WiDi -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _E0A705FB_6503_474B_B5BE_9BC472330AC9, location: C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\WiFiDnSServer.exe, command: /unregserver
 
Log: 'Application' Date/Time: 27/01/2017 6:57:14 PM
Type: Error Category: 0
Event: 11721 Source: MsiInstaller
Product: Intel® WiDi -- Error 1721.There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _E0A705FB_6503_474B_B5BE_9BC472330AC9, location: C:\Program Files (x86)\Common Files\Intel Corporation\WiDiAgent\WiFiDnSServer.exe, command: /unregserver
 
Log: 'Application' Date/Time: 27/01/2017 6:47:26 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 6:47:24 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 6:37:30 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 6:37:27 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 4:24:36 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 4:24:35 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 4:22:59 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 4:22:58 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 27/01/2017 4:22:45 PM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/01/2017 6:47:18 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 27/01/2017 6:37:24 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 27/01/2017 4:24:34 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 27/01/2017 4:22:49 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D

  • 0

#13
KassD7
Posted 27 January 2017 - 01:27 PM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Please find attached a snapshot of my error message while trying to uninstall Intel WiDi and also a snapshot of my main File System Error. 

Attached Thumbnails

  • Error Message.JPG
  • Main Error.JPG

Edited by KassD7, 27 January 2017 - 01:32 PM.

  • 0

#14
KassD7
Posted 27 January 2017 - 03:36 PM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I ran the FRST with the last fixfiles you uploaded and here is the text file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (27-01-2017 23:31:52) Run:5
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost
    DisplayName    REG_SZ    @%systemroot%\system32\eapsvc.dll,-1
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k netsvcs
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    Description    REG_SZ    @%systemroot%\system32\eapsvc.dll,-2
    DependOnService    REG_MULTI_SZ    RPCSS\0KeyIso
    ObjectName    REG_SZ    localSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeTcbPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000C0D401000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Configuration
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311
    Name    REG_SZ    Microsoft
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\18
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\21
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\TtlsCfg.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x173cd8af
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\23
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1002
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122\1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x848000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\50
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1003
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086
    (Default)    REG_SZ    Intel
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\18
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerFriendlyName    REG_SZ    EAP-SIM
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\21
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-TTLS
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\23
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    PeerInvokePasswordDialog    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-AKA
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9
    (Default)    REG_EXPAND_SZ    Cisco
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\17
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117
    Properties    REG_DWORD    0x32c406e
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\25
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119
    Properties    REG_DWORD    0x173cd9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119
    Properties    REG_DWORD    0x173ef9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43\UserData
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters
    PeerInstalled    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\eapsvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters\EapProvPlugin
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\eapprovp.dll
    DllEntryPoint    REG_SZ    EapProvPlugGetInfo
 
 
 
========= End of Reg: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
==== End of Fixlog 23:32:42 ====

  • 0

#15
KassD7
Posted 27 January 2017 - 04:47 PM

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

UPDATE!

 

With the help of Advanced Uninstaller I managed to uninstall both Intel WiDi and Wireless Display, including all the leftovers (folders and files) related to them. However, the error is still there.

 

In addition, I also realized that when I open Turn Windows Features on or off in Programs and Features I get a blank screen not the list I should get.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, virus, error, windows10, Filesystemerror, registryconsole

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP