Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Registry Console Window pops up several times / File System Error -214

malware virus error windows10 Filesystemerror registryconsole

  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Some times it takes a long time for that screen to come up.

 

Did the uninstall remove the EAB registry entries?

 

We can use the same fixlist but you will have to download it again

 

 

Going out with the wife tonight.  back in about 4 hours


  • 0

Advertisements


#17
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Yes, I think it did. But the file system error is still there :S

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (28-01-2017 02:43:20) Run:6
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
 
 
========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost
    DisplayName    REG_SZ    @%systemroot%\system32\eapsvc.dll,-1
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    %SystemRoot%\System32\svchost.exe -k netsvcs
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x20
    Description    REG_SZ    @%systemroot%\system32\eapsvc.dll,-2
    DependOnService    REG_MULTI_SZ    RPCSS\0KeyIso
    ObjectName    REG_SZ    localSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeTcbPrivilege\0SeDebugPrivilege\0SeImpersonatePrivilege
    FailureActions    REG_BINARY    805101000000000000000000030000001400000001000000C0D4010001000000C0D401000000000000000000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Configuration
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311
    Name    REG_SZ    Microsoft
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\18
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\21
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\TtlsCfg.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x173cd8af
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\23
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1002
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\254\14122\1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x848000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\311\50
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1003
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086
    (Default)    REG_SZ    Intel
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\18
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerFriendlyName    REG_SZ    EAP-SIM
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\21
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-TTLS
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    Properties    REG_DWORD    0x280000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086\23
    PeerIdentityPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    (Default)    REG_SZ    
    PeerInvokePasswordDialog    REG_DWORD    0x0
    Properties    REG_DWORD    0x280000
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerConfigUIPath    REG_EXPAND_SZ    C:\Program Files\Intel\WiFi\bin\eapui.dll
    PeerRequireConfigUI    REG_DWORD    0x0
    PeerFriendlyName    REG_SZ    EAP-AKA
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9
    (Default)    REG_EXPAND_SZ    Cisco
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\17
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll,-117
    Properties    REG_DWORD    0x32c406e
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\25
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll,-119
    Properties    REG_DWORD    0x173cd9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43
    PeerDllPath    REG_EXPAND_SZ    C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
    PeerFriendlyName    REG_SZ    @C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll,-30119
    Properties    REG_DWORD    0x173ef9ff
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerInvokePasswordDialog    REG_DWORD    0x0
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9\43\UserData
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters
    PeerInstalled    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\eapsvc.dll
    ServiceDllUnloadOnStop    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Parameters\EapProvPlugin
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\eapprovp.dll
    DllEntryPoint    REG_SZ    EapProvPlugGetInfo
 
 
 
========= End of Reg: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
==== End of Fixlog 02:44:43 ====
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Kassem (administrator) on KASSEM-PC (28-01-2017 02:45:25)
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2012-06-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2015-08-08]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562"
CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-28]
CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed]
S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX™)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-28] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-28] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-28] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 02:45 - 2017-01-28 02:45 - 00030273 _____ C:\Users\Kassem\Desktop\FRST.txt
2017-01-28 02:43 - 2017-01-28 02:44 - 00009512 _____ C:\Users\Kassem\Desktop\Fixlog.txt
2017-01-28 00:56 - 2017-01-28 01:09 - 00000000 ____D C:\Users\Kassem\AppData\Local\Deployment
2017-01-28 00:39 - 2017-01-28 00:39 - 00001245 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003955.txt
2017-01-28 00:39 - 2017-01-28 00:39 - 00000671 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003951.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.003633.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 00001245 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003633.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 00000671 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003629.txt
2017-01-28 00:28 - 2017-01-28 00:28 - 00000000 ____D C:\Users\Kassem\AppData\Local\Innovative Solutions
2017-01-28 00:28 - 2017-01-28 00:28 - 00000000 ____D C:\ProgramData\Innovative Solutions
2017-01-28 00:23 - 2017-01-28 00:23 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.002349.txt
2017-01-28 00:23 - 2017-01-28 00:23 - 00001245 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.002348.txt
2017-01-28 00:23 - 2017-01-28 00:23 - 00000661 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.002344.txt
2017-01-28 00:20 - 2017-01-28 00:20 - 00000000 ____D C:\OSTotoFolder
2017-01-28 00:14 - 2017-01-28 00:14 - 00002514 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.001427.txt
2017-01-28 00:14 - 2017-01-28 00:14 - 00001227 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.001426.txt
2017-01-28 00:14 - 2017-01-28 00:14 - 00000671 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170128.001423.txt
2017-01-28 00:10 - 2017-01-28 00:10 - 00003274 _____ C:\WINDOWS\System32\Tasks\{5488ACEC-E972-49C6-BDF3-127218A394C0}
2017-01-28 00:02 - 2017-01-28 00:02 - 00000000 ____D C:\Users\Public\Thunder Network
2017-01-28 00:02 - 2017-01-28 00:02 - 00000000 ____D C:\ProgramData\Thunder Network
2017-01-28 00:01 - 2017-01-28 00:31 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-01-28 00:01 - 2017-01-28 00:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DriverTalent
2017-01-28 00:01 - 2017-01-28 00:20 - 00000000 ____D C:\ProgramData\DriverTalent
2017-01-27 23:42 - 2017-01-27 23:42 - 00002465 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.234256.txt
2017-01-27 23:42 - 2017-01-27 23:42 - 00001227 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.234256.txt
2017-01-27 23:42 - 2017-01-27 23:42 - 00000671 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.234252.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.233735.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.233735.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.233732.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.232321.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 00001245 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232321.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 00000671 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232318.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.232116.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 00001245 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232116.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 00000661 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232113.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 00002489 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230628.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230627.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230625.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230213.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230213.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230210.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230018.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230017.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230014.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 00002464 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.222308.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 00001229 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.222308.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.222305.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 00002515 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.212058.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.212058.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.212055.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 00002515 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.211629.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 00001229 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.211629.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.211626.txt
2017-01-27 21:01 - 2017-01-27 23:34 - 00000465 _____ C:\VEW.txt
2017-01-27 20:59 - 2017-01-27 20:59 - 00061440 _____ ( ) C:\Users\Kassem\Desktop\VEW.exe
2017-01-27 20:58 - 2017-01-27 20:58 - 00002490 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.205800.txt
2017-01-27 20:58 - 2017-01-27 20:58 - 00001247 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205800.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 00002397 _____ C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.205707.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 00001229 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205706.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 00000673 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205703.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 00000663 _____ C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205756.txt
2017-01-27 16:29 - 2017-01-27 16:29 - 00000350 _____ C:\Users\Kassem\Downloads\wmf.zip
2017-01-27 16:29 - 2017-01-27 16:29 - 00000000 ____D C:\Users\Kassem\Downloads\wmf
2017-01-27 15:35 - 2017-01-27 15:35 - 00000000 ____D C:\Users\Kassem\Downloads\SvcRestartTask
2017-01-27 15:33 - 2017-01-27 15:33 - 00001371 _____ C:\Users\Kassem\Downloads\SvcRestartTask.zip
2017-01-27 14:43 - 2017-01-27 14:43 - 00100316 _____ C:\Users\Kassem\Desktop\Amazon Order 3.pdf
2017-01-27 14:42 - 2017-01-27 14:42 - 00100240 _____ C:\Users\Kassem\Desktop\Amazon Order 2.pdf
2017-01-26 16:42 - 2017-01-26 16:45 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\dvdcss
2017-01-26 01:56 - 2017-01-28 01:06 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-26 01:56 - 2017-01-28 01:06 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-26 01:56 - 2017-01-26 01:56 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-26 01:55 - 2017-01-28 01:06 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 01:55 - 2017-01-28 01:06 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-26 01:55 - 2017-01-26 01:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 01:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-26 01:49 - 2017-01-26 01:54 - 55566792 _____ (Malwarebytes ) C:\Users\Kassem\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 00:56 - 2017-01-28 02:45 - 00000000 ____D C:\FRST
2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe
2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4
2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf
2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4
2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino
2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe
2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso
2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent
2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf
2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf
2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf
2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf
2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files
2017-01-01 21:33 - 2017-01-27 12:18 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe
2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake
2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe
2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech
2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-28 02:42 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype
2017-01-28 02:41 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-28 01:10 - 2015-08-19 21:55 - 02631676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-28 01:08 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem
2017-01-28 01:08 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox
2017-01-28 01:06 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-28 01:06 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-28 00:37 - 2015-08-08 00:10 - 00000000 ____D C:\Program Files (x86)\Intel Corporation
2017-01-28 00:18 - 2015-11-04 23:19 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-01-28 00:16 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-28 00:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-01-27 12:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-27 12:16 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-27 12:14 - 2016-07-15 15:05 - 00000000 ___RD C:\Users\Kassem\OneDrive - American University of Beirut
2017-01-27 12:14 - 2015-08-19 22:52 - 00002366 _____ C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 21:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 20:11 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc
2017-01-26 02:56 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 02:55 - 2016-05-20 23:53 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Google Talk
2017-01-26 02:55 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-26 02:55 - 2013-12-19 19:41 - 00000000 ____D C:\Users\Kass\AppData\Local\VNT
2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages
2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics
2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6}
2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent
2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino
2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15
2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB
2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google
2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent
2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite
 
==================== Files in the root of some directories =======
 
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM
2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 0002397 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.205707.txt
2017-01-27 20:58 - 2017-01-27 20:58 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.205800.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 0002515 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.211629.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 0002515 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.212058.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 0002464 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.222308.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230018.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230213.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 0002489 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.230628.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.232116.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.232321.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.233735.txt
2017-01-27 23:42 - 2017-01-27 23:42 - 0002465 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170127.234256.txt
2017-01-28 00:14 - 2017-01-28 00:14 - 0002514 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.001427.txt
2017-01-28 00:23 - 2017-01-28 00:23 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.002349.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 0002490 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20170128.003633.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205703.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 0001229 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205706.txt
2017-01-27 20:57 - 2017-01-27 20:57 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205756.txt
2017-01-27 20:58 - 2017-01-27 20:58 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.205800.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.211626.txt
2017-01-27 21:16 - 2017-01-27 21:16 - 0001229 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.211629.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.212055.txt
2017-01-27 21:20 - 2017-01-27 21:20 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.212058.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.222305.txt
2017-01-27 22:23 - 2017-01-27 22:23 - 0001229 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.222308.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230014.txt
2017-01-27 23:00 - 2017-01-27 23:00 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230017.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230210.txt
2017-01-27 23:02 - 2017-01-27 23:02 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230213.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230625.txt
2017-01-27 23:06 - 2017-01-27 23:06 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.230627.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 0000661 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232113.txt
2017-01-27 23:21 - 2017-01-27 23:21 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232116.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 0000671 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232318.txt
2017-01-27 23:23 - 2017-01-27 23:23 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.232321.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 0000673 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.233732.txt
2017-01-27 23:37 - 2017-01-27 23:37 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.233735.txt
2017-01-27 23:42 - 2017-01-27 23:42 - 0000671 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.234252.txt
2017-01-27 23:42 - 2017-01-27 23:42 - 0001227 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170127.234256.txt
2017-01-28 00:14 - 2017-01-28 00:14 - 0000671 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.001423.txt
2017-01-28 00:14 - 2017-01-28 00:14 - 0001227 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.001426.txt
2017-01-28 00:23 - 2017-01-28 00:23 - 0000661 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.002344.txt
2017-01-28 00:23 - 2017-01-28 00:23 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.002348.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 0000671 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003629.txt
2017-01-28 00:36 - 2017-01-28 00:36 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003633.txt
2017-01-28 00:39 - 2017-01-28 00:39 - 0000671 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003951.txt
2017-01-28 00:39 - 2017-01-28 00:39 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20170128.003955.txt
2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND
2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg
2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt
2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml
 
Some files in TEMP:
====================
2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation                                   ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe
2017-01-28 00:09 - 2017-01-20 08:34 - 0172200 _____ () C:\Users\Kassem\AppData\Local\Temp\substat.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-26 16:54
 
==================== End of FRST.txt ============================
 
---------------------------------------------------------------------------------------------------------------------------------------------------
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (28-01-2017 02:46:35)
Running from C:\Users\Kassem\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 15:45:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-198589097-2935813840-3369481996-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-198589097-2935813840-3369481996-503 - Limited - Disabled)
Guest (S-1-5-21-198589097-2935813840-3369481996-501 - Limited - Disabled)
Kassem (S-1-5-21-198589097-2935813840-3369481996-1000 - Administrator - Enabled) => C:\Users\Kassem
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CMU 1394 Digital Camera Driver (HKLM-x32\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ExpressPCB (HKLM-x32\...\{277CA10D-4B11-4848-A5E6-F1CEA050BF90}) (Version: 7.3.4 - ExpressPCB, LLC)
FluidDraw P5 Demo (HKLM-x32\...\{47016B92-473D-4100-8B5F-A14FD5BE88DA}) (Version: 5.3.385.0 - Festo AG & Co. KG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
VI Package Manager 2014 (HKLM-x32\...\{E78DE7EA-62EB-4D92-A62F-F92CC16EADB0}) (Version: 14.2.1976 - JKI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5448469) (HKLM\...\A-WIN-Extras 10.3.1 5448469_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.1 5448563) (HKLM\...\M-WIN-L 10.3.1 5448563_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram SystemModeler 4.0.1 (HKLM-x32\...\{6fb6a5cb-f810-4953-bf31-b9aaba97e64f}_is1) (Version: 4.0.1 - Wolfram Research, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B4A60F2-19C8-4EDD-8D63-523CA1A61B1E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {0FBFA02F-40B5-4C0A-9B93-B2FBF1890D88} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EA962F3-23DD-4295-A5A6-EA0CD9E0963C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EB15669-A19E-4401-A68E-E6BE037BD666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBEFACB-3E8A-47D0-8D3A-507CD8E82925} - System32\Tasks\{3192BC34-7C3E-4D50-872E-1EBE5AB9F771} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {37E92736-5B9D-4FF4-9DED-DA603D409F4E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AE14C8-AE2D-4DD4-9BD4-70A9BD715615} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3AF0AE5F-8187-4CB1-8ADF-C41268626ECD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {49CEA312-C566-40E0-916F-6948BC8BD10A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2015-03-24] (JKI)
Task: {4AB18B9E-4D85-47A1-A2EB-2EE5CB302835} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7E67FB-6C9E-47A1-9642-650DBCA5934F} - System32\Tasks\{22E23AC4-6BBE-40D2-98C4-C1942E7F364E} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\APP_IO_WXP_VSTA_W7_A02_Setup-7W7T4_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {4C7D7A1C-38BE-40CB-ADEE-C6C125A6DB80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5628C60A-1BDF-4C16-996B-7E7F3F59166C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {56AB9251-B3EC-4C1D-B795-38C9A5A0B34D} - System32\Tasks\{5488ACEC-E972-49C6-BDF3-127218A394C0} => pcalua.exe -a "C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninstall.exe"
Task: {5A42204C-449A-46B3-99ED-D70DAADE2404} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {5A73D528-C3F2-4F18-B7BE-7D7EA20CA41B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {60EB7A4F-59F4-4511-B659-B2BBD035AE0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-17] (Microsoft Corporation)
Task: {634D81D4-6392-44B2-8813-F1C7A1475593} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {701700C3-64F0-4C55-A8F9-0D905EC56AF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {78731B9D-4EFA-450B-9293-0FBD0F58F417} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {7D25C6F3-E10E-4FDD-B5C3-698C9FEA91BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A3C1B8B-EAC7-4FE6-BE81-54849CD866E4} - System32\Tasks\Uninstaller_SkipUac_Kassem => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {95243289-6FE9-467A-9200-BA17965BED22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {9B747309-E0BD-4B88-8709-612635A28725} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9F4F16DD-E2F1-49AC-A0DB-540CAA7460B9} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {A6A80D1B-C801-4FB2-ACB9-915EF254C487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A8E0BBFE-199E-4B20-9925-A24D6121C7E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFDB3F5E-47CF-49AF-B810-EF1968B650CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29EFFC4-2FEF-42AF-9E07-131265D46E61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {C063D582-9B08-4045-AB68-DD4DF99962AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C331AEA7-992A-4504-941C-657E5876FC4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3B6B960-7726-467F-8979-EB3ED1741083} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3D78503-BBB6-4433-AFF1-10693E11DC5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4F2B3CB-8910-42CA-9F4E-27EB420A17D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {C9D5D34E-CE63-4A34-8748-D3E67F818068} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {CB15E7F1-BCCF-4594-AA8E-13175AE75D5A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBCAB27D-18E5-4FFD-A17B-A251CCB6C2E9} - System32\Tasks\{A49D78C7-89EF-4065-BA38-B7C2F239E663} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {CEFBB51A-5D00-4533-B08C-8184D8F7E139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF499570-78BE-47A3-BF42-AF058BBCA96D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D3AD1CF0-D0B0-4E47-9E24-D19D407A23BA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8F5122-F577-4CE2-8BCE-21DF593C76C5} - System32\Tasks\{15565041-D8C6-4DE0-A853-F74ADBF150C6} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\R311884.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {EBFB50D7-C13F-4D36-91EB-E46DAAD7AC5A} - System32\Tasks\{545F917C-120D-49C6-BD5A-DFD56746C6D5} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\Video_Nvidia_W74_A09_Setup_RRN66_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {F7480211-4F5D-476C-8F17-BC0788618A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC7D9652-FAF1-43A4-AD1F-0617FD1B1DA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCE585F-D376-4299-96B3-1CEF1BBB02AD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:31 - 2015-09-14 00:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-28 09:05 - 2012-09-29 12:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-08-28 09:06 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 22:08 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 13:48 - 2016-11-11 11:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:20 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:20 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:20 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:20 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 00:40 - 2015-08-21 00:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-16 20:44 - 2016-12-17 09:47 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-16 20:44 - 2016-12-17 09:47 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-24 09:36 - 2016-11-24 09:37 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-24 09:36 - 2016-11-24 09:37 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 12:50 - 2016-06-03 12:53 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-24 09:36 - 2016-11-24 09:37 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-24 09:36 - 2016-11-24 09:37 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-12-13 15:16 - 2016-12-13 15:16 - 03810816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-13 15:05 - 2016-12-13 15:06 - 04876288 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\Time.exe
2016-12-13 15:05 - 2016-12-13 15:06 - 01093120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1612.3343.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2015-09-06 18:15 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-01-23 21:44 - 2017-01-18 20:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-12-22 18:07 - 2016-12-21 10:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 21:44 - 2016-12-21 10:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-22 18:07 - 2016-12-21 10:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 21:44 - 2016-12-21 10:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 21:44 - 2016-12-21 10:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-23 21:44 - 2016-12-04 08:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 21:44 - 2016-12-21 10:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 21:44 - 2016-12-21 10:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-10-26 07:57 - 2011-10-26 07:57 - 00102912 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: Icad.load.scr =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\sharepoint.com -> hxxps://mailaub.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2017-01-04 01:51 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting (64-bit).lnk"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "gpuminer"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "NIRegistrationWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{380B4C1F-F1DD-4810-8C9C-9CC25C4CCF1D}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [TCP Query User{D702A0E8-2880-4146-8C24-C07FCF42FA3F}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [{D37845D4-8F89-4B44-B4B9-DCDDA0052A7D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59CC8569-C174-415A-9832-83631C207960}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7B6AAA16-FAB0-42C9-8D85-083702411848}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{53855477-072D-4B0B-B7B9-2C2D3594C223}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07AF11F7-CDE2-415A-9D26-56C65D81E2E2}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AA5F80B0-3B7E-4470-A35F-57CD4D40C17F}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CF0C465-91EE-4595-8C7C-07EE6AA6638E}] => C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{27E14EC2-9550-4E33-9A78-7E4350DD7C16}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SessionMgr.exe
FirewallRules: [{1A5A77EE-46A0-46A1-A611-0A13B04D12C9}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SimulationCenter.exe
FirewallRules: [{5CBA7A71-0283-4577-8461-C07F0BBE5918}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\ModelCenter.exe
FirewallRules: [{4290AD3D-664C-4129-AC2A-B47EDCEA36CA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B04860F9-5A41-482E-BCB4-A0BA339B6890}] => LPort=1900
FirewallRules: [{65AFF168-BF59-4CC0-ABB8-92D9B9E69BD1}] => LPort=2869
FirewallRules: [{B0950348-B26B-4CCF-9864-BDB552AC5154}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E577A04A-907B-476E-BFA8-A7DB296AEBE6}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6039DE07-8F47-4539-9C58-2D575D7A187C}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{679AEF19-2695-426B-B233-6B26E1F1484D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{F1982A83-B281-414A-8AAA-CCDA0F7B441F}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{8CB7EBDD-2550-4273-9862-4DE9E4EA769C}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{08D398BC-A114-4A76-BFB7-878F36DED37D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{B04ED7D0-B4D9-42D1-A5DC-FBDE9A561666}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{317CD395-EA98-4FEF-BC21-7CD31A70C57D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{8CE2EB46-B9D5-4383-8F63-296BCD3E4F41}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{804DE3CD-A3DC-451E-83A5-5823D5D3087E}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{E7D18337-7B21-4D31-9BA3-8A62AB75FC63}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{C580C769-22C9-4016-A839-2D245213EEF2}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{21BA8E18-D2C4-4549-8FDA-E2C7AC08280D}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4131E414-6D22-4521-AC13-2F37322410D3}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{FE82D18A-5A5B-4040-ABD7-750E347A1D1B}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{38AB335E-7D61-4A0F-9D7B-C112E638762F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4162FDB-8FFF-4B91-A0E1-E31341889FB2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE0D05FE-F726-4FF0-A9EF-8A8764E47665}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7780E7CA-490A-47B2-88F7-74A1E33D84F3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F03FF52A-ED2B-4E7B-BA96-B1B548F1A3AA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FAF9DD8-C708-4626-AFF7-0CBEB9BF45C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4234DC87-1E2A-4249-9FD2-D6C42059470E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C2040B5-E917-4849-8A1D-C326602426B1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F3507DEB-B4FE-4015-86BC-0741BE8223EF}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{0355AAB6-6CF0-4395-A863-E27795CA6F69}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFE911B6-7C90-4FD9-9B50-B16B6246BD86}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{356799BF-842E-4151-89D8-71D7B52F2CC1}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E46C3910-1606-4614-B95C-EAD1FB2BB44C}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF84336F-C710-4FFD-B138-B8A7B0BBC7E7}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{719DBA33-5B5B-4EF0-857B-762231D2C973}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7466C32D-6D89-4C46-BD80-82D6BFAB132C}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AA1725A-C230-4D65-9EA0-223DC84A86E5}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6AEC447-E968-446F-9738-739A5F1E7533}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3EF15CEB-7552-491E-96AB-ED82F4184443}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{B632DC00-9D50-49D5-9FD2-C4D592C585FE}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [UDP Query User{C5DB7824-9DFD-404A-B453-F2084797EC1D}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [{26B8A7EE-18A2-4414-A0B7-B43BEAD43F61}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D21F9F11-C21C-4AF7-B0F8-6044B1B8E1DE}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A093865A-364C-4AEA-BBAC-99A18D04CDFA}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{02ECCBE7-01AC-44E2-BCEE-09B4872AD01A}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{510E86F8-96DD-463C-B221-DD25556C049F}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C47A5D70-AB7B-429B-9E4F-29176C0607D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{092C9577-F0B8-43C7-A077-B7EEE24FF6A1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A73CF2E2-F448-45F9-8228-A56361487656}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A345293E-E02B-43CE-9A47-1ED56169A32A}] => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{ABAA7FFB-4E92-4729-A074-6B8C3B354376}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3A2CB042-0B07-48D0-9CAA-4283D1ED46F1}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACD6B98D-5A25-4525-AA4F-3123AD0D734A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7D355E3C-4FF6-4875-8F3B-C6AC22F9F27F}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DED493-E947-4ED7-AA2D-C584AB91FE45}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{801C87DE-678E-4858-B52A-51920ACE38E7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{86B58967-F6E3-4C3A-91CC-4C61D3132300}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{7164C284-98B1-4026-A5D8-CCD84FC48456}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{71A87DB0-973A-4C63-BBC7-79456C257EEA}] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{E058ED7D-4807-426C-92EE-3D1A869CDDFE}] => C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
 
==================== Restore Points =========================
 
27-12-2016 18:55:08 Removed Skype™ 7.30
07-01-2017 14:52:11 Scheduled Checkpoint
27-01-2017 12:13:02 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8083.88 MB
Available physical RAM: 4096.89 MB
Total Virtual: 16275.88 MB
Available Virtual: 11783.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.32 GB) (Free:190.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9057C8E4)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
Enjoy your quality time!

Edited by KassD7, 27 January 2017 - 06:49 PM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

The uninstall left the EAB entries so let's see if we can remove them with a fix list.  This one will cause a reboot.

 


  • 0

#19
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Kassem (28-01-2017 15:53:52) Run:7
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
REG: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086" /f
REG: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9" /f
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
 
Processes closed successfully.
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\8086" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\Methods\9" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
 
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:54:34 ====

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Can you run VEW again?


  • 0

#21
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/01/2017 5:43:13 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2017 2:57:45 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 2:57:43 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 2:57:33 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Log: 'Application' Date/Time: 28/01/2017 1:57:10 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 1:57:09 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 1:55:32 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 1:55:30 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 1:55:07 PM
Type: Error Category: 2
Event: 17120 Source: MSSQL$TEW_SQLEXPRESS
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
 
Log: 'Application' Date/Time: 28/01/2017 1:55:07 PM
Type: Error Category: 2
Event: 17826 Source: MSSQL$TEW_SQLEXPRESS
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
 
Log: 'Application' Date/Time: 28/01/2017 1:55:07 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 1:55:07 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x51. Reason: Unable to configure MDAC-compatibility Named Pipes protocol pipe name in registry. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 1:55:07 PM
Type: Error Category: 2
Event: 17053 Source: MSSQL$TEW_SQLEXPRESS
UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.
 
Log: 'Application' Date/Time: 28/01/2017 1:55:04 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified. 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2017 2:57:41 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 1:57:07 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 1:55:22 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  We are making progress on getting rid of errors even if we haven't made your favorite popup go away yet.

 

The  Microsoft-Windows-Security-SPP task that we tried to import earlier is not working.  Can you go back to Task Scheduler

 

You will probably get a popup or two about things not working.  Please record the exact text of each popup.  Then navigate down to 

 

Microsoft/Windows/SoftwareProtectionPlatform.

 

There should be no subfolders of SoftwareProtectionPlatform - let me know if you see any.

 

Right click and Export each task you see in the right pane (there should normally be three) to your desktop.  Then attach all three.   


  • 0

#23
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I don't remember importing such file, we only imported the SvcRestartTask, maybe you meant this.

 

I opened the Task Scheduler and nothing popped up, I entered the active tasks, attached as Active Tasks.

 

There are no sub-folders in SoftwareProtectionPlatform.

 

Please find attached the three exported files.

Attached Thumbnails

  • Active Tasks.JPG

Attached Files


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Of the three tasks under SoftwareProtectionPlatform, On mine only SvcRestartTask is Ready.  The other two are disabled.  Is that what you have?

 

Right click on the SvcRestartTask and click Run.  Does it change to Running or do you get an error?


  • 0

#25
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

In my laptop the three of them are ready. When I ran SvcServiceTask it did change it to running.


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

right click on the second and third one and Disable them.

 

I suspect these are associated with Office since I do not have it on my PC and you do.  Do you use it?

 

Reboot.

 

Do you still get the popups?

 

Can you run VEW again?


  • 0

#27
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I disabled the second and third but after the reboot I checked and they were once again "Ready".

 

I attached a screenshot of the task scheduler since I don't think these are related to Microsoft Office; and yes I use it a lot.

 

The popup still shows whenever I access folders such as Programs and Features or User Accounts from Cortana search bar.

 

VEW Output Log

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/01/2017 8:28:13 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2017 6:22:28 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:22:27 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:21:52 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:21:51 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:19:49 PM
Type: Error Category: 2
Event: 17120 Source: MSSQL$TEW_SQLEXPRESS
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
 
Log: 'Application' Date/Time: 28/01/2017 6:19:49 PM
Type: Error Category: 2
Event: 17826 Source: MSSQL$TEW_SQLEXPRESS
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
 
Log: 'Application' Date/Time: 28/01/2017 6:19:49 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 6:19:49 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x51. Reason: Unable to configure MDAC-compatibility Named Pipes protocol pipe name in registry. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 6:19:49 PM
Type: Error Category: 2
Event: 17053 Source: MSSQL$TEW_SQLEXPRESS
UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.
 
Log: 'Application' Date/Time: 28/01/2017 6:19:46 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified. 
 
Log: 'Application' Date/Time: 28/01/2017 6:19:19 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Log: 'Application' Date/Time: 28/01/2017 6:14:06 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:14:03 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
Log: 'Application' Date/Time: 28/01/2017 6:11:58 PM
Type: Error Category: 2
Event: 17120 Source: MSSQL$TEW_SQLEXPRESS
SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
 
Log: 'Application' Date/Time: 28/01/2017 6:11:58 PM
Type: Error Category: 2
Event: 17826 Source: MSSQL$TEW_SQLEXPRESS
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
 
Log: 'Application' Date/Time: 28/01/2017 6:11:58 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 6:11:58 PM
Type: Error Category: 2
Event: 17182 Source: MSSQL$TEW_SQLEXPRESS
TDSSNIClient initialization failed with error 0x5, status code 0x51. Reason: Unable to configure MDAC-compatibility Named Pipes protocol pipe name in registry. Access is denied. 
 
Log: 'Application' Date/Time: 28/01/2017 6:11:58 PM
Type: Error Category: 2
Event: 17053 Source: MSSQL$TEW_SQLEXPRESS
UpdateUptimeRegKey: Operating system error 5(Access is denied.) encountered.
 
Log: 'Application' Date/Time: 28/01/2017 6:11:55 PM
Type: Error Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: (-2147024894) The system cannot find the file specified. 
 
Log: 'Application' Date/Time: 28/01/2017 5:54:31 PM
Type: Error Category: 0
Event: 8229 Source: Microsoft-Windows-Security-SPP
The rules engine failed to perform one or more scheduled actions. Error Code:0x80070005 Path:SERIALIZE_INTERNAL Arguments:<none>
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/01/2017 6:22:25 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 6:21:50 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 6:14:00 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 5:54:29 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 4:42:22 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 2:57:41 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 1:57:07 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 
Log: 'Application' Date/Time: 28/01/2017 1:55:22 PM
Type: Warning Category: 0
Event: 8225 Source: Microsoft-Windows-Security-SPP
The existing scheduler data does not match the expected data.  The schedule will be re-evaluated. Reason:0x8007000D
 

Attached Thumbnails

  • Main Error.JPG
  • Task Scheduler.JPG

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looking at the error reported by your popup

 

2144926975

 

This is sometimes caused by a problem in the file system so it would probably be a good idea to run check disk:

 

Open an elevated command prompt per: 

 
 then type:
 
chkdsk  /f

and hit Enter.  It will tell you it can't do it now and ask if you would like to schedule it for the next reboot.  Say:

 

Y

 

Then reboot.  The disk check should start to run and may take a few hours to complete.


  • 0

#29
KassD7

KassD7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I did this before entering the forum and everything was fine.

 

I just did it again and it took about 3 minutes to reach 100%, nothing wrong appeared.


Edited by KassD7, 28 January 2017 - 12:55 PM.

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Next thing to try is to create a new user with admin rights and a password.  Then restart and log in as the new user.  Do you get the same error?


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, error, windows10, Filesystemerror, registryconsole

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP