Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01 Ran by Kassem (administrator) on KASSEM-PC (26-01-2017 00:57:07) Running from C:\Users\Kassem\Desktop Loaded Profiles: Kassem (Available Profiles: Kassem) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (HP) C:\Windows\System32\HPSIsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Open Source) C:\Users\Kassem\AppData\Roaming\cpuminer\sgminer\sgm.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16102.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [gpuminer] => C:\Users\Kassem\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126656 2015-10-13] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [googletalk] => C:\Users\Kassem\AppData\Roaming\Google Talk\googletalk.exe [536576 2016-05-20] (Microsoft Corporation) HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.) HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.) HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation) AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.) Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-13] ShortcutTarget: Dropbox.lnk -> C:\Users\Kassem\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2012-06-21] ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-08-08] ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) GroupPolicy: Restriction <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 193.188.129.75 193.188.129.5 Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 193.188.129.75 193.188.129.5 Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWp_XuigLxtTd1UCvfz-2TkNAutxv2BzP4d7NMjaV7BRfQxL2byqtM35eAcRJg683Qfd-TxPPzJzVlm5_KxPQSqLiJ9mcXhWAsIy9aJV6_cUafiIMD0c7Z6z_m4ASd9GW5Eomhn2CrWqdim4LPlqvnETWzWA,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWp_XuigLxtTd1UCvfz-2TkNAutxv2BzP4d7NMjaV7BRfQxL2byqtM35eAcRJg683Qfd-TxPPzJzVlm5_KxPQSqLiJ9mcXhWAsIy9aJV6_cUafiIMD0c7Z6z_m4ASd9GW5Eomhn2CrWqdim4LPlqvnETWzWA,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-198589097-2935813840-3369481996-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWp_XuigLxtTd1UCvfz-2TkNAutxv2BzP4d7NMjaV7BRfQxL2byqtM35eAcRJg683Qfd-TxPPzJzVlm5_KxPQSqLiJ9mcXhWAsIy9aJV6_cUafiIMD0c7Z6z_m4ASd9GW5Eomhn2CrWqdim4LPlqvnETWzWA,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-198589097-2935813840-3369481996-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWp_XuigLxtTd1UCvfz-2TkNAutxv2BzP4d7NMjaV7BRfQxL2byqtM35eAcRJg683Qfd-TxPPzJzVlm5_KxPQSqLiJ9mcXhWAsIy9aJV6_cUafiIMD0c7Z6z_m4ASd9GW5Eomhn2CrWqdim4LPlqvnETWzWA,,&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-08-07] (Sun Microsystems, Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] () FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-07] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.) FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.) FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-198589097-2935813840-3369481996-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562" CHR DefaultSearchURL: Default -> hxxp://feed.wiki-search.me/?st=ds&query={searchTerms} CHR DefaultSearchKeyword: Default -> Wiki Search.me CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-26] CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04] CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04] CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04] CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04] CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04] CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16] CHR Extension: (Wiki Search.me) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2017-01-04] CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04] CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04] CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09] CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04] CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04] CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.) R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit) S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [220952 2016-08-17] (Beijing Rising Information Technology Co., Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed] S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation) S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.) S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com) S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed] S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed] S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed] S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX(tm)) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-26 00:57 - 2017-01-26 00:57 - 00036405 _____ C:\Users\Kassem\Desktop\FRST.txt 2017-01-26 00:56 - 2017-01-26 00:57 - 00000000 ____D C:\FRST 2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe 2017-01-26 00:30 - 2017-01-26 00:30 - 17715987 _____ C:\Users\Kassem\Desktop\ros_by_example_volume_2___indigo.pdf 2017-01-26 00:28 - 2017-01-26 00:28 - 11004884 _____ C:\Users\Kassem\Desktop\ros_by_example_indigo___volume_1.pdf 2017-01-25 22:05 - 2017-01-26 00:11 - 01516566 _____ C:\Users\Kassem\Desktop\Façade Cleaning Robot – Technical Overview.pptx 2017-01-25 20:59 - 2016-04-18 11:53 - 01043016 _____ C:\Users\Kassem\Desktop\Gravity A Smart Façade Cleaning Robot.pdf 2017-01-25 20:55 - 2017-01-25 20:58 - 01440499 _____ C:\Users\Kassem\Desktop\Document for Meeting.pptx 2017-01-25 20:19 - 2016-05-29 23:49 - 07718022 _____ C:\Users\Kassem\Desktop\Video_1.mp4 2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4 2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf 2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4 2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4 2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino 2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4 2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe 2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso 2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent 2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf 2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf 2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf 2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf 2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files 2017-01-01 21:33 - 2017-01-14 01:45 - 00000400 __RSH C:\ProgramData\ntuser.pol 2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe 2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter 2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake 2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake 2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake 2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe 2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe 2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech 2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe 2016-12-28 19:28 - 2016-12-28 19:28 - 00715009 _____ C:\Users\Kassem\Downloads\15399632_1335495143141991_2885647561060777984_n.mp4 2016-12-28 16:36 - 2016-12-28 17:31 - 1513308160 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso 2016-12-28 15:30 - 2016-12-28 15:30 - 00058080 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso.torrent 2016-12-28 15:26 - 2016-12-28 16:22 - 1531445248 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso 2016-12-28 15:26 - 2016-12-28 15:26 - 00058759 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso.torrent 2016-12-27 18:56 - 2016-12-27 18:56 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk 2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-12-27 18:51 - 2016-12-27 18:53 - 00000000 ____D C:\WINDOWS\SoftwareDistribution 2016-12-27 18:10 - 2016-12-27 18:10 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-26 00:24 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype 2017-01-26 00:09 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-25 21:54 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc 2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages 2017-01-25 20:04 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox 2017-01-23 21:44 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-01-23 13:54 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem 2017-01-21 16:11 - 2015-08-19 21:55 - 02377578 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-21 16:05 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-21 16:05 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA 2017-01-21 04:43 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI 2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype 2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents 2017-01-19 00:05 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData 2017-01-16 17:12 - 2015-08-07 18:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics 2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6} 2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent 2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino 2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15 2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB 2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google 2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent 2017-01-01 21:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2016-12-30 14:31 - 2016-09-24 17:32 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms 2016-12-30 14:31 - 2016-09-24 17:32 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TM.blf 2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games 2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite 2016-12-28 04:48 - 2016-07-16 08:04 - 00131072 _____ C:\WINDOWS\system32\config\SAM 2016-12-27 18:17 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-27 18:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-27 18:11 - 2016-07-16 08:04 - 00000000 ___RD C:\Users 2016-12-27 18:07 - 2009-07-14 05:18 - 00000000 __SHD C:\$Recycle.Bin 2016-12-27 18:00 - 2015-08-19 22:50 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-12-27 17:56 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem\AppData\Local\Microsoft 2016-12-27 17:51 - 2016-07-16 13:47 - 00000000 ___SD C:\ProgramData\Microsoft ==================== Files in the root of some directories ======= 2015-09-06 17:35 - 2015-09-06 17:35 - 5224982 _____ (Bycatch) C:\Program Files\Common Files\1e13qbkx.exe 2015-09-06 12:47 - 2015-09-06 12:47 - 5224982 _____ (Bycatch) C:\Program Files\Common Files\ldvsx2w1.exe 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM 2015-09-06 11:24 - 2015-09-06 11:24 - 0000187 _____ () C:\Users\Kassem\AppData\Local\Fundamin.exe.config 2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt 2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt 2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt 2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt 2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt 2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt 2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND 2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg 2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt 2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml Some files in TEMP: ==================== 2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe 2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-06 17:30 ==================== End of FRST.txt ============================