I apologize for the late reply, I am new to the forum so I wasn't following this topic.
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Kassem (administrator) on KASSEM-PC (26-01-2017 23:13:08)
Running from C:\Users\Kassem\Desktop
Loaded Profiles: Kassem (Available Profiles: Kassem)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-09-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126656 2015-10-13] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\Run: [GoogleChromeAutoLaunch_528FB280EA5FDE99494BED26C65E27F7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\MountPoints2: {53c74ce8-5046-11e6-9c7d-5cf9dd3e739d} - "E:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155792 2015-09-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kassem\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Kass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2012-06-21]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2015-08-08]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{62eff3a8-08d4-4004-b867-e49ba5c67004}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{66ac5675-d891-4ba4-a02f-4c5787b0215f}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2015-08-07] (Sun Microsystems, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-12-22] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2015-08-07] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2011-12-22] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-04] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.1.5448469\npmathplugin.dll [2015-12-09] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1422278371&from=amt&uid=LITEONITXLCT-256M3S_TW0DFVVG5508524R1562"
CHR Profile: C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Slides) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-04]
CHR Extension: (Google Docs) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-04]
CHR Extension: (Google Drive) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-01-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-04]
CHR Extension: (FBDown Video Downloader) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Boomerang for Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2017-01-04]
CHR Extension: (Gmail) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Kassem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [220952 2016-08-17] (Beijing Rising Information Technology Co., Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-06] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-01] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
S3 cyhid; C:\WINDOWS\System32\DRIVERS\cyhid.sys [116736 2011-08-26] () [File not signed]
S3 cykbfltrService; C:\WINDOWS\System32\DRIVERS\cykbfltr.sys [13312 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 cymfltrService; C:\WINDOWS\System32\DRIVERS\cymfltr.sys [69632 2011-08-26] (Cypress Semiconductor, Inc.) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-06] (REALiX)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-01-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-01-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-26] (Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNs64; C:\WINDOWS\System32\drivers\NETwsw01.sys [11532704 2015-03-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-26 23:13 - 2017-01-26 23:13 - 00030994 _____ C:\Users\Kassem\Desktop\FRST.txt
2017-01-26 16:42 - 2017-01-26 16:45 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\dvdcss
2017-01-26 02:28 - 2017-01-26 02:28 - 00100301 _____ C:\Users\Kassem\Desktop\Malwarebytes Summary.txt
2017-01-26 01:56 - 2017-01-26 21:55 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-26 01:56 - 2017-01-26 17:14 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-26 01:56 - 2017-01-26 01:56 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-26 01:55 - 2017-01-26 17:14 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 01:55 - 2017-01-26 17:14 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-26 01:55 - 2017-01-26 01:55 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-26 01:55 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-26 01:49 - 2017-01-26 01:54 - 55566792 _____ (Malwarebytes ) C:\Users\Kassem\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-01-26 00:56 - 2017-01-26 23:13 - 00000000 ____D C:\FRST
2017-01-26 00:50 - 2017-01-26 00:51 - 02420736 _____ (Farbar) C:\Users\Kassem\Desktop\FRST64.exe
2017-01-25 22:05 - 2017-01-26 00:11 - 01516566 _____ C:\Users\Kassem\Desktop\Façade Cleaning Robot – Technical Overview.pptx
2017-01-25 20:55 - 2017-01-25 20:58 - 01440499 _____ C:\Users\Kassem\Desktop\Document for Meeting.pptx
2017-01-25 20:19 - 2016-05-29 23:49 - 07718022 _____ C:\Users\Kassem\Desktop\Video_1.mp4
2017-01-24 16:23 - 2017-01-24 16:23 - 02528032 _____ C:\Users\Kassem\Downloads\14850826_1785450381726050_571221162785243136_n.mp4
2017-01-24 00:14 - 2017-01-24 00:14 - 00103660 _____ C:\Users\Kassem\Desktop\Amazon Order 1.pdf
2017-01-23 21:45 - 2017-01-23 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-21 00:40 - 2017-01-21 01:10 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-01-18 18:35 - 2017-01-18 18:36 - 11540752 _____ C:\Users\Kassem\Downloads\10810842_819863881385679_318822581_n.mp4
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 21:14 - 2017-01-12 21:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 15:49 - 2017-01-11 15:50 - 10975062 _____ C:\Users\Kassem\Downloads\13729596_897529530351646_1972759078_n.mp4
2017-01-07 17:21 - 2017-01-07 17:21 - 00000000 ____D C:\Users\Kassem\Downloads\mpu9250_arduino
2017-01-05 02:23 - 2017-01-05 02:25 - 22034677 _____ C:\Users\Kassem\Downloads\15240661_1226154984099438_5306706933460238336_n.mp4
2017-01-04 07:25 - 2017-01-04 07:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-04 01:53 - 2017-01-04 01:53 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-04 01:53 - 2017-01-04 01:53 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-04 01:47 - 2017-01-04 15:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-04 01:47 - 2017-01-04 15:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-04 01:47 - 2017-01-04 01:47 - 01065376 _____ (Google Inc.) C:\Users\Kassem\Downloads\ChromeSetup.exe
2017-01-02 21:48 - 2017-01-02 22:29 - 1104052224 ____R C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso
2017-01-02 21:47 - 2017-01-02 21:47 - 00042460 _____ C:\Users\Kassem\Downloads\ubuntu-14.04.5-desktop-amd64.iso.torrent
2017-01-01 23:53 - 2017-01-01 23:53 - 00322098 _____ C:\Users\Kassem\Downloads\app (2).pdf
2017-01-01 23:51 - 2017-01-01 23:51 - 00321900 _____ C:\Users\Kassem\Downloads\app (1).pdf
2017-01-01 23:50 - 2017-01-01 23:50 - 00321906 _____ C:\Users\Kassem\Downloads\app.pdf
2017-01-01 22:54 - 2017-01-01 22:55 - 01687216 _____ C:\Users\Kassem\Downloads\AmericanUnivOfBeirut.pdf
2017-01-01 21:36 - 2017-01-01 21:36 - 00000000 ____D C:\Users\Kassem\Downloads\rufus_files
2017-01-01 21:33 - 2017-01-26 02:55 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-01 21:33 - 2017-01-01 21:33 - 00937592 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Kassem\Downloads\rufus-2.11.exe
2016-12-31 22:41 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\AppData\Local\FreemakeVideoConverter
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\ProgramData\Freemake
2016-12-31 22:40 - 2017-01-04 01:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-12-31 22:40 - 2016-12-31 22:41 - 00000000 ____D C:\Users\Kassem\Documents\Freemake
2016-12-31 22:31 - 2016-12-31 22:32 - 01964384 _____ (Ellora Assets Corporation ) C:\Users\Kassem\Downloads\FreemakeVideoConverterSetup.exe
2016-12-30 14:21 - 2016-12-30 14:34 - 86674168 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Kassem\Downloads\BackupperFull.exe
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Kassem\AppData\Local\speech
2016-12-29 14:00 - 2016-12-29 14:00 - 00705024 _____ C:\Users\Kassem\Downloads\FreeISOBurner.exe
2016-12-28 19:28 - 2016-12-28 19:28 - 00715009 _____ C:\Users\Kassem\Downloads\15399632_1335495143141991_2885647561060777984_n.mp4
2016-12-28 16:36 - 2016-12-28 17:31 - 1513308160 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso
2016-12-28 15:30 - 2016-12-28 15:30 - 00058080 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-amd64.iso.torrent
2016-12-28 15:26 - 2016-12-28 16:22 - 1531445248 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso
2016-12-28 15:26 - 2016-12-28 15:26 - 00058759 _____ C:\Users\Kassem\Downloads\ubuntu-16.04.1-desktop-i386.iso.torrent
2016-12-27 18:56 - 2016-12-27 18:56 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-27 18:56 - 2016-12-27 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-27 18:51 - 2016-12-27 18:53 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-27 18:10 - 2016-12-27 18:10 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-26 23:04 - 2015-08-28 22:17 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Skype
2017-01-26 23:03 - 2016-09-24 17:31 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-26 21:50 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-26 20:11 - 2016-02-28 19:20 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\vlc
2017-01-26 17:20 - 2015-08-19 21:55 - 02455762 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-26 17:15 - 2015-08-16 11:00 - 00000000 ___RD C:\Users\Kassem\Dropbox
2017-01-26 17:13 - 2016-09-24 17:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-26 17:13 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem
2017-01-26 17:13 - 2016-09-24 17:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-26 17:13 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-26 02:56 - 2015-09-06 18:15 - 00000000 ____D C:\ProgramData\ProductData
2017-01-26 02:55 - 2016-05-20 23:53 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Google Talk
2017-01-26 02:55 - 2015-08-16 10:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-26 02:55 - 2013-12-19 19:41 - 00000000 ____D C:\Users\Kass\AppData\Local\VNT
2017-01-26 02:34 - 2016-10-24 12:40 - 00000000 ____D C:\Windows10Upgrade
2017-01-25 20:11 - 2015-08-19 22:50 - 00000000 ____D C:\Users\Kassem\AppData\Local\Packages
2017-01-21 04:41 - 2015-08-28 22:17 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 21:47 - 2015-08-07 18:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 18:52 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-20 18:48 - 2015-11-01 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-20 16:09 - 2015-08-07 17:56 - 00000000 ___RD C:\Users\Kassem\Documents\Scanned Documents
2017-01-16 17:12 - 2015-08-07 18:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-14 02:59 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-11 23:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-11 14:16 - 2015-08-08 01:51 - 00000000 ____D C:\Users\Kassem\AppData\Local\ElevatedDiagnostics
2017-01-11 12:30 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 16:03 - 2016-09-24 17:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 00:45 - 2016-09-24 17:43 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DF356CE4-AC61-41D7-B7CD-B1D4B8E274D6}
2017-01-09 14:41 - 2015-11-04 19:40 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\BitTorrent
2017-01-07 19:39 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\Documents\Arduino
2017-01-07 18:00 - 2016-02-11 20:11 - 00000000 ____D C:\Users\Kassem\AppData\Local\Arduino15
2017-01-07 17:53 - 2015-08-21 01:58 - 00000000 ____D C:\Users\Kassem\Documents\MATLAB
2017-01-04 01:55 - 2015-08-07 16:37 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-04 01:53 - 2015-08-07 16:36 - 00000000 ____D C:\Users\Kassem\AppData\Local\Google
2017-01-04 01:47 - 2015-08-07 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-02 21:48 - 2016-11-26 18:35 - 00000000 ____D C:\Users\Kassem\AppData\LocalLow\BitTorrent
2017-01-01 21:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-30 14:02 - 2016-09-24 17:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2016-12-29 13:55 - 2015-10-31 17:36 - 00000000 ____D C:\Users\Kassem\AppData\Roaming\DAEMON Tools Lite
2016-12-28 04:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-28 04:48 - 2016-07-16 08:04 - 00131072 _____ C:\WINDOWS\system32\config\SAM
2016-12-27 18:17 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-27 18:11 - 2016-07-16 08:04 - 00000000 ___RD C:\Users
2016-12-27 18:07 - 2009-07-14 05:18 - 00000000 __SHD C:\$Recycle.Bin
2016-12-27 18:00 - 2015-08-19 22:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-27 17:56 - 2016-09-24 17:32 - 00000000 ____D C:\Users\Kassem\AppData\Local\Microsoft
2016-12-27 17:51 - 2016-07-16 13:47 - 00000000 ___SD C:\ProgramData\Microsoft
==================== Files in the root of some directories =======
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kassem\AppData\Roaming\9a6G05Ql37tdkC5ZUtM
2015-08-08 00:10 - 2015-08-08 00:10 - 0008778 _____ () C:\Users\Kassem\AppData\Local\IWDAudHelper.20150808.011005.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0001579 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010939.txt
2015-08-08 00:09 - 2015-08-08 00:09 - 0000663 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.010959.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001605 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011001.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001247 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011003.txt
2015-08-08 00:10 - 2015-08-08 00:10 - 0001245 _____ () C:\Users\Kassem\AppData\Local\PDLSetup.20150808.011021.txt
2016-11-29 21:23 - 2016-11-29 21:23 - 0000600 _____ () C:\Users\Kassem\AppData\Local\PUTTY.RND
2015-09-12 02:50 - 2015-09-12 02:50 - 0000017 _____ () C:\Users\Kassem\AppData\Local\resmon.resmoncfg
2015-10-17 09:49 - 2015-10-17 09:49 - 0000362 _____ () C:\Users\Kassem\AppData\Local\winconf.pxt
2016-01-27 19:51 - 2016-01-27 20:00 - 0034595 _____ () C:\ProgramData\RulesDecks.xml
Some files in TEMP:
====================
2016-12-31 22:32 - 2016-12-31 22:40 - 34139976 _____ (Ellora Assets Corporation ) C:\Users\Kassem\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-22 00:15 - 2017-01-21 04:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\Kassem\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-26 16:54
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Kassem (26-01-2017 23:14:02)
Running from C:\Users\Kassem\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 15:45:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-198589097-2935813840-3369481996-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-198589097-2935813840-3369481996-503 - Limited - Disabled)
Guest (S-1-5-21-198589097-2935813840-3369481996-501 - Limited - Disabled)
Kassem (S-1-5-21-198589097-2935813840-3369481996-1000 - Administrator - Enabled) => C:\Users\Kassem
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.37 - Atheros Communications Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CMU 1394 Digital Camera Driver (HKLM-x32\...\CMU 1394 Digital Camera Driver) (Version: 6.4.6.200 - Carnegie Mellon University)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DipTrace (HKLM\...\DipTrace) (Version: 2.4 - Novarm)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ExpressPCB (HKLM-x32\...\{277CA10D-4B11-4848-A5E6-F1CEA050BF90}) (Version: 7.3.4 - ExpressPCB, LLC)
FluidDraw P5 Demo (HKLM-x32\...\{47016B92-473D-4100-8B5F-A14FD5BE88DA}) (Version: 5.3.385.0 - Festo AG & Co. KG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden
IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.9 - Design Science, Inc.)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.125 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
VI Package Manager 2014 (HKLM-x32\...\{E78DE7EA-62EB-4D92-A62F-F92CC16EADB0}) (Version: 14.2.1976 - JKI)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{4f1b61c8-ad15-4f53-a3e6-e18d8d4abc18}) (Version: 6.07.0025 - Ingram Content Group)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5448469) (HKLM\...\A-WIN-Extras 10.3.1 5448469_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.1 5448563) (HKLM\...\M-WIN-L 10.3.1 5448563_is1) (Version: 10.3.1 - Wolfram Research, Inc.)
Wolfram SystemModeler 4.0.1 (HKLM-x32\...\{6fb6a5cb-f810-4953-bf31-b9aaba97e64f}_is1) (Version: 4.0.1 - Wolfram Research, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-198589097-2935813840-3369481996-1000_Classes\CLSID\{9A872070-0A06-11D1-90B7-00A024CE2744}\localserver32 -> C:\Program Files\National Instruments\LabVIEW 2013\LabVIEW.exe /Automation => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B4A60F2-19C8-4EDD-8D63-523CA1A61B1E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-01-03] (Microsoft Corporation)
Task: {0FBFA02F-40B5-4C0A-9B93-B2FBF1890D88} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {14B04005-2B05-4C7F-8E19-C3247EB2AA53} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1EA962F3-23DD-4295-A5A6-EA0CD9E0963C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EB15669-A19E-4401-A68E-E6BE037BD666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EBEFACB-3E8A-47D0-8D3A-507CD8E82925} - System32\Tasks\{3192BC34-7C3E-4D50-872E-1EBE5AB9F771} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {37E92736-5B9D-4FF4-9DED-DA603D409F4E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {38AE14C8-AE2D-4DD4-9BD4-70A9BD715615} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3AF0AE5F-8187-4CB1-8ADF-C41268626ECD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {49CEA312-C566-40E0-916F-6948BC8BD10A} - System32\Tasks\JKIUpdateTask => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe [2015-03-24] (JKI)
Task: {4AB18B9E-4D85-47A1-A2EB-2EE5CB302835} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7E67FB-6C9E-47A1-9642-650DBCA5934F} - System32\Tasks\{22E23AC4-6BBE-40D2-98C4-C1942E7F364E} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\APP_IO_WXP_VSTA_W7_A02_Setup-7W7T4_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {4C7D7A1C-38BE-40CB-ADEE-C6C125A6DB80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {5628C60A-1BDF-4C16-996B-7E7F3F59166C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {58486E92-6688-4C3A-BA1C-324163CE80B3} - System32\Tasks\habugcus => C:\Program Files\Common Files\pamuag55\55cdej5nzumzk.exe [2015-08-18] () <==== ATTENTION
Task: {5A42204C-449A-46B3-99ED-D70DAADE2404} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {5A73D528-C3F2-4F18-B7BE-7D7EA20CA41B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {60EB7A4F-59F4-4511-B659-B2BBD035AE0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-17] (Microsoft Corporation)
Task: {634D81D4-6392-44B2-8813-F1C7A1475593} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-01] (Dropbox, Inc.)
Task: {701700C3-64F0-4C55-A8F9-0D905EC56AF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {78731B9D-4EFA-450B-9293-0FBD0F58F417} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-01-03] (Microsoft Corporation)
Task: {7D25C6F3-E10E-4FDD-B5C3-698C9FEA91BE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8A3C1B8B-EAC7-4FE6-BE81-54849CD866E4} - System32\Tasks\Uninstaller_SkipUac_Kassem => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {938C8DBC-0FA6-4948-BE91-614E66A397DF} - System32\Tasks\0l3eyysl => C:\Program Files\Common Files\umiw00s3\3d46esdi4g0vv.exe [2015-08-18] () <==== ATTENTION
Task: {95243289-6FE9-467A-9200-BA17965BED22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-14] (Adobe Systems Incorporated)
Task: {96D5B8C5-BC8D-4A5E-8CE3-556DECB15E18} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9F4F16DD-E2F1-49AC-A0DB-540CAA7460B9} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
Task: {A6A80D1B-C801-4FB2-ACB9-915EF254C487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {A8E0BBFE-199E-4B20-9925-A24D6121C7E3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AFDB3F5E-47CF-49AF-B810-EF1968B650CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B29EFFC4-2FEF-42AF-9E07-131265D46E61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {C063D582-9B08-4045-AB68-DD4DF99962AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C331AEA7-992A-4504-941C-657E5876FC4C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3B6B960-7726-467F-8979-EB3ED1741083} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C3D78503-BBB6-4433-AFF1-10693E11DC5A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4F2B3CB-8910-42CA-9F4E-27EB420A17D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-25] (Microsoft Corporation)
Task: {C9D5D34E-CE63-4A34-8748-D3E67F818068} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.)
Task: {CB15E7F1-BCCF-4594-AA8E-13175AE75D5A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBCAB27D-18E5-4FFD-A17B-A251CCB6C2E9} - System32\Tasks\{A49D78C7-89EF-4065-BA38-B7C2F239E663} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {CEFBB51A-5D00-4533-B08C-8184D8F7E139} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF499570-78BE-47A3-BF42-AF058BBCA96D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0E8724C-684D-432D-A652-1427DA023D68} - System32\Tasks\{6FDD6B59-F353-4A60-9852-25DDE6C44BDF} => pcalua.exe -a "C:\Program Files (x86)\Rising\RSD\Setup.exe" -c /UNINSTALL /PRODUCT=RAV
Task: {D3AD1CF0-D0B0-4E47-9E24-D19D407A23BA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA8F5122-F577-4CE2-8BCE-21DF593C76C5} - System32\Tasks\{15565041-D8C6-4DE0-A853-F74ADBF150C6} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\R311884.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {EBFB50D7-C13F-4D36-91EB-E46DAAD7AC5A} - System32\Tasks\{545F917C-120D-49C6-BD5A-DFD56746C6D5} => pcalua.exe -a C:\Users\Kassem\Downloads\Drivers\Video_Nvidia_W74_A09_Setup_RRN66_ZPE.exe -d C:\Users\Kassem\Downloads\Drivers
Task: {F7480211-4F5D-476C-8F17-BC0788618A54} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC7D9652-FAF1-43A4-AD1F-0617FD1B1DA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDCE585F-D376-4299-96B3-1CEF1BBB02AD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kassem.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-24 17:31 - 2015-09-14 00:04 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-28 09:05 - 2012-09-29 12:25 - 00409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-08-28 09:06 - 2012-09-29 12:25 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-26 01:55 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-09 13:49 - 2016-11-11 12:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 17:48 - 2016-09-24 17:48 - 01864384 _____ () C:\Users\Kassem\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-24 22:08 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 13:48 - 2016-11-11 11:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 20:20 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 20:20 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 20:20 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 20:20 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 20:20 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 00:40 - 2015-08-21 00:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-04 01:53 - 2016-12-08 10:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-09-06 18:15 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-01-23 21:44 - 2017-01-18 20:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-12-22 18:07 - 2016-12-21 10:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-22 18:07 - 2016-12-21 10:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 21:44 - 2016-12-21 10:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-22 18:07 - 2016-12-21 10:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 21:44 - 2016-12-21 10:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 21:44 - 2016-12-21 10:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-22 18:07 - 2016-12-21 10:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-12-22 18:07 - 2016-12-21 10:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 21:44 - 2016-12-21 10:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-23 21:44 - 2016-12-04 08:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 21:44 - 2016-12-21 10:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 21:44 - 2016-12-21 10:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 21:44 - 2017-01-18 20:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-22 18:07 - 2016-12-21 10:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-22 18:07 - 2017-01-18 20:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 21:44 - 2017-01-18 20:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2011-10-26 07:57 - 2011-10-26 07:57 - 00102912 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Kassem\Desktop\Video_1.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Kassem\Downloads\Cerificate.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kassem\Documents\arduino-1.6.10-windows.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Kassem\Documents\Gravity - A Facade Cleaning Robot.zip:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: Icad.load.scr => <===== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\sharepoint.com -> hxxps://mailaub.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2017-01-04 01:51 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting (64-bit).lnk"
HKLM\...\StartupApproved\Run32: => "RSDTRAY"
HKLM\...\StartupApproved\Run32: => "NUSB3MON"
HKLM\...\StartupApproved\Run32: => "RavTRAY"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "gpuminer"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-198589097-2935813840-3369481996-1000\...\StartupApproved\Run: => "NIRegistrationWizard"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{380B4C1F-F1DD-4810-8C9C-9CC25C4CCF1D}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [TCP Query User{D702A0E8-2880-4146-8C24-C07FCF42FA3F}C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe] => C:\users\kassem\downloads\arduino-1.6.10\java\bin\javaw.exe
FirewallRules: [{D37845D4-8F89-4B44-B4B9-DCDDA0052A7D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59CC8569-C174-415A-9832-83631C207960}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7B6AAA16-FAB0-42C9-8D85-083702411848}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{53855477-072D-4B0B-B7B9-2C2D3594C223}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07AF11F7-CDE2-415A-9D26-56C65D81E2E2}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{AA5F80B0-3B7E-4470-A35F-57CD4D40C17F}] => C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CF0C465-91EE-4595-8C7C-07EE6AA6638E}] => C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{27E14EC2-9550-4E33-9A78-7E4350DD7C16}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SessionMgr.exe
FirewallRules: [{1A5A77EE-46A0-46A1-A611-0A13B04D12C9}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\SimulationCenter.exe
FirewallRules: [{5CBA7A71-0283-4577-8461-C07F0BBE5918}] => C:\Program Files (x86)\Wolfram Research\SystemModeler 4.0.1\bin\ModelCenter.exe
FirewallRules: [{4290AD3D-664C-4129-AC2A-B47EDCEA36CA}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B04860F9-5A41-482E-BCB4-A0BA339B6890}] => LPort=1900
FirewallRules: [{65AFF168-BF59-4CC0-ABB8-92D9B9E69BD1}] => LPort=2869
FirewallRules: [{B0950348-B26B-4CCF-9864-BDB552AC5154}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{E577A04A-907B-476E-BFA8-A7DB296AEBE6}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{6039DE07-8F47-4539-9C58-2D575D7A187C}C:\program files (x86)\arduino\java\bin\javaw.exe] => C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{679AEF19-2695-426B-B233-6B26E1F1484D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{F1982A83-B281-414A-8AAA-CCDA0F7B441F}] => C:\Program Files\Wolfram Research\Mathematica\10.3\math.exe
FirewallRules: [{8CB7EBDD-2550-4273-9862-4DE9E4EA769C}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{08D398BC-A114-4A76-BFB7-878F36DED37D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\MathKernel.exe
FirewallRules: [{B04ED7D0-B4D9-42D1-A5DC-FBDE9A561666}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{317CD395-EA98-4FEF-BC21-7CD31A70C57D}] => C:\Program Files\Wolfram Research\Mathematica\10.3\Mathematica.exe
FirewallRules: [{8CE2EB46-B9D5-4383-8F63-296BCD3E4F41}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{72E96E81-D97C-4FDD-9217-39F92386CBD6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2250131-BF94-4860-A682-A6CC6B7C1BF9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD35E675-6BAC-4C66-A793-78C64BA55457}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E53D540D-E81A-46EC-B8BB-C0C4AED7C2B2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{804DE3CD-A3DC-451E-83A5-5823D5D3087E}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{E7D18337-7B21-4D31-9BA3-8A62AB75FC63}C:\program files (x86)\ares\ares.exe] => C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{C580C769-22C9-4016-A839-2D245213EEF2}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{21BA8E18-D2C4-4549-8FDA-E2C7AC08280D}C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\kassem\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4131E414-6D22-4521-AC13-2F37322410D3}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [UDP Query User{FE82D18A-5A5B-4040-ABD7-750E347A1D1B}C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] => C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{38AB335E-7D61-4A0F-9D7B-C112E638762F}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4162FDB-8FFF-4B91-A0E1-E31341889FB2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FE0D05FE-F726-4FF0-A9EF-8A8764E47665}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7780E7CA-490A-47B2-88F7-74A1E33D84F3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F03FF52A-ED2B-4E7B-BA96-B1B548F1A3AA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5FAF9DD8-C708-4626-AFF7-0CBEB9BF45C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4234DC87-1E2A-4249-9FD2-D6C42059470E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4C2040B5-E917-4849-8A1D-C326602426B1}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{F3507DEB-B4FE-4015-86BC-0741BE8223EF}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [{0355AAB6-6CF0-4395-A863-E27795CA6F69}] => C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CFE911B6-7C90-4FD9-9B50-B16B6246BD86}] => C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{356799BF-842E-4151-89D8-71D7B52F2CC1}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E46C3910-1606-4614-B95C-EAD1FB2BB44C}] => C:\Users\Kassem\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF84336F-C710-4FFD-B138-B8A7B0BBC7E7}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{719DBA33-5B5B-4EF0-857B-762231D2C973}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7466C32D-6D89-4C46-BD80-82D6BFAB132C}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4AA1725A-C230-4D65-9EA0-223DC84A86E5}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F6AEC447-E968-446F-9738-739A5F1E7533}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3EF15CEB-7552-491E-96AB-ED82F4184443}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{B632DC00-9D50-49D5-9FD2-C4D592C585FE}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [UDP Query User{C5DB7824-9DFD-404A-B453-F2084797EC1D}C:\program files\solidworks corp\solidworks\sldworks.exe] => C:\program files\solidworks corp\solidworks\sldworks.exe
FirewallRules: [{26B8A7EE-18A2-4414-A0B7-B43BEAD43F61}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D21F9F11-C21C-4AF7-B0F8-6044B1B8E1DE}] => C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A093865A-364C-4AEA-BBAC-99A18D04CDFA}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{02ECCBE7-01AC-44E2-BCEE-09B4872AD01A}] => C:\Users\Kassem\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{510E86F8-96DD-463C-B221-DD25556C049F}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C47A5D70-AB7B-429B-9E4F-29176C0607D3}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{092C9577-F0B8-43C7-A077-B7EEE24FF6A1}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A73CF2E2-F448-45F9-8228-A56361487656}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A345293E-E02B-43CE-9A47-1ED56169A32A}] => C:\Program Files (x86)\JKI\VI Package Manager\support\JKIUpdate.exe
FirewallRules: [{ABAA7FFB-4E92-4729-A074-6B8C3B354376}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3A2CB042-0B07-48D0-9CAA-4283D1ED46F1}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ACD6B98D-5A25-4525-AA4F-3123AD0D734A}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7D355E3C-4FF6-4875-8F3B-C6AC22F9F27F}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D5DED493-E947-4ED7-AA2D-C584AB91FE45}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{801C87DE-678E-4858-B52A-51920ACE38E7}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
27-12-2016 18:55:08 Removed Skype™ 7.30
07-01-2017 14:52:11 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2017 11:03:55 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (01/26/2017 11:03:54 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
Error: (01/26/2017 10:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/26/2017 09:50:37 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (01/26/2017 09:50:35 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (01/26/2017 09:50:34 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/26/2017 09:48:47 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
Error: (01/26/2017 09:48:46 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070005
Path:SERIALIZE_INTERNAL
Arguments:<none>
System errors:
=============
Error: (01/26/2017 05:18:10 PM) (Source: DCOM) (EventID: 10016) (User: Kassem-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user Kassem-PC\Kassem SID (S-1-5-21-198589097-2935813840-3369481996-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:15:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Camera Frame Server service terminated with the following error:
General access denied error
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:14:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (TEW_SQLEXPRESS) service terminated with the following service-specific error:
Access is denied.
Error: (01/26/2017 05:13:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FrameServer service terminated with the following error:
General access denied error
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/26/2017 05:10:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-01-26 23:13:26.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 23:13:26.714
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:53:33.665
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:53:27.033
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:50:30.606
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:50:24.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:48:26.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 16:48:15.773
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 14:08:45.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-26 14:08:35.134
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 8083.88 MB
Available physical RAM: 4785.97 MB
Total Virtual: 16275.88 MB
Available Virtual: 12956.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.32 GB) (Free:190.94 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9057C8E4)
Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================