Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • Please log in to reply
6 replies to this topic

#1 Palestine_Free1

Palestine_Free1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 05 April 2016 - 11:19 AM

Hey, My name is Ahmad
I'm here after couple of days of getting a virus into my PC, I've tried my best against it but I failed, after couple of tries and reading on website I think the malware is Trojan Horse.
How i got this malware? I wanted to download a video editor and went to download IskySoft and then i got the virus
What did it affect? It affected my Audio firstly ( no volume on most programs, and when pc starts the volume is really much too loud) second system properties got a problem it doesnt even work; when i try clicking it nothing happens, firewall doesn't work. Third cant add a new account. 4th most of programs doesnt work.and a lot more))
I've been trying to fix it from couple of days :/ but everytime i fail! Now most of the programs doesn'teven want to work. Does anyone know any solution? Or/and is the malware Trojan? Or another one. I would send you all my logs using hijackthis once i get on PC.
Wish to get answer soon :)
Thanks for reading!


EDIT: I used Malwarebytes and also AVG, but i couldn't solve anything. And my operating system is win7

Edited by Palestine_Free1, 05 April 2016 - 02:12 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 05 April 2016 - 06:12 PM

Selamın aleykum Ahmad and Welcome to the BleepingComputer. :welcome: 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Palestine_Free1

Palestine_Free1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 06 April 2016 - 05:55 AM

Aleykum Selamin! 
Thank you for replying to my Topic , I really appericate that from you ! 
I installed it and now I'm going to  give you all the logs, but I don't really know if I'm following this rule because I don't know if I'm following all the rules, like this rule :

  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!

 

FRST.TXT : 


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by k (administrator) on ABOJABER-PC (06-04-2016 13:35:37)
Running from C:\Users\k\Downloads
Loaded Profiles: k (Available Profiles: Abo Jaber & nnm & k & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKU\S-1-5-21-3712952004-2349104225-4285756531-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
Startup: C:\Users\Abo Jaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk [2015-01-09]
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (No File)
Startup: C:\Users\nnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\كليب حبات التوت وفيق حبيب _ Wafeek Habib Clip 7abat Al Too [2015-04-12] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0BB66C06-EA75-4A46-A03D-2876537D0DC6}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{8A17242F-6248-4834-90B5-9B38E191ECE5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8A17242F-6248-4834-90B5-9B38E191ECE5}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://isearch.omiga-plus.com/?type=hp&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130892859879538732&GUID=0A5CDDB8-EC3F-44BA-A83A-4ECF5BB4B085
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = hxxp://www.yahoo.com/?yhs=10005&cid=&t=266639_2043_gbr_10_0_0_1_
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_7qZ0gVThpZKx528pu0Bzb3-GCGk54Csa8lJp2DAliBKlanG2im4QiRGAT7GTm8pumLJdwUDxRa1F6ZcRU0tz725wTrb14PIG2GkknpfyNFrWFXYUZAu1lLXVwqJ_HBHP-3EzPhY9Eo-N&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_7qZ0gVThpZKx528pu0Bzb3-GCGk54Csa8lJp2DAliBKlanG2im4QiRGAT7GTm8pumLJdwUDxRa1F6ZcRU0tz725wTrb14PIG2GkknpfyNFrWFXYUZAu1lLXVwqJ_HBHP-3EzPhY9Eo-N&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com
URLSearchHook: HKLM-x32 -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=1539&r=2015/01/17&hid=3135344019684907663&lg=EN&cc=IL&unqvl=74
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3712952004-2349104225-4285756531-1005 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-3712952004-2349104225-4285756531-1005 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: No Name -> {2B0183D6-3C22-4F0B-F62F-58AF52F66606} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: No Name -> {35d0a5d9-8fe9-49e1-8e31-dcb0eef7111b} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {9677c284-5946-4e0f-8809-9a888e2590aa} -> No File
BHO: No Name -> {9c22258d-19d5-46e9-a97c-f7cd22285986} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-28] (Oracle Corporation)
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: No Name -> {35d0a5d9-8fe9-49e1-8e31-dcb0eef7111b} -> No File
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9677c284-5946-4e0f-8809-9a888e2590aa} -> No File
BHO-x32: No Name -> {9c22258d-19d5-46e9-a97c-f7cd22285986} -> No File
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-3712952004-2349104225-4285756531-1005 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Handler: livecall - No CLSID Value
Handler: ms-help - No CLSID Value
Handler: msnim - No CLSID Value
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler: wlmailhtml - No CLSID Value
Handler: wlpg - No CLSID Value
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1403024282&from=epom2&uid=ST3750528AS_9VPAE8PEXXXX9VPAE8PE
 
FireFox:
========
FF ProfilePath: C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\i1xr7lwe.default
FF DefaultSearchEngine: Google
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Windows\system32\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-30] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
FF user.js: detected! => C:\Users\k\AppData\Roaming\Mozilla\Firefox\Profiles\i1xr7lwe.default\user.js [2016-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\nnm\AppData\Roaming\Mozilla\Firefox\Profiles\pe7pmusl.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\nnm\AppData\Roaming\Mozilla\Firefox\Profiles\pe7pmusl.default\extensions\faststartff@gmail.com [2015-03-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\k\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-28]
CHR Extension: (Google Search) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fbnmfdkmgihfljaegoejdjonfdpkdlci] - C:\Users\Abo Jaber\AppData\Local\CRE\fbnmfdkmgihfljaegoejdjonfdpkdlci.crx [2013-10-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1580352 2016-03-02] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-31] ()
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 DellOSDservice; C:\Program Files\Dell\OSD\DellOSDservice.exe [7168 2010-07-05] (Microsoft) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S3 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S3 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-30] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S4 0f988423; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TampaEdit\TampaEdit.dll",serv
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-01-12] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0050.sys [28768 2013-10-10] (SoftEther Project at University of Tsukuba, Japan.)
S3 Shield_Loader; C:\Users\nnm\AppData\Roaming\qmacro\shield\SD002.dat [31784 2013-01-31] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [214720 2015-11-20] (Microsoft Corporation)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va019; \??\C:\Windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va023; \??\C:\Windows\SysWOW64\Drivers\X6va023 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-06 13:35 - 2016-04-06 13:36 - 00026523 _____ C:\Users\k\Downloads\FRST.txt
2016-04-06 13:33 - 2016-04-06 13:35 - 00000000 ____D C:\FRST
2016-04-06 13:33 - 2016-04-06 13:33 - 02374144 _____ (Farbar) C:\Users\k\Downloads\FRST64.exe
2016-04-06 13:33 - 2016-04-06 13:33 - 02374144 _____ (Farbar) C:\Users\k\Downloads\FRST64 (1).exe
2016-04-05 18:24 - 2016-04-05 18:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Local\GWX
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{FD23A86C-2397-40DB-9A78-CE1DE1669F20}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{F70E1298-B38E-49F4-B0C3-25B9B50E887A}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{D62EF02D-6D57-4F45-A0F8-160AD8EC8EF2}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{B8E46DB3-896F-4C3C-B754-1E58EAE6302D}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{B8A3E4C8-7EF7-4D3A-97F2-D63A3F62D0F2}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{9F1F3F59-4B9F-45CD-BB05-9AD9DBEF3997}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{97938A2C-047C-4979-BF2C-81615FA4EA86}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{85E50F81-C6AB-4DA6-89B7-A857B9E36458}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{4F15A90C-5085-4910-B25D-E843E37868CC}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{4DC71A83-64E4-45AA-BD32-30FB2649E965}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{4812DA7F-2908-41F3-A0A6-02523CA1754C}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{45205F9F-A957-4202-88DF-F97E0A6179FD}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{37982181-B2EB-47EA-8AD6-4AE8EECEF143}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{2B3D6426-B6AA-425B-B2D2-269874E20867}
2016-04-05 18:23 - 2016-04-05 18:23 - 00002936 _____ C:\Windows\System32\Tasks\{28650502-BF3A-4C4A-B286-4394AA8B80BD}
2016-04-05 18:01 - 2016-04-05 18:01 - 00193444 _____ C:\Windows\SysWOW64\TLDvrLng.ini
2016-04-05 17:59 - 2011-06-05 13:24 - 00211797 _____ C:\Users\k\Desktop\عرض تقديمي1.pptx
2016-04-05 17:59 - 2011-04-06 19:13 - 00175104 _____ C:\Users\k\Desktop\الانعكاس.ppt
2016-04-05 17:59 - 2011-03-24 19:55 - 00735232 _____ C:\Users\k\Desktop\Presentation4.ppt
2016-04-05 17:59 - 2011-03-12 23:52 - 07364608 _____ C:\Users\k\Desktop\Presentation1.ppt
2016-04-05 17:59 - 2011-03-10 22:54 - 04788224 _____ C:\Users\k\Desktop\Presentation2.ppt
2016-04-05 16:51 - 2016-04-05 16:52 - 58432912 _____ (Microsoft Corporation) C:\Users\k\Downloads\EIE11_EN-US_WOL_WIN764.EXE
2016-04-05 16:51 - 2016-04-05 16:51 - 00000000 ____D C:\sh4ldr
2016-04-05 16:50 - 2016-04-05 16:54 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-05 16:50 - 2016-04-05 16:50 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\k\Downloads\SpyHunter-Installer.exe
2016-04-05 16:00 - 2016-04-05 16:18 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-05 15:59 - 2016-04-05 16:00 - 11255504 _____ (TeamViewer GmbH) C:\Users\k\Downloads\TeamViewer_Setup (1).exe
2016-04-05 15:35 - 2016-04-05 15:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-05 15:35 - 2016-04-05 15:35 - 01856936 _____ (Malwarebytes ) C:\Users\k\Downloads\mbae-setup-1.08.1.1189.exe
2016-04-05 15:35 - 2016-04-05 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-04-05 15:35 - 2016-04-05 15:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-04-05 15:10 - 2016-04-05 15:10 - 00000000 ____D C:\Users\k\AppData\Roaming\Telegram Desktop
2016-04-05 15:10 - 2016-04-05 15:10 - 00000000 ____D C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2016-04-05 15:03 - 2016-04-05 15:49 - 00005117 _____ C:\Users\k\Downloads\startuplist.txt
2016-04-05 15:01 - 2016-04-05 15:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\k\Downloads\HijackThis.exe
2016-04-05 14:41 - 2016-04-05 14:41 - 00000000 ____D C:\Users\nnm\AppData\Roaming\IObit
2016-04-04 18:54 - 2016-04-04 18:55 - 00000000 ____D C:\Users\Abo Jaber\AppData\Roaming\IObit
2016-04-04 18:54 - 2016-04-04 18:54 - 00000000 ____D C:\Users\Abo Jaber\AppData\Roaming\ProductData
2016-04-04 18:54 - 2016-04-04 18:54 - 00000000 ____D C:\Users\Abo Jaber\AppData\LocalLow\IObit
2016-04-04 18:45 - 2016-04-04 18:45 - 00089035 _____ C:\Users\k\Downloads\Malwarebytes Anti-Malware 2.2.1 Full Activated.zip
2016-04-04 18:43 - 2016-04-04 18:44 - 00000000 ____D C:\Users\k\Desktop\New folder (7)
2016-04-04 18:42 - 2016-04-04 18:42 - 01992496 _____ C:\Users\k\Downloads\winrar-x64-531.exe
2016-04-04 18:42 - 2016-04-04 18:42 - 00000000 ____D C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-04 18:40 - 2016-04-04 18:40 - 22828233 _____ C:\Users\k\Downloads\Malwarebytes Anti-Malware Premium 2.2.1.1043 + Key (1).zip
2016-04-04 18:40 - 2016-04-04 18:40 - 00005012 _____ C:\Users\k\Downloads\Malwarebytes Anti-Malware Premium Keys.zip
2016-04-04 18:20 - 2016-04-06 13:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-04 18:19 - 2016-04-04 19:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-04 18:19 - 2016-04-04 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-04 18:19 - 2016-04-04 18:19 - 22851472 _____ (Malwarebytes ) C:\Users\k\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-04-04 18:19 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-04 18:19 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-04 18:19 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-04 15:20 - 2016-04-04 15:20 - 02146952 _____ (Smilegate - Z8 Games) C:\Users\k\Downloads\CrossFire_NA.exe
2016-04-04 15:20 - 2016-04-04 15:20 - 00000000 ____D C:\ProgramData\Solid State Networks
2016-04-03 20:29 - 2016-04-05 14:35 - 00903410 _____ C:\Windows\ntbtlog.txt
2016-04-03 20:24 - 2016-04-03 20:24 - 00001380 _____ C:\Users\Guest.AboJaber-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-03 20:24 - 2016-04-03 20:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Roaming\AVG
2016-04-03 20:24 - 2016-04-03 20:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Roaming\Adobe
2016-04-03 20:24 - 2016-04-03 20:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Local\Google
2016-04-03 20:24 - 2016-04-03 20:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Local\Avg
2016-04-03 20:23 - 2016-04-03 20:24 - 00000000 ____D C:\Users\Guest.AboJaber-PC
2016-04-03 20:23 - 2016-04-03 20:23 - 00000020 ___SH C:\Users\Guest.AboJaber-PC\ntuser.ini
2016-04-03 20:23 - 2016-04-03 20:23 - 00000000 _SHDL C:\Users\Guest.AboJaber-PC\My Documents
2016-04-03 20:23 - 2016-04-03 20:23 - 00000000 _SHDL C:\Users\Guest.AboJaber-PC\Documents\My Videos
2016-04-03 20:23 - 2016-04-03 20:23 - 00000000 _SHDL C:\Users\Guest.AboJaber-PC\Documents\My Pictures
2016-04-03 20:23 - 2016-04-03 20:23 - 00000000 _SHDL C:\Users\Guest.AboJaber-PC\Documents\My Music
2016-04-03 20:23 - 2016-01-20 20:38 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Roaming\Macromedia
2016-04-03 20:23 - 2015-04-09 03:02 - 00000000 ____D C:\Users\Guest.AboJaber-PC\Documents\Visual Studio 2008
2016-04-03 20:23 - 2014-01-17 17:23 - 00002111 _____ C:\Users\Guest.AboJaber-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-04-03 20:23 - 2013-10-20 18:06 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Local\Microsoft Help
2016-04-03 20:23 - 2013-09-12 22:42 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Roaming\TuneUp Software
2016-04-03 20:23 - 2010-11-21 10:16 - 00000000 ____D C:\Users\Guest.AboJaber-PC\AppData\Roaming\Media Center Programs
2016-04-03 19:53 - 2016-04-03 19:55 - 14856368 _____ (Enigma Software Group USA, LLC.) C:\Users\k\Downloads\RegHunter-Installer.exe
2016-04-03 18:48 - 2016-04-03 18:48 - 11255504 _____ (TeamViewer GmbH) C:\Users\k\Downloads\TeamViewer_Setup.exe
2016-04-03 18:20 - 2016-04-03 18:20 - 00832864 _____ C:\Users\k\Downloads\video-editor_setup_full1661 (3).exe
2016-04-03 18:04 - 2016-04-03 18:04 - 00000017 _____ C:\Users\k\AppData\Local\resmon.resmoncfg
2016-04-03 04:44 - 2016-04-03 04:44 - 00000000 __SHD C:\found.014
2016-04-03 01:50 - 2016-04-03 01:51 - 02993824 _____ (ESET) C:\Users\k\Downloads\eset_smart_security_live_installer.exe
2016-04-03 01:17 - 2016-04-03 01:17 - 00306587 _____ C:\Users\k\Downloads\Malwarebytes Anti-Malware cracked all versions.rar
2016-04-03 00:49 - 2016-04-03 00:49 - 01373696 _____ C:\Users\k\Downloads\VirtualRouterInstaller.msi
2016-04-03 00:42 - 2016-04-03 00:42 - 00002609 _____ C:\Users\k\Desktop\Virtual Router Manager.lnk
2016-04-03 00:13 - 2016-04-03 00:13 - 22851472 _____ (Malwarebytes ) C:\Users\k\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-03 00:13 - 2016-04-03 00:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-02 23:27 - 2016-04-02 23:27 - 01205904 _____ C:\Users\k\Downloads\filmora-win_setup_full2073.exe
2016-04-02 23:27 - 2016-04-02 23:27 - 00808800 _____ C:\Users\k\Downloads\video-editor_setup_full715.exe
2016-04-02 23:23 - 2016-04-02 23:23 - 435708768 _____ C:\back up h.reg
2016-04-02 23:10 - 2016-04-02 23:10 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-02 21:43 - 2016-04-02 21:43 - 02670160 _____ (www.PerfectUninstaller.com ) C:\Users\k\Downloads\PerfectUninstaller_Setup.exe
2016-04-02 17:54 - 2016-04-02 17:54 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-04-02 17:54 - 2016-04-02 17:54 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-04-02 17:53 - 2016-04-03 19:49 - 00000000 ____D C:\ProgramData\IObit
2016-04-02 17:53 - 2016-04-02 17:54 - 00000000 ____D C:\ProgramData\ProductData
2016-04-02 17:53 - 2016-04-02 17:53 - 00000000 ____D C:\Users\k\AppData\Roaming\ProductData
2016-04-02 17:53 - 2016-04-02 17:53 - 00000000 ____D C:\Users\k\AppData\LocalLow\IObit
2016-04-02 17:53 - 2016-04-02 17:53 - 00000000 ____D C:\Users\k\AppData\IObit
2016-04-02 17:53 - 2016-04-02 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-04-02 17:52 - 2016-04-03 19:49 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-02 17:52 - 2016-04-02 17:54 - 00000000 ____D C:\Users\k\AppData\Roaming\IObit
2016-04-02 17:52 - 2016-04-02 17:52 - 13143840 _____ (IObit) C:\Users\k\Downloads\iobituninstaller.exe
2016-04-02 17:51 - 2016-04-03 17:53 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-04-02 17:51 - 2016-04-02 17:51 - 00000000 ____D C:\Users\k\AppData\Local\Innovative Solutions
2016-04-02 17:50 - 2016-04-02 17:50 - 19311728 _____ (Innovative Solutions ) C:\Users\k\Downloads\Advanced_Uninstaller11.exe
2016-04-02 17:18 - 2016-04-02 17:18 - 00000000 ____D C:\Users\Abo Jaber\AppData\Local\iSkysoft
2016-04-02 17:17 - 2016-04-02 17:17 - 00000000 ____D C:\Users\k\AppData\Local\VS Revo Group
2016-04-02 17:16 - 2016-04-02 17:17 - 11199448 _____ (VS Revo Group ) C:\Users\k\Downloads\RevoUninProSetup.exe
2016-04-02 16:06 - 2016-04-02 16:06 - 00000000 ____D C:\Users\k\AppData\Roaming\DVDVideoSoft
2016-04-02 15:31 - 2016-04-02 15:31 - 00000000 ____D C:\Users\k\AppData\Local\MFAData
2016-04-02 15:30 - 2016-04-02 15:31 - 00000000 ____D C:\Users\k\AppData\Local\AvgSetupLog
2016-04-02 12:52 - 2016-04-02 12:52 - 00026741 _____ C:\Users\k\Downloads\Unconfirmed 303277.crdownload
2016-04-02 12:52 - 2016-04-02 12:52 - 00026741 _____ C:\Users\k\Downloads\RandomTP.jar
2016-04-01 19:03 - 2016-04-01 19:03 - 02286430 _____ C:\Users\nnm\Downloads\Clash_Royale_Coins_iHackedit.com.rar
2016-04-01 18:53 - 2016-04-01 18:53 - 00000000 ____D C:\Users\nnm\Downloads\MCSM v1.26 OBB Adreno
2016-04-01 18:31 - 2016-04-01 18:46 - 998355395 _____ C:\Users\nnm\Downloads\MCSM v1.26 OBB Adreno.rar
2016-04-01 18:03 - 2016-04-01 18:03 - 00000000 __SHD C:\found.013
2016-04-01 14:59 - 2016-04-01 14:59 - 00013287 _____ C:\Users\k\Downloads\A small Message (That is too big to post on the forum apprently).txt
2016-03-31 15:31 - 2016-03-31 15:31 - 00801940 _____ C:\Users\k\Downloads\Towny_Advanced (2).zip
2016-03-31 15:24 - 2016-03-31 15:24 - 00801940 _____ C:\Users\k\Downloads\Towny_Advanced.zip
2016-03-31 15:24 - 2016-03-31 15:24 - 00801940 _____ C:\Users\k\Downloads\Towny_Advanced (1).zip
2016-03-31 12:42 - 2016-03-31 12:42 - 00088911 _____ C:\Users\k\Downloads\AVG Internet Security (1).zip
2016-03-31 12:41 - 2016-03-31 12:41 - 00088914 _____ C:\Users\k\Downloads\AVG Internet Security.zip
2016-03-31 12:38 - 2016-03-31 12:44 - 00000000 ____D C:\Users\k\AppData\Local\Avg
2016-03-31 12:38 - 2016-03-31 12:38 - 00000000 ____D C:\Users\k\AppData\Roaming\AVG
2016-03-31 12:22 - 2016-04-03 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-31 12:22 - 2016-03-31 12:22 - 00000943 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-03-31 12:20 - 2016-03-31 12:20 - 00000000 ___HD C:\$AVG
2016-03-31 12:17 - 2016-04-02 15:36 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-31 12:16 - 2016-03-31 12:17 - 00000000 ____D C:\Users\nnm\AppData\Local\AvgSetupLog
2016-03-31 12:13 - 2016-03-31 12:15 - 248987816 _____ (AVG Technologies CZ, s.r.o.) C:\Users\nnm\Downloads\AVG_Antivirus_Free_x64_693.exe
2016-03-31 12:06 - 2016-03-28 00:17 - 00000030 _____ C:\AVScanner.ini
2016-03-30 15:01 - 2016-03-30 15:01 - 00523052 _____ C:\Users\k\Downloads\SkinsRestorer-v11.3.zip
2016-03-30 14:59 - 2016-03-30 14:59 - 00524401 _____ C:\Users\k\Downloads\SkinsRestorer-v11.0-v2.zip
2016-03-30 06:26 - 2016-03-25 17:07 - 230422875 _____ C:\Users\nnm\Desktop\diala.wmv
2016-03-30 06:22 - 2016-03-30 06:22 - 00000000 ____D C:\Users\nnm\AppData\Local\iSkysoft
2016-03-30 06:19 - 2016-03-30 06:19 - 00000000 ____D C:\Users\k\AppData\Local\iSkysoft
2016-03-30 06:19 - 2016-03-30 06:19 - 00000000 ____D C:\ProgramData\iSkysoft
2016-03-30 06:18 - 2016-04-02 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2016-03-30 06:17 - 2016-03-30 06:17 - 00832864 _____ C:\Users\k\Downloads\video-editor_setup_full1661.exe
2016-03-30 06:17 - 2016-03-30 06:17 - 00832864 _____ C:\Users\k\Downloads\video-editor_setup_full1661 (1).exe
2016-03-30 02:32 - 2016-03-30 02:32 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-03-30 00:28 - 2016-03-30 00:28 - 00000000 ____D C:\Program Files (x86)\ArxGaming
2016-03-29 23:48 - 2016-03-30 00:17 - 3787330669 _____ (ArxGaming) C:\Users\k\Downloads\ARXSETUP11 (1).exe
2016-03-29 22:32 - 2016-03-29 23:44 - 2147484632 _____ (ArxGaming) C:\Users\k\Downloads\ARXSETUP11.exe
2016-03-29 16:32 - 2016-03-29 16:33 - 00358942 _____ C:\Users\k\Downloads\Autorank.jar
2016-03-29 14:38 - 2016-03-29 14:40 - 16300344 _____ (Telegram Messenger LLP ) C:\Users\k\Downloads\tsetup.0.9.32.exe
2016-03-28 20:36 - 2016-03-28 20:36 - 00502204 _____ C:\Users\k\Downloads\Image (3) (1).pdf
2016-03-28 01:13 - 2016-03-28 01:14 - 00000132 _____ C:\Users\k\AppData\Roaming\Adobe GIF Format CC Prefs
2016-03-28 00:34 - 2016-03-28 00:35 - 141015434 _____ C:\Users\k\Downloads\AdbeRdr11000_mui_Std.zip
2016-03-28 00:30 - 2016-03-31 11:49 - 00000000 ____D C:\Program Files\Intel
2016-03-28 00:27 - 2016-04-02 23:09 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-28 00:27 - 2016-03-30 06:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-28 00:23 - 2016-03-28 00:23 - 00179047 _____ C:\Users\k\Downloads\סאלמה חאלד (1).pdf
2016-03-28 00:17 - 2016-03-28 00:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-28 00:16 - 2016-03-28 00:16 - 00179047 _____ C:\Users\k\Downloads\סאלמה חאלד.pdf
2016-03-28 00:16 - 2016-03-28 00:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-28 00:16 - 2016-03-28 00:16 - 00002054 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-28 00:12 - 2016-03-28 00:12 - 01195744 _____ (Adobe Systems Incorporated) C:\Users\k\Downloads\readerdc_en_ka_install.exe
2016-03-27 22:49 - 2016-03-27 22:49 - 00097413 _____ C:\Users\k\Downloads\border-frame-16594-svg.svg
2016-03-27 19:52 - 2016-03-27 20:08 - 00000000 ____D C:\Users\k\VirtualBox VMs
2016-03-27 19:45 - 2016-04-02 12:51 - 00000000 ____D C:\Users\k\.VirtualBox
2016-03-27 19:38 - 2016-03-27 19:39 - 120421344 _____ (Oracle Corporation) C:\Users\k\Downloads\VirtualBox-5.0.16-105871-Win.exe
2016-03-27 19:30 - 2016-03-27 19:48 - 00000000 ____D C:\Users\k\Desktop\Girls188
2016-03-27 19:20 - 2016-03-27 02:56 - 00000000 ____D C:\Users\k\Downloads\Girls188
2016-03-26 10:11 - 2016-03-26 10:11 - 00817227 _____ C:\Users\k\Downloads\1. Introduction to pathology.pdf
2016-03-26 10:08 - 2016-03-26 10:14 - 00000000 ____D C:\Users\k\AppData\Local\Mozilla
2016-03-26 10:08 - 2016-03-26 10:08 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-26 10:08 - 2016-03-26 10:08 - 00000000 ____D C:\Users\k\AppData\Roaming\Mozilla
2016-03-26 10:07 - 2016-03-26 10:07 - 00242352 _____ C:\Users\k\Downloads\Firefox Setup Stub 45.0.1.exe
2016-03-25 18:17 - 2016-03-25 18:17 - 00502204 _____ C:\Users\k\Downloads\Image (3).pdf
2016-03-25 18:10 - 2016-03-25 18:15 - 00000000 ___RD C:\Users\k\Documents\Scanned Documents
2016-03-25 18:10 - 2016-03-25 18:10 - 00000000 ____D C:\Users\k\Documents\Fax
2016-03-25 18:09 - 2016-03-25 18:09 - 00045680 _____ C:\Users\k\Downloads\Bewerberunterlagen_Uni_Ulm.pdf
2016-03-25 16:27 - 2016-03-25 16:27 - 00053104 _____ C:\Users\k\Desktop\diala.veg
2016-03-25 16:26 - 2016-03-25 17:07 - 230422875 _____ C:\Users\k\Documents\diala.wmv
2016-03-25 16:26 - 2016-03-25 16:26 - 00000000 ____D C:\Users\k\AppData\Roaming\Sony Creative Software Inc
2016-03-25 01:12 - 2016-03-25 01:26 - 89622191 _____ C:\Users\k\Documents\Untitledki.wmv
2016-03-25 01:10 - 2016-03-25 01:10 - 00047840 _____ C:\Users\k\Desktop\Untitledki.veg
2016-03-25 00:15 - 2016-03-25 00:26 - 88758131 _____ C:\Users\k\Documents\Untitl3ed.wmv
2016-03-25 00:09 - 2016-03-25 00:14 - 00340408 _____ C:\Users\k\Downloads\Pharrell+Williams+-+Happy+(Official+Music+Video).mp3.sfk
2016-03-24 23:51 - 2016-03-24 23:51 - 00025528 _____ C:\Users\k\Desktop\Untitled.veg
2016-03-24 23:32 - 2016-03-24 23:51 - 00102736 _____ C:\Users\k\Desktop\MVI_6627.MOV.sfk
2016-03-24 23:31 - 2016-03-24 15:26 - 759839936 _____ C:\Users\k\Desktop\MVI_6627.MOV
2016-03-24 23:27 - 2016-03-24 15:25 - 100041906 ____N C:\Users\k\Desktop\20160324_142428.mp4
2016-03-24 00:19 - 2016-03-24 00:19 - 00000000 ____D C:\Users\k\AppData\Local\TeamViewer
2016-03-23 11:27 - 2015-07-28 22:37 - 40327216 _____ C:\Users\k\Downloads\modem.bin
2016-03-23 11:07 - 2016-03-23 11:08 - 08959068 _____ C:\Users\k\Desktop\TWRP.S6.rar
2016-03-22 22:54 - 2016-02-28 18:00 - 65484879 _____ C:\Users\k\Downloads\CF-Auto-Root-zeroflte-zerofltedv-smg920i.tar.md5
2016-03-22 22:54 - 2016-02-28 18:00 - 02276352 _____ (Samsung Electronics Co., Ltd.) C:\Users\k\Downloads\Odin3-v3.10.6.exe
2016-03-22 22:54 - 2016-02-28 18:00 - 00159744 _____ (TmaxSoft Co., Ltd) C:\Users\k\Downloads\tmax.dll
2016-03-22 22:54 - 2016-02-28 18:00 - 00102400 _____ C:\Users\k\Downloads\zlib.dll
2016-03-22 22:54 - 2016-02-28 18:00 - 00000709 _____ C:\Users\k\Downloads\Odin3.ini
2016-03-22 17:54 - 2016-04-03 20:21 - 00000000 ____D C:\Users\nnm\AppData\LocalLow\uTorrent
2016-03-18 20:38 - 2016-03-18 20:38 - 00000000 ____D C:\Program Files\Realtek
2016-03-18 20:37 - 2015-06-18 19:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-03-18 20:37 - 2015-06-18 18:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-03-18 20:37 - 2015-06-17 20:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-03-18 20:37 - 2015-06-17 15:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-03-18 20:37 - 2015-06-15 18:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-03-18 20:37 - 2015-05-26 12:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-03-18 20:37 - 2015-05-18 15:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-03-18 20:37 - 2015-05-15 20:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-03-18 20:37 - 2015-05-15 17:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-03-18 20:37 - 2015-05-05 15:01 - 01948928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2016-03-18 20:37 - 2015-05-05 15:01 - 01716480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2016-03-18 20:37 - 2014-11-11 14:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-03-18 20:37 - 2014-01-08 16:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2016-03-18 20:37 - 2013-01-11 17:27 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2016-03-18 20:37 - 2013-01-11 17:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2016-03-18 20:37 - 2012-06-08 17:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2016-03-18 20:37 - 2012-06-08 17:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2016-03-18 20:37 - 2011-12-20 16:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-03-18 20:37 - 2011-11-22 17:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-03-18 20:37 - 2010-11-08 08:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-03-18 20:37 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-03-18 20:37 - 2009-11-24 10:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-03-18 20:37 - 2009-11-24 10:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-03-18 20:37 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-03-18 20:36 - 2015-05-25 16:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-03-18 20:36 - 2014-06-09 11:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-03-18 20:36 - 2014-04-10 13:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-03-18 20:36 - 2013-10-11 13:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-03-18 20:36 - 2012-03-08 12:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-03-18 20:36 - 2010-09-27 10:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-03-18 20:28 - 2016-03-18 20:28 - 00000000 ____D C:\Users\k\AppData\Local\Dell
2016-03-18 20:27 - 2016-03-18 20:28 - 00000000 ____D C:\Program Files\IDT
2016-03-18 20:21 - 2016-03-18 20:21 - 00000000 ____D C:\Users\k\AppData\Roaming\uTorrent
2016-03-18 18:09 - 2016-04-04 18:28 - 00000000 ____D C:\Users\k\Desktop\New folder (6)
2016-03-18 00:57 - 2016-03-18 00:57 - 00000132 _____ C:\Users\k\AppData\Roaming\Adobe AIFF Format CC Prefs
2016-03-18 00:00 - 2016-03-18 20:38 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-03-17 23:52 - 2016-03-28 00:22 - 00000000 ____D C:\Users\k\AppData\LocalLow\Adobe
2016-03-17 23:48 - 2016-03-17 23:48 - 00001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2016-03-17 23:31 - 2016-03-17 23:31 - 00000000 ____D C:\Users\k\AppData\Roaming\driveridentifier
2016-03-17 23:18 - 2016-04-04 18:28 - 00000000 ____D C:\Users\k\Desktop\New folder (5)
2016-03-17 22:41 - 2016-04-06 13:29 - 00000350 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-03-17 22:41 - 2016-03-31 00:29 - 00002704 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2016-03-17 22:34 - 2016-03-17 22:46 - 00000000 ____D C:\Program Files (x86)\softOSD
2016-03-17 22:34 - 2007-05-03 18:19 - 00014032 _____ (EnTech Taiwan) C:\Windows\system32\Drivers\se64a.sys
2016-03-17 22:25 - 2016-03-17 22:25 - 00000000 ____D C:\Users\k\Desktop\New folder (4)
2016-03-17 22:08 - 2016-03-17 22:08 - 00000000 ____D C:\Users\k\AppData\Local\DriverToolkit
2016-03-17 18:57 - 2016-03-17 18:57 - 00000000 _____ C:\Users\k\Desktop\New Text Document.txt
2016-03-17 18:11 - 2016-03-17 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-17 18:05 - 2016-03-17 18:11 - 00000000 ____D C:\Users\k\AppData\Local\Skype
2016-03-17 18:05 - 2016-03-17 18:05 - 00000000 ____D C:\Users\k\Tracing
2016-03-17 18:04 - 2016-03-20 17:30 - 00000000 ____D C:\Users\k\AppData\Roaming\Skype
2016-03-17 18:03 - 2016-04-05 18:31 - 00000000 ____D C:\Users\k\AppData\Local\ElevatedDiagnostics
2016-03-17 17:01 - 2016-03-17 18:48 - 00000000 ____D C:\Users\k\AppData\Roaming\TS3Client
2016-03-16 19:18 - 2016-03-30 22:57 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3712952004-2349104225-4285756531-1005
2016-03-15 17:04 - 2016-03-15 17:05 - 28037190 _____ C:\Users\k\Downloads\SpaceX-Kernel_MM_RC1_G925F_Test.tar (1).md5
2016-03-15 17:02 - 2016-03-15 17:03 - 28028928 _____ C:\Users\k\Downloads\boot (1).img
2016-03-13 23:31 - 2016-03-13 23:33 - 05985335 _____ C:\Users\k\Downloads\10 THERMAL PHYSICS.pdf
2016-03-13 23:31 - 2016-03-13 23:33 - 04248592 _____ C:\Users\k\Downloads\9 SOLIDS AND FLUIDS.pdf
2016-03-11 19:57 - 2016-03-11 19:57 - 00000000 ____D C:\Users\k\AppData\LocalLow\Freejam
2016-03-11 19:56 - 2016-03-11 18:30 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-03-11 15:32 - 2016-03-11 15:32 - 00000000 ____D C:\Users\nnm\AppData\Local\Chris_Pietschmann_(http__
2016-03-11 15:32 - 2016-03-11 15:32 - 00000000 ____D C:\Users\Abo Jaber\AppData\Local\Chris_Pietschmann_(http__
2016-03-11 14:09 - 2016-03-11 14:09 - 00000000 __SHD C:\Users\Abo Jaber\AppData\LocalLow\EmieUserList
2016-03-11 14:09 - 2016-03-11 14:09 - 00000000 __SHD C:\Users\Abo Jaber\AppData\LocalLow\EmieSiteList
2016-03-10 20:57 - 2016-03-10 21:11 - 00000000 ____D C:\Users\k\Desktop\slavery
2016-03-10 20:16 - 2016-03-10 20:16 - 02480411 _____ C:\Users\k\Downloads\Slavery-Presentation (1).pptx
2016-03-10 19:53 - 2016-03-14 14:34 - 03669722 _____ C:\Users\k\Downloads\Slavery-Presentation.pptx
2016-03-10 19:30 - 2016-03-10 19:31 - 05971968 _____ C:\Users\k\Downloads\slavery and society.ppt
2016-03-10 19:27 - 2016-03-10 19:27 - 06620665 _____ C:\Users\k\Downloads\slave_trade (2).pptx
2016-03-10 19:27 - 2016-03-10 19:27 - 00974848 _____ C:\Users\k\Downloads\Slavery (1).ppt
2016-03-10 19:26 - 2016-03-10 19:27 - 06620665 _____ C:\Users\k\Downloads\slave_trade (1).pptx
2016-03-10 19:06 - 2016-03-10 19:06 - 06620665 _____ C:\Users\k\Downloads\slave_trade.pptx
2016-03-10 19:05 - 2016-03-10 19:05 - 04462562 _____ C:\Users\k\Downloads\media_349133_en.pptx
2016-03-10 18:46 - 2016-03-14 14:33 - 00929792 _____ C:\Users\k\Downloads\The Project That I took Idea from.ppt
2016-03-10 18:30 - 2016-03-10 19:53 - 02520760 _____ C:\Users\k\Downloads\Slavery Presentation.pptx
2016-03-10 15:53 - 2016-03-10 15:53 - 00965518 _____ C:\Users\k\Downloads\DE-SAMSUNGNIZER_KNOX_REMOVAL_SCRIPT_V2.0.zip
2016-03-10 15:52 - 2016-03-10 15:54 - 09420847 _____ C:\Users\k\Downloads\i9300i-nh3_twrp-2.7.1.0_v3.tar
2016-03-10 15:52 - 2016-03-10 15:53 - 01260473 _____ C:\Users\k\Downloads\UPDATE-SuperSU-v2.02.zip
2016-03-10 14:24 - 2016-03-10 14:24 - 05832057 _____ C:\Users\k\Downloads\xposed-v80-sdk21-arm64.zip
2016-03-10 14:24 - 2016-03-10 14:24 - 00306340 _____ C:\Users\k\Downloads\xposed-uninstaller-20150831-arm64.zip
2016-03-10 13:53 - 2016-03-10 13:53 - 08183944 _____ C:\Users\k\Downloads\xposed-v80.0-sdk23-arm64-custom-build-by-wanam-20160211 (1).zip
2016-03-10 12:22 - 2016-03-10 12:22 - 00000000 ____D C:\Users\k\AppData\Local\Chris_Pietschmann_(http__
2016-03-10 12:14 - 2016-03-13 22:13 - 00000000 ____D C:\Program Files (x86)\Virtual Router
2016-03-10 12:14 - 2016-03-10 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2016-03-10 11:48 - 2016-03-30 22:57 - 00003218 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3712952004-2349104225-4285756531-1005
2016-03-10 01:07 - 2015-07-28 22:44 - 01634576 _____ C:\Users\k\Downloads\sboot.bin
2016-03-10 01:07 - 2011-06-22 18:25 - 02113808 _____ C:\Users\k\Downloads\cm.bin
2016-03-10 00:35 - 2016-03-10 00:35 - 01638445 _____ C:\Users\k\Downloads\bl_old.tar.md5
2016-03-09 23:11 - 2016-03-09 23:15 - 28037190 _____ C:\Users\k\Downloads\SpaceX-Kernel_MM_RC1_G925F_Test.tar.md5
2016-03-09 20:01 - 2016-03-09 20:01 - 00000000 ____D C:\Users\k\Desktop\s6 edge
2016-03-09 20:00 - 2016-03-09 20:11 - 00000000 ____D C:\Users\k\Desktop\WhatsApp
2016-03-09 19:47 - 2016-03-09 19:47 - 01110104 _____ C:\Users\k\Downloads\Odin3_v3.10.7.zip
2016-03-09 19:34 - 2016-03-09 21:24 - 1811075686 _____ C:\Users\k\Desktop\G925FXXU3DPBG_G925FOXE3DPAD_SER.zip
2016-03-09 14:17 - 2016-02-12 21:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 14:17 - 2016-02-12 21:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 14:17 - 2016-02-12 21:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 14:17 - 2016-02-12 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 14:17 - 2016-02-12 21:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 14:17 - 2016-02-12 21:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 14:17 - 2016-02-12 21:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 14:17 - 2016-02-12 21:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 14:17 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 14:17 - 2016-02-12 21:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 14:17 - 2016-02-12 21:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 14:17 - 2016-02-12 21:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 14:17 - 2016-02-12 21:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 14:17 - 2016-02-12 21:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 14:17 - 2016-02-12 21:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 14:17 - 2016-02-12 21:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 14:17 - 2016-02-09 09:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 14:17 - 2016-02-09 09:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 14:17 - 2016-02-09 00:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 14:17 - 2016-02-08 23:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 14:17 - 2016-02-08 23:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 14:17 - 2016-02-08 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 14:17 - 2016-02-08 23:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 14:17 - 2016-02-08 23:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 14:17 - 2016-02-08 23:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 14:17 - 2016-02-08 23:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 14:17 - 2016-02-08 23:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 14:17 - 2016-02-08 23:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 14:17 - 2016-02-08 23:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 14:17 - 2016-02-08 23:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 14:17 - 2016-02-08 23:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 14:17 - 2016-02-08 23:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 14:17 - 2016-02-08 23:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 14:17 - 2016-02-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 14:17 - 2016-02-08 23:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 14:17 - 2016-02-08 23:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 14:17 - 2016-02-08 23:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 14:17 - 2016-02-08 23:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 14:17 - 2016-02-08 23:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 14:17 - 2016-02-08 23:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 14:17 - 2016-02-08 23:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 14:17 - 2016-02-08 23:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 14:17 - 2016-02-08 23:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 14:17 - 2016-02-08 23:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 14:17 - 2016-02-08 23:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 14:17 - 2016-02-08 23:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 14:17 - 2016-02-08 22:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 14:17 - 2016-02-08 22:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 14:17 - 2016-02-08 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 14:17 - 2016-02-08 21:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 14:17 - 2016-02-08 21:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 14:17 - 2016-02-08 21:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 14:17 - 2016-02-08 21:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 14:17 - 2016-02-08 21:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 14:17 - 2016-02-08 21:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 14:17 - 2016-02-08 21:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 14:17 - 2016-02-08 21:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 14:17 - 2016-02-08 21:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 14:17 - 2016-02-08 21:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 14:17 - 2016-02-08 21:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 14:17 - 2016-02-08 21:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 14:17 - 2016-02-08 21:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 14:17 - 2016-02-08 21:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 14:17 - 2016-02-08 21:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 14:17 - 2016-02-08 21:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 14:17 - 2016-02-08 21:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 14:17 - 2016-02-08 21:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 14:17 - 2016-02-08 20:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 14:17 - 2016-02-08 20:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 14:17 - 2016-02-08 20:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 14:17 - 2016-02-08 20:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 14:17 - 2016-02-08 20:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 14:17 - 2016-02-08 20:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 14:17 - 2016-02-08 20:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 14:17 - 2016-02-08 20:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 14:17 - 2016-02-08 20:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 14:17 - 2016-02-08 20:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 14:17 - 2016-02-08 20:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 14:17 - 2016-02-08 20:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 14:17 - 2016-02-08 20:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 14:17 - 2016-02-08 20:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 14:17 - 2016-02-08 19:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 14:17 - 2016-02-04 20:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 14:17 - 2016-02-03 21:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 14:17 - 2016-02-03 21:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 14:17 - 2016-02-03 21:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 14:17 - 2016-02-03 21:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 14:17 - 2016-02-03 21:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 14:17 - 2016-01-11 22:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 14:17 - 2015-11-19 17:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 14:17 - 2015-11-19 17:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 14:16 - 2016-02-11 21:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 14:16 - 2016-02-11 21:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 14:16 - 2016-02-11 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 14:16 - 2016-02-11 21:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 14:16 - 2016-02-11 21:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 14:16 - 2016-02-11 21:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 14:16 - 2016-02-11 21:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 14:16 - 2016-02-11 21:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 14:16 - 2016-02-11 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 14:16 - 2016-02-11 21:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 14:16 - 2016-02-11 21:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 14:16 - 2016-02-11 21:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 14:16 - 2016-02-11 21:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 14:16 - 2016-02-11 21:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 14:16 - 2016-02-11 21:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 14:16 - 2016-02-11 21:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 14:16 - 2016-02-11 21:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 14:16 - 2016-02-11 21:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 14:16 - 2016-02-11 21:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 14:16 - 2016-02-11 21:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 14:16 - 2016-02-11 21:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 14:16 - 2016-02-11 21:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 14:16 - 2016-02-11 21:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 14:16 - 2016-02-11 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 14:16 - 2016-02-11 21:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 14:16 - 2016-02-11 21:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 14:16 - 2016-02-11 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 14:16 - 2016-02-11 21:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 14:16 - 2016-02-11 21:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 14:16 - 2016-02-11 21:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 14:16 - 2016-02-11 21:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 14:16 - 2016-02-11 21:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 14:16 - 2016-02-11 21:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 14:16 - 2016-02-11 21:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 21:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 20:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 14:16 - 2016-02-11 20:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 14:16 - 2016-02-11 20:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 14:16 - 2016-02-11 20:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 14:16 - 2016-02-11 20:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 14:16 - 2016-02-11 20:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 14:16 - 2016-02-11 20:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 14:16 - 2016-02-11 20:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 14:16 - 2016-02-11 20:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 14:16 - 2016-02-11 20:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 14:16 - 2016-02-11 20:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 14:16 - 2016-02-11 20:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 14:16 - 2016-02-11 20:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 14:16 - 2016-02-11 20:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 14:16 - 2016-02-11 20:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 20:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 20:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 14:16 - 2016-02-11 20:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 14:15 - 2016-02-19 22:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 14:15 - 2016-02-19 21:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 14:15 - 2016-02-19 17:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 14:15 - 2016-02-11 17:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 14:15 - 2016-02-09 12:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 14:15 - 2016-02-09 12:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 14:15 - 2016-02-09 12:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 14:15 - 2016-02-09 12:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 14:15 - 2016-02-09 12:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 14:15 - 2016-02-09 12:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 14:15 - 2016-02-09 12:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 14:15 - 2016-02-09 12:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 14:15 - 2016-02-09 12:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 14:15 - 2016-02-09 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 14:15 - 2016-02-09 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 14:15 - 2016-02-05 21:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 14:15 - 2016-02-05 21:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 14:15 - 2016-02-05 21:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 14:15 - 2016-02-05 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 14:15 - 2016-02-05 21:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 14:15 - 2016-02-05 21:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 14:15 - 2016-02-05 21:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 14:15 - 2016-02-05 20:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 14:15 - 2016-02-05 20:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 14:15 - 2016-02-05 20:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 14:15 - 2016-02-05 17:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 14:15 - 2016-02-05 17:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 14:15 - 2016-02-05 17:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 14:15 - 2016-02-05 04:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 14:15 - 2016-02-04 21:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 12:46 - 2015-12-17 12:44 - 1680422035 _____ C:\Users\k\Desktop\G925FXXU3QOLB_G925FWFA3QOL1_XFA.zip
2016-03-08 12:43 - 2015-12-21 21:14 - 25241650 _____ C:\Users\k\Desktop\s6 edge root.tar
2016-03-08 12:43 - 2015-11-13 15:41 - 01032204 _____ C:\Users\k\Desktop\Odin3_v3.10.6.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-06 13:34 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:34 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:31 - 2015-09-18 09:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-06 13:29 - 2015-09-18 09:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 13:29 - 2013-08-20 15:58 - 00000000 ____D C:\ProgramData\MFAData
2016-04-06 13:23 - 2014-05-16 08:21 - 00000672 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-04-06 13:23 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-05 17:24 - 2016-01-28 00:10 - 00191160 _____ C:\Users\k\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-05 17:04 - 2015-11-30 16:35 - 00600784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-04 18:56 - 2015-10-04 09:30 - 00000000 ____D C:\Users\Abo Jaber\AppData\LocalLow\BitTorrent
2016-04-04 18:56 - 2014-05-31 08:48 - 00000000 ____D C:\Users\Abo Jaber\AppData\Local\AVG
2016-04-04 18:53 - 2014-09-10 18:37 - 00000000 ____D C:\Users\Abo Jaber\AppData\Roaming\BitTorrent
2016-04-04 18:42 - 2014-02-03 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-04-04 18:42 - 2014-02-02 23:35 - 00000000 ____D C:\Program Files\WinRAR
2016-04-04 15:46 - 2009-07-14 08:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-04 15:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-04-03 20:22 - 2013-12-18 21:56 - 00000000 ____D C:\Users\Abo Jaber\AppData\Roaming\AVG
2016-04-03 20:22 - 2013-12-08 23:10 - 00001290 __RSH C:\Users\Abo Jaber\ntuser.pol
2016-04-03 20:22 - 2013-08-20 15:47 - 00191160 _____ C:\Users\Abo Jaber\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-03 20:22 - 2013-08-20 15:32 - 00000000 ____D C:\Users\Abo Jaber
2016-04-03 20:22 - 2009-07-14 08:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-03 20:21 - 2015-08-19 10:16 - 00000000 ____D C:\Users\nnm\AppData\Roaming\uTorrent
2016-04-03 20:16 - 2015-04-07 15:09 - 00000000 ____D C:\Program Files (x86)\Corel
2016-04-03 20:16 - 2013-08-20 15:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-03 20:10 - 2015-04-07 15:11 - 00000000 ____D C:\ProgramData\Corel
2016-04-03 19:50 - 2014-11-30 11:05 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-03 19:49 - 2013-08-20 15:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-03 19:38 - 2014-05-24 11:35 - 00000000 ____D C:\ProgramData\BlueStacks
2016-04-03 19:30 - 2016-01-29 18:48 - 00000000 ____D C:\Users\k\AppData\Local\Adobe
2016-04-03 19:04 - 2015-01-08 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games
2016-04-03 18:55 - 2016-01-20 20:37 - 00000000 ____D C:\Program Files (x86)\Hueber
2016-04-03 18:50 - 2013-09-20 00:44 - 00000000 ____D C:\ProgramData\Sony
2016-04-03 18:50 - 2013-09-20 00:44 - 00000000 ____D C:\Program Files (x86)\Sony
2016-04-03 18:41 - 2015-01-08 20:44 - 00000000 ____D C:\Program Files\ESET
2016-04-03 18:08 - 2014-11-21 19:25 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-04-03 00:46 - 2013-08-20 17:21 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-03 00:18 - 2015-01-08 23:59 - 00000000 ____D C:\Windows\pss
2016-04-03 00:11 - 2016-03-04 18:05 - 00000000 ____D C:\Users\k\AppData\Roaming\TeamViewer
2016-04-02 23:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\ModemLogs
2016-04-02 22:24 - 2013-11-23 09:12 - 00000000 ____D C:\ProgramData\McAfee
2016-04-02 18:05 - 2015-08-19 11:03 - 00000000 ____D C:\Users\nnm\AppData\Local\Lenovo
2016-04-02 18:04 - 2015-08-19 11:01 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-04-02 16:34 - 2016-02-09 17:33 - 00000000 ____D C:\Users\k\AppData\Roaming\.minecraft
2016-03-31 13:56 - 2014-01-19 19:50 - 00000000 ____D C:\Users\Abo Jaber\Downloads\New folder (2)
2016-03-31 13:53 - 2014-01-26 22:44 - 00000000 ____D C:\Users\Abo Jaber\Desktop\New folder (15)
2016-03-31 13:52 - 2013-11-19 15:25 - 00000000 ____D C:\Users\Abo Jaber\AppData\Local\TBHostSupport
2016-03-31 13:49 - 2015-04-12 13:14 - 00000000 ____D C:\ProgramData\{bc691e68-ebbd-2595-bc69-91e68ebb79a3}
2016-03-31 13:45 - 2015-01-17 13:15 - 00000000 ____D C:\ProgramData\lplnmaipohaogoiofnhnlokimcfkaflb
2016-03-31 13:23 - 2014-12-24 12:06 - 00000000 ____D C:\Program Files (x86)\b8f7821d-3604-4be2-aee2-69f6c32a250c
2016-03-31 13:17 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-31 12:27 - 2014-05-28 15:47 - 00000000 ____D C:\Users\nnm\AppData\Roaming\AVG
2016-03-31 12:25 - 2014-05-28 15:47 - 00000000 ____D C:\Users\nnm\AppData\Local\AVG
2016-03-31 12:20 - 2013-12-18 21:54 - 00000000 ____D C:\ProgramData\AVG
2016-03-31 11:55 - 2015-01-04 17:47 - 00000000 ____D C:\Users\nnm\AppData\Local\Adobe
2016-03-31 11:54 - 2015-01-04 17:58 - 00000000 ____D C:\Users\nnm\AppData\LocalLow\Adobe
2016-03-31 11:54 - 2014-02-05 20:28 - 00000000 ____D C:\Users\nnm\AppData\Roaming\Adobe
2016-03-30 23:38 - 2013-08-20 16:20 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 23:38 - 2013-08-20 16:20 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-30 06:22 - 2015-11-30 00:48 - 00191160 _____ C:\Users\nnm\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-29 22:00 - 2016-03-06 04:17 - 00000000 ____D C:\Users\k\Desktop\New folder (3)
2016-03-28 15:35 - 2014-12-24 12:05 - 00000000 ____D C:\Users\nnm\AppData\Roaming\Extensions
2016-03-28 00:23 - 2015-01-04 17:46 - 00000000 ____D C:\ProgramData\Adobe
2016-03-28 00:22 - 2016-01-28 00:10 - 00000000 ____D C:\Users\k\AppData\Roaming\Adobe
2016-03-28 00:15 - 2016-01-20 20:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-27 19:52 - 2016-01-28 00:09 - 00000000 ____D C:\Users\k
2016-03-26 00:16 - 2016-01-28 00:11 - 00000000 ____D C:\Users\k\Documents\Cross Fire
2016-03-25 08:57 - 2016-01-28 00:15 - 00000000 ____D C:\Users\k\AppData\Roaming\HpUpdate
2016-03-25 02:43 - 2015-10-17 13:10 - 00000000 ____D C:\Users\nnm\Desktop\galaxy s5
2016-03-25 02:42 - 2014-05-16 20:52 - 00000000 ___RD C:\Users\nnm\Desktop\Mohammed
2016-03-25 02:34 - 2016-01-23 13:09 - 00000000 ____D C:\Users\nnm\Desktop\New folder (27)
2016-03-25 02:33 - 2015-12-17 12:48 - 00000000 ____D C:\Users\nnm\Desktop\New folder (24)
2016-03-25 02:30 - 2015-06-04 13:11 - 00000000 ____D C:\Users\nnm\Desktop\New folder (19)
2016-03-25 02:27 - 2015-09-29 15:35 - 00000000 ____D C:\Users\nnm\Desktop\New folder (5)
2016-03-25 02:26 - 2015-09-27 16:14 - 00000000 ____D C:\Users\nnm\Desktop\New folder (2)
2016-03-24 18:55 - 2015-11-13 09:22 - 00000000 ____D C:\Users\nnm\AppData\Roaming\.minecraft
2016-03-21 22:06 - 2009-07-14 08:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-20 14:48 - 2015-11-29 22:39 - 00000000 ____D C:\Program Files (x86)\360
2016-03-19 11:07 - 2016-01-28 00:09 - 00001290 __RSH C:\Users\k\ntuser.pol
2016-03-19 00:02 - 2015-11-29 22:40 - 00000000 ____D C:\Users\nnm\AppData\LocalLow\360WD
2016-03-18 20:35 - 2013-08-20 15:35 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-03-18 15:49 - 2015-11-29 22:50 - 00000000 __SHD C:\$360Section
2016-03-18 15:49 - 2015-11-29 22:41 - 00000000 ____D C:\ProgramData\360Quarant
2016-03-18 09:17 - 2016-01-28 00:09 - 00000000 ____D C:\Users\k\AppData\Local\VirtualStore
2016-03-17 23:48 - 2013-08-20 15:34 - 00000000 ____D C:\dell
2016-03-17 23:44 - 2013-08-20 18:17 - 00000000 ____D C:\CFLog
2016-03-17 23:44 - 2013-08-20 17:49 - 00000000 ____D C:\ProgramData\Dell
2016-03-17 21:35 - 2014-02-05 20:28 - 00000000 ____D C:\Users\nnm
2016-03-17 21:34 - 2013-08-20 16:30 - 00000000 ____D C:\ProgramData\Real
2016-03-17 21:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2016-03-17 18:11 - 2015-08-24 09:39 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-17 18:11 - 2015-01-13 15:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-17 18:11 - 2015-01-13 15:34 - 00000000 ____D C:\ProgramData\Skype
2016-03-16 07:29 - 2015-11-30 21:14 - 00000000 ____D C:\Users\Abo Jaber\AppData\LocalLow\360WD
2016-03-15 18:05 - 2016-01-28 00:10 - 00000000 ____D C:\Users\k\AppData\Local\Google
2016-03-10 15:47 - 2015-07-23 22:45 - 00000000 ____D C:\Users\nnm\Desktop\m7mad memory
2016-03-10 11:45 - 2013-08-20 16:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-10 02:20 - 2013-08-20 16:59 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 02:15 - 2015-11-04 14:14 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 02:15 - 2013-08-20 16:58 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2013-12-18 07:24 - 2013-12-18 07:24 - 0122375 _____ () C:\Program Files\Acknowledgements.rtf
2013-12-08 22:50 - 2013-12-08 22:50 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2016-03-18 00:57 - 2016-03-18 00:57 - 0000132 _____ () C:\Users\k\AppData\Roaming\Adobe AIFF Format CC Prefs
2016-03-28 01:13 - 2016-03-28 01:14 - 0000132 _____ () C:\Users\k\AppData\Roaming\Adobe GIF Format CC Prefs
2016-02-06 16:29 - 2016-02-06 16:29 - 0003584 _____ () C:\Users\k\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 18:04 - 2016-04-03 18:04 - 0000017 _____ () C:\Users\k\AppData\Local\resmon.resmoncfg
2014-01-15 08:15 - 2014-01-15 08:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
 
Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
 
 
Some files in TEMP:
====================
C:\Users\k\AppData\Local\Temp\Uninstall.exe
C:\Users\nnm\AppData\Local\Temp\jansi-64-100730149905684066.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1164209137509039528.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1169770041918705052.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1237650874442430077.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1238252677639777647.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1256904344849874709.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1341478157626899413.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1426000372415220543.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-1522112089329616537.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-184828831724618848.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-2751527130731483369.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-2755860548425264488.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3108099001911968601.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3181618351700364788.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3190179381221767648.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3454520592365255192.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3457239746555052749.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3901323849650706149.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-3924196133897676469.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-4031795019102929405.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-4154297148825042232.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-4392676699551365927.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-4486456126842146827.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-465671753390378633.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-509595100590616130.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5224323490038054623.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5304719911608960818.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-539963113507953502.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-550360638412899793.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5563359033589557141.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5799992289927867096.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5919545297229822307.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-5965987558957718128.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6234000244098534746.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6364339030314867044.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6372332156398887256.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6410531017487080149.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6422669697747600441.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6668228092051643595.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-6681135836629196614.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7344684669335407572.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7415400984361336683.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7510884800857029996.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7626697153715813451.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7785078324100783228.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7805826400143385196.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7810591504667887420.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7911440835273048677.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-7929317819670914832.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-8045842714250082207.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-8419528463621148425.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-8663260259130875115.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-8663547915179343937.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-8924509913903769713.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-9191901160942678559.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-9201564292040041045.dll
C:\Users\nnm\AppData\Local\Temp\jansi-64-926826842725224252.dll
C:\Users\nnm\AppData\Local\Temp\lowproc.exe
C:\Users\nnm\AppData\Local\Temp\SkypeSetup.exe
C:\Users\nnm\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-08-23 12:17
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Adition.txt : 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by k (2016-04-06 13:37:38)
Running from C:\Users\k\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-08-20 12:32:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abo Jaber (S-1-5-21-3712952004-2349104225-4285756531-1000 - Administrator - Enabled) => C:\Users\Abo Jaber
Administrator (S-1-5-21-3712952004-2349104225-4285756531-500 - Administrator - Disabled)
Guest (S-1-5-21-3712952004-2349104225-4285756531-501 - Limited - Enabled) => C:\Users\Guest.AboJaber-PC
HomeGroupUser$ (S-1-5-21-3712952004-2349104225-4285756531-1002 - Limited - Enabled)
k (S-1-5-21-3712952004-2349104225-4285756531-1005 - Administrator - Enabled) => C:\Users\k
nnm (S-1-5-21-3712952004-2349104225-4285756531-1003 - Administrator - Enabled) => C:\Users\nnm
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.50619 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{7D1E43FF-5076-3979-12A4-C1A47B207BF0}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4540 - AVG Technologies) Hidden
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
ccc-core-static (x32 Version: 2010.0619.2309.39726 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x32 Version: 16.0 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DellOSD (HKLM\...\{89B91433-49FF-45E6-9B89-02E761A5ACB9}) (Version: 1.10.0000 - Dell, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc‎.‎)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
Iminent (x32 Version: 6.37.21.0 - Iminent) Hidden <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Maren (HKLM-x32\...\{7E6FA2FF-CC41-4145-9C06-19C1F78DF855}) (Version: 1.0.1.0 - Microsoft)
Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{0807242D-4BB5-4F6C-BEA8-EC9D75A51C51}) (Version: 1.1.1817.91 - Alcor Micro Corp.)
Multimedia Card Reader (x32 Version: 1.1.1817.91 - Alcor Micro Corp.) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SSF Manual HS Installer (x32 Version: 13.10.14.02 - DF Interactive) Hidden
StickyNotes (HKLM-x32\...\{0A71BAB4-D703-4CE4-8B3F-0D06A1D1A4E1}) (Version: 1.3.20.0 - Dell)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Telegram Desktop version 0.9.32 (HKU\S-1-5-21-3712952004-2349104225-4285756531-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.32 - Telegram Messenger LLP)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XHeader (HKLM-x32\...\XHeader) (Version: 1.215 - Intellimon)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {006B43B0-4B8E-4231-A01B-FCA89822BC07} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3712952004-2349104225-4285756531-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {142B4AE4-51A5-4199-A903-6BCDC86C3978} - System32\Tasks\{85E50F81-C6AB-4DA6-89B7-A857B9E36458} => F:\GetWindows10-sds_____________.exe
Task: {1E902AD9-3929-4F10-8373-544DA855B376} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {1EDD888F-28EE-4797-BCBC-2D54CE381D55} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3712952004-2349104225-4285756531-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {289F4103-E38C-44D0-BC46-69EAC22F8BA0} - System32\Tasks\{37982181-B2EB-47EA-8AD6-4AE8EECEF143} => F:\GetWindows10-sds_____________.exe
Task: {35C472E4-17B0-432C-A00F-D786953B815A} - System32\Tasks\{FD23A86C-2397-40DB-9A78-CE1DE1669F20} => F:\GetWindows10-sds_____________.exe
Task: {3CCB0B9B-7C31-4C7C-B455-ADB5DEBFD299} - System32\Tasks\{4DC71A83-64E4-45AA-BD32-30FB2649E965} => F:\GetWindows10-sds_____________.exe
Task: {53ED7F48-EC93-4B74-9675-9BD8435535DF} - System32\Tasks\{D62EF02D-6D57-4F45-A0F8-160AD8EC8EF2} => F:\GetWindows10-sds_____________.exe
Task: {6C4FD579-7FBA-4359-835F-434BBC39F3E1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3712952004-2349104225-4285756531-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {752CD77A-68D5-4AB9-9FB5-CA0D26A65813} - System32\Tasks\{2B3D6426-B6AA-425B-B2D2-269874E20867} => F:\GetWindows10-sds_____________.exe
Task: {910D3104-0EE2-4960-B336-06C30E505FAF} - System32\Tasks\{4812DA7F-2908-41F3-A0A6-02523CA1754C} => F:\GetWindows10-sds_____________.exe
Task: {9646CB70-50A3-4FAD-911D-411633EC7519} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {96BBA8CE-F0CB-4B1D-8730-ACCA98C4DC73} - System32\Tasks\{9F1F3F59-4B9F-45CD-BB05-9AD9DBEF3997} => F:\GetWindows10-sds_____________.exe
Task: {97369061-49DF-4887-9ABC-5AC83C7F80F0} - System32\Tasks\{4F15A90C-5085-4910-B25D-E843E37868CC} => F:\GetWindows10-sds_____________.exe
Task: {A52BD80B-CD35-4A80-949A-34E99B3432A1} - System32\Tasks\{B8A3E4C8-7EF7-4D3A-97F2-D63A3F62D0F2} => F:\GetWindows10-sds_____________.exe
Task: {A8BFBD90-CF47-4AB7-9283-0B96346CACBD} - System32\Tasks\{28650502-BF3A-4C4A-B286-4394AA8B80BD} => F:\GetWindows10-sds_____________.exe
Task: {AB3D6D79-7228-4568-9AC1-A1860681D112} - System32\Tasks\{F70E1298-B38E-49F4-B0C3-25B9B50E887A} => F:\GetWindows10-sds_____________.exe
Task: {B6C6DC7A-EA78-49DF-8BA1-A7B630B3E789} - System32\Tasks\{C13011F8-526D-4E78-9E32-4050D5EA4F58} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/en/abandoninstall?page=tsProgressBar
Task: {B73BF712-38A8-49CC-9E7D-B3F62F5C04BA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3712952004-2349104225-4285756531-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {C47FD8D0-B5A1-40EF-9F77-44E72B49A2B2} - System32\Tasks\{97938A2C-047C-4979-BF2C-81615FA4EA86} => F:\GetWindows10-sds_____________.exe
Task: {C5BEAA62-14D3-413B-8FD0-7AB817C1C53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18] (Google Inc.)
Task: {CEDE4724-4FED-41D8-A1C6-253763C4A946} - System32\Tasks\{B8E46DB3-896F-4C3C-B754-1E58EAE6302D} => F:\GetWindows10-sds_____________.exe
Task: {DD6EA738-8B54-4FE8-AFFF-57183469E2F6} - System32\Tasks\{45205F9F-A957-4202-88DF-F97E0A6179FD} => F:\GetWindows10-sds_____________.exe
Task: {ED4B6B8D-EAB5-41AC-9325-068C01C4138A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {F8A7B68C-9C65-4199-855C-73D34061E66A} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-30 23:36 - 2016-03-27 10:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 23:36 - 2016-03-27 10:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:NT [40]
AlternateDataStreams: C:\ProgramData:NT2 [322]
AlternateDataStreams: C:\Users\All Users:NT [40]
AlternateDataStreams: C:\Users\All Users:NT2 [322]
AlternateDataStreams: C:\Users\Abo Jaber\Documents\123444.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Abo Jaber\Documents\123444.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Abo Jaber\Documents\222.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\Abo Jaber\Documents\222.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [120]
AlternateDataStreams: C:\Users\nnm\Application Data:NT [40]
AlternateDataStreams: C:\Users\nnm\Application Data:NT2 [322]
AlternateDataStreams: C:\Users\nnm\Desktop\48.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\nnm\Desktop\48.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\nnm\Desktop\diala.jpeg:3or4kl4x13tuuug3Byamue2s4b [87]
AlternateDataStreams: C:\Users\nnm\Desktop\diala.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\nnm\AppData\Roaming:NT [40]
AlternateDataStreams: C:\Users\nnm\AppData\Roaming:NT2 [322]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-04-03 01:24 - 2016-04-03 01:27 - 00000113 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1            0.0.0.0 keystone.mwbsys.com
127.0.0.1            0.0.0.0 keystone-prod.elasticbeanstalk.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3712952004-2349104225-4285756531-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\k\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: PSI_SVC_2 => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^nnm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EOS Utility.lnk => C:\Windows\pss\EOS Utility.lnk.Startup
MSCONFIG\startupfolder: C:^Users^nnm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HostSecurePlugin.lnk => C:\Windows\pss\HostSecurePlugin.lnk.Startup
MSCONFIG\startupfolder: C:^Users^nnm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatchApp.lnk => C:\Windows\pss\StormWatchApp.lnk.Startup
MSCONFIG\startupreg: Advanced SystemCare 9 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: HostSecurePlugin => C:\Program Files (x86)\Host Secure\HostSecure.exe
MSCONFIG\startupreg: HostSecurePlugin3 => C:\Program Files (x86)\Host Secure\HostSecure.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: ShwiconXP6366 => C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: uTorrent => "C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AE84A906-7834-4D18-879F-7EE7A4E7E375}] => (Allow) C:\Users\Abo Jaber\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CF002DEF-BC50-4478-B67D-6B163C592597}] => (Allow) C:\Users\Abo Jaber\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1935E8ED-57BF-4BE9-9EED-021572B699DB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{44419F25-5F18-473A-B6EF-BC2C0D7A1114}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{EF6355BF-62C5-4A97-994F-8B6CE1A26C44}C:\users\abo jaber\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\abo jaber\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{1C256095-EA3F-44A7-A5E1-2CDC6E64D134}C:\users\abo jaber\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\abo jaber\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{06C6A8D6-6C64-412E-8F6E-CFC75513DCBD}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{BFEC4DA2-5021-4C55-9528-AF9BDFE64F59}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{70C462D8-D46F-4E0B-AA57-5A08B1E6E0B0}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [TCP Query User{CDD40CB2-EB6F-46C7-9535-61EA80364C3B}C:\users\abo jaber\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\abo jaber\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BF143684-9FEE-48E7-B281-287FD795C487}C:\users\abo jaber\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\abo jaber\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{CAAA1B8F-439F-46BE-9E62-1A1F05C54A92}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E2225D28-BCA7-4CB1-B18F-B7955B934547}C:\users\nnm\desktop\red alert 2\game.exe] => (Block) C:\users\nnm\desktop\red alert 2\game.exe
FirewallRules: [UDP Query User{21E72945-72D4-44B0-8FFF-C5C0739A55A7}C:\users\nnm\desktop\red alert 2\game.exe] => (Block) C:\users\nnm\desktop\red alert 2\game.exe
FirewallRules: [TCP Query User{60133A8D-E614-4C1D-A6CD-DA5F7D7BDA4F}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{1E3D5F4B-E9CF-479C-A26A-B9E90E38C359}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{FC10B9FD-325B-4F78-BCDF-8784FD43BFD2}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{6B632DAA-071B-490A-9DF4-E084F683ADBC}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{52D28000-52CA-4A62-90B7-A141B4529760}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DA47A97D-AC27-48D8-8B24-73F7DCE6C696}] => (Allow) LPort=2869
FirewallRules: [{B77B5E01-8FD6-4503-8AF7-F6C8E5535B7C}] => (Allow) LPort=1900
FirewallRules: [{635966FB-2CD9-46D0-BE50-F912CE0676A5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FCCCF3AF-9F19-4B42-82A6-98DD68EF6797}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A2AC366C-58D7-4ECA-B172-23976B998C14}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80973F7B-F99B-4385-AEF8-8A26AEA592A4}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AF96BC19-EDFD-432E-8C76-EFD7E88DC606}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{46B2F6F3-4546-465D-BEF0-3378992BAAAD}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B964AA2-BFE3-4327-B3F1-873145CDEB96}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CAC31F8E-02D5-4F97-A3F3-20EA9469A0CF}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9680430-FFCE-42F4-85CA-B4A3AAE03388}] => (Allow) C:\Users\nnm\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DFFD2207-BC69-4F38-A208-138E31EB223D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E84F921-3EC1-4E0E-AD77-FB07469C0746}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{55C27522-FAEC-4443-8C16-0B88B1967463}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{99141BF6-EE7A-4641-92DB-D5AF6550FA53}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A2E85221-FC85-4FBC-B97F-38FAB152B2C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E071104D-676E-458C-B142-5F6E3180816E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8E311F9D-3BF0-47FF-A4FF-B02207DD670B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D94D091-2D81-4A2C-99E6-71F70AEF269B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{486FA6A6-E68B-491F-B3EE-CB58D2507C3B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
04-04-2016 18:21:08 Windows Update
04-04-2016 18:57:25 Windows Update
05-04-2016 16:58:01 Windows Update
05-04-2016 18:02:55 Windows Update
06-04-2016 13:27:14 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Project
Service: Neo_VPN
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: BlueStacks Hypervisor
Description: BlueStacks Hypervisor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BstHdDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2016 01:36:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (04/06/2016 01:24:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2016 06:13:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2016 06:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.60.48.35, time stamp: 0x4b591cc1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff0042a808
Faulting process id: 0x590
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (04/05/2016 06:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2016 05:06:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2016 05:06:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.60.48.35, time stamp: 0x4b591cc1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff0041a808
Faulting process id: 0x5cc
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (04/05/2016 04:57:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.21.18.4608 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d88
 
Start Time: 01d18f42f20cb959
 
Termination Time: 5
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
Report Id: 3670541f-fb36-11e5-818f-842b2b8025fe
 
Error: (04/05/2016 04:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IE-REDIST.EXE, version: 11.0.9600.16428, time stamp: 0x525b8b98
Faulting module name: ieakcust.dll, version: 11.0.9600.16428, time stamp: 0x525bd7d1
Exception code: 0xc0000005
Fault offset: 0x000020ef
Faulting process id: 0x950
Faulting application start time: 0xIE-REDIST.EXE0
Faulting application path: IE-REDIST.EXE1
Faulting module path: IE-REDIST.EXE2
Report Id: IE-REDIST.EXE3
 
Error: (04/05/2016 02:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/06/2016 01:34:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 7 for x64-based Systems (KB3035583).
 
Error: (04/06/2016 01:29:23 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (04/06/2016 01:23:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp
 
Error: (04/06/2016 01:23:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
%%3
 
Error: (04/06/2016 01:23:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%5
 
Error: (04/05/2016 06:12:48 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (04/05/2016 06:12:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp
 
Error: (04/05/2016 06:11:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
%%3
 
Error: (04/05/2016 06:11:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%5
 
Error: (04/05/2016 06:07:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
VBoxNetAdp
 
 
CodeIntegrity:
===================================
  Date: 2014-07-16 22:24:00.569
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\nnm\AppData\Roaming\qmacro\shield\SD002.dat because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-16 22:24:00.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\nnm\AppData\Roaming\qmacro\shield\SD002.dat because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:41:37.204
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:41:37.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:30:11.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:30:11.180
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:19:11.622
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 15:19:11.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 14:56:33.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 14:56:33.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\VINACF.DAT because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3958.66 MB
Available physical RAM: 1693.75 MB
Total Virtual: 7915.52 MB
Available Virtual: 5607.86 MB
 
==================== Drives ================================
 
Drive c: (Seystem) (Fixed) (Total:390.53 GB) (Free:108.85 GB) NTFS
Drive d: (Other) (Fixed) (Total:308.01 GB) (Free:81.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: DA445A6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=308 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

Edited by Palestine_Free1, 06 April 2016 - 06:00 AM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 06 April 2016 - 03:45 PM

Hi Palestine_Free1,

C:\Users\k\Desktop\New folder (3)
C:\Users\Abo Jaber\Downloads\New folder (2)
C:\Users\Abo Jaber\Desktop\New folder (15)
C:\Users\k\Desktop\New folder (4)
C:\Users\k\Desktop\New folder (5)
C:\Users\k\Desktop\New folder (6)
C:\Users\k\Desktop\New folder (7)

I see many New folder on the desktop.  Did you create the folders thes and do you know them ?
=================================================================================
Going over your logs I noticed that you have µTorrent and Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
===================================================================================

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove
 
İOBit  (Malware Fighter,Driver Boster, Advanced SystemCare+Obit Uninstaller+Surfing Protection+LiveUpdate+SmartDefragDriver.sys)

TuneUp Utilities

Host Secure
Iminent

LPT System Updater Service
youtubeadblocker
C:\Program Files (x86)\Host Secure

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish

Please PC restart now.

=================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Palestine_Free1

Palestine_Free1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 07 April 2016 - 05:30 AM

 

Programs to remove

 
İOBit  (Malware Fighter,Driver Boster, Advanced SystemCare+Obit Uninstaller+Surfing Protection+LiveUpdate+SmartDefragDriver.sys)

TuneUp Utilities

Host Secure
Iminent

LPT System Updater Service
youtubeadblocker
C:\Program Files (x86)\Host Secure

I can;t find any of the above, ( i can find ibot ) but others no



#6 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 07 April 2016 - 02:48 PM

Okay Ahmad,

Please do, ''scan with Zemana AntiMalware Free''


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 11 April 2016 - 01:16 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users