Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Radio playing in background of computer, not sure how to stop it?


  • This topic is locked This topic is locked
28 replies to this topic

#1 djohn4562

djohn4562

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 19 May 2016 - 07:32 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
Ran by Zuhair (administrator) on ZUHAIR (19-05-2016 18:52:12)
Running from C:\Users\Zuhair\Downloads
Loaded Profiles: Zuhair (Available Profiles: Zuhair)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-17] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24084176 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [Spotify Web Helper] => C:\Users\Zuhair\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-01] (Spotify Ltd)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [BitTorrent] => "C:\Users\Zuhair\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [Spotify] => C:\Users\Zuhair\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-04-01] (Spotify Ltd)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52148864 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\RunOnce: [Uninstall C:\Users\Zuhair\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Zuhair\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
Startup: C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1574225677-2836999415-375273348-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2cc836a7-f59b-4b9f-a344-a2bfa5958c69}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{caad0438-1733-4df0-b9a2-5ec814923c56}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> DefaultScope {EF9C718F-7F6B-46A3-84BE-5342B861A88F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
SearchScopes: HKLM -> {EF9C718F-7F6B-46A3-84BE-5342B861A88F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {EF9C718F-7F6B-46A3-84BE-5342B861A88F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler: osf - No CLSID Value
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Zuhair\AppData\Roaming\Mozilla\Firefox\Profiles\yf6lg6h4.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1574225677-2836999415-375273348-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Zuhair\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-31] (Citrix Online)
FF Plugin HKU\S-1-5-21-1574225677-2836999415-375273348-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zuhair\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Zuhair\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-10] (Cisco WebEx LLC)
FF Extension: Battlefield Play4Free - C:\Users\Zuhair\AppData\Roaming\Mozilla\Firefox\Profiles\yf6lg6h4.default\Extensions\battlefieldplay4free@ea.com [2014-10-13] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-07-05] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir="
CHR Profile: C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Duolingo on the Web) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (GeoGebra) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-01-13]
CHR Extension: (Adblock Plus) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Bing Pong Helper) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohnfldcnegepfhhfbcgecblgjdcmcka [2016-05-19]
CHR Extension: (Google Search) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-07-05]
CHR Extension: (Dmail) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\fblelgmhengcpjogkpmmhjghbcelaake [2015-10-08]
CHR Extension: (Google Sheets) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-03-04]
CHR Extension: (Website Blocker (Beta)) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-12-08]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-10]
CHR Extension: (Cargo Bridge) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-09-11]
CHR Extension: (Little Alchemy) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-07]
CHR Extension: (Skype) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-23]
CHR Extension: (Hotspot Shield Free VPN Proxy Unblock Sites) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2016-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Battlefield Play4Free) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-10-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-05-19]
CHR Extension: (Gmail) - C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1574225677-2836999415-375273348-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1574225677-2836999415-375273348-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKLM-x32\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-05-01] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-01-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-17] (Synaptics Incorporated)
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 Samsung Network Fax Server; "C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-17] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 17:11 - 2016-05-19 17:23 - 00076892 _____ C:\Users\Zuhair\Downloads\Addition.txt
2016-05-19 17:04 - 2016-05-19 18:53 - 00063042 _____ C:\Users\Zuhair\Downloads\FRST.txt
2016-05-19 16:54 - 2016-05-19 18:52 - 00000000 ____D C:\FRST
2016-05-19 16:53 - 2016-05-19 16:54 - 02382336 _____ (Farbar) C:\Users\Zuhair\Downloads\FRST64.exe
2016-05-17 20:22 - 2016-05-17 20:22 - 00637931 _____ C:\Users\Zuhair\Downloads\Mathematics_paper_3_Calculus__HL_markscheme.pdf
2016-05-17 20:14 - 2016-05-17 20:14 - 00263605 _____ C:\Users\Zuhair\Downloads\Mathematics_paper_3_Calculus__HL.pdf
2016-05-17 10:57 - 2016-05-19 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-16 17:13 - 2016-05-19 12:43 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-05-15 18:47 - 2016-05-16 14:08 - 00000000 ____D C:\Users\Zuhair\Downloads\NBA.2K16-CODEX
2016-05-15 13:22 - 2016-05-15 13:22 - 00002287 _____ C:\Users\Zuhair\Desktop\WhatsApp.lnk
2016-05-15 13:22 - 2016-05-15 13:22 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\WhatsApp
2016-05-15 13:22 - 2016-05-15 13:22 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2016-05-15 13:21 - 2016-05-15 13:22 - 00000000 ____D C:\Users\Zuhair\AppData\Local\WhatsApp
2016-05-15 13:21 - 2016-05-15 13:22 - 00000000 ____D C:\Users\Zuhair\AppData\Local\SquirrelTemp
2016-05-15 13:21 - 2016-05-15 13:21 - 64478992 _____ (WhatsApp) C:\Users\Zuhair\Downloads\WhatsAppSetup.exe
2016-05-15 12:50 - 2016-05-15 12:50 - 00000885 _____ C:\Users\Zuhair\AppData\Local\recently-used.xbel
2016-05-10 22:27 - 2016-05-10 22:27 - 01918148 _____ C:\Users\Zuhair\Downloads\Macro Review.pdf
2016-05-10 18:45 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 18:43 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 20:24 - 2016-05-09 20:24 - 00767509 _____ C:\Users\Zuhair\Downloads\OCC_d_4_gen4d_sup_1603_1_e (2).pdf
2016-05-09 18:55 - 2016-05-09 19:00 - 00000000 ____D C:\Users\Zuhair\Downloads\The Usual Suspects (1995)
2016-05-09 18:54 - 2016-05-09 18:54 - 00021555 _____ C:\Users\Zuhair\Downloads\The Usual Suspects (1995) [720p] [YTS.AG].torrent
2016-05-05 21:02 - 2016-05-05 21:02 - 00263680 _____ C:\Users\Zuhair\Downloads\communism_in_crisis.ppt
2016-05-05 20:54 - 2016-05-05 20:54 - 01768264 _____ C:\Users\Zuhair\Downloads\The Indo-Chinese War.pptx
2016-05-05 13:21 - 2016-05-05 13:21 - 00001713 _____ C:\Users\Public\Desktop\Democracy 3.lnk
2016-05-05 13:21 - 2016-05-05 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Democracy 3 [GOG.com]
2016-05-05 13:21 - 2016-05-05 13:21 - 00000000 ____D C:\GOG Games
2016-05-05 13:18 - 2016-05-05 13:18 - 00000000 ____D C:\Users\Zuhair\Downloads\Democracy.3.2.10.0.16-GOG
2016-05-05 13:16 - 2016-05-05 13:17 - 00000000 ____D C:\Users\Zuhair\Downloads\Roller Coaster Tycoon 3 Platinum (Soaked + Wild Expansions)(Direct Play) - RELOADED by CarlesNeo
2016-05-05 13:15 - 2016-05-05 13:15 - 00045912 _____ C:\Users\Zuhair\Downloads\[kat.cr]democracy.3.2.10.0.16.gog.torrent
2016-05-04 15:22 - 2016-05-04 15:22 - 06204379 _____ C:\Users\Zuhair\Documents\Stoof for Paper 3 bio.zip
2016-05-04 15:21 - 2016-05-04 15:22 - 00000000 ____D C:\Users\Zuhair\Documents\Stoof for Paper 3 bio
2016-05-01 13:34 - 2016-05-01 13:34 - 00000000 ____D C:\Users\Zuhair\AppData\Local\OfficeBSCache-ODB-zjm160130@utdallas.edu
2016-04-30 20:41 - 2016-04-30 20:41 - 04326520 _____ C:\Users\Zuhair\Documents\S80_owners_manual_MY08_EN_tp9529web.pdf
2016-04-29 15:43 - 2016-04-29 15:43 - 00871424 _____ C:\Users\Zuhair\Downloads\stem_and_root_modifications.ppt
2016-04-27 17:28 - 2016-04-27 17:28 - 09364021 _____ C:\Users\Zuhair\Downloads\wwgc_manufacturers_kit.zip
2016-04-27 17:28 - 2016-04-27 17:28 - 09364021 _____ C:\Users\Zuhair\Downloads\wwgc_manufacturers_kit (1).zip
2016-04-27 12:18 - 2016-04-27 12:18 - 00110911 _____ C:\Users\Zuhair\Downloads\Basic Orbiter ™.craft
2016-04-26 19:47 - 2016-04-26 19:48 - 00767509 _____ C:\Users\Zuhair\Downloads\OCC_d_4_gen4d_sup_1603_1_e (1).pdf
2016-04-26 19:41 - 2016-04-26 19:41 - 12698372 _____ C:\Users\Zuhair\Downloads\TI-NspireCX-4.2.0.532 (1).tco
2016-04-26 19:40 - 2016-04-26 19:41 - 12698372 _____ C:\Users\Zuhair\Downloads\TI-NspireCX-4.2.0.532.tco
2016-04-26 19:36 - 2016-04-26 19:36 - 00002318 _____ C:\Users\Public\Desktop\TI-Nspire Computer Link.lnk
2016-04-26 19:30 - 2016-04-26 19:31 - 83950232 _____ (Texas Instruments Inc.) C:\Users\Zuhair\Downloads\TINspireComputerLink-3.9.0.455.exe
2016-04-26 19:17 - 2016-04-26 19:17 - 00767509 _____ C:\Users\Zuhair\Downloads\OCC_d_4_gen4d_sup_1603_1_e.pdf
2016-04-25 22:15 - 2016-05-01 21:31 - 00000000 ____D C:\Users\Zuhair\Documents\Senior Scrapbook
2016-04-25 10:14 - 2016-04-25 10:12 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-04-22 20:26 - 2016-04-22 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-04-22 20:26 - 2016-04-22 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-04-22 09:04 - 2016-04-22 09:04 - 00339131 _____ C:\Users\Zuhair\Documents\Karagoz Shadow Puppetry.pdf
2016-04-18 20:03 - 2016-04-18 20:03 - 00406389 _____ C:\Users\Zuhair\Downloads\IB History Cold War Terms.pdf
2016-04-17 22:20 - 2016-04-17 22:20 - 01037254 _____ C:\Users\Zuhair\Downloads\Theatre_Director_s_Notebook_Final_Version.docx.pdf
2016-04-17 22:17 - 2016-04-22 08:44 - 01010335 _____ C:\Users\Zuhair\Documents\Karagoz Shadow Puppetry.pptx
2016-04-17 14:10 - 2016-04-17 14:18 - 00000001 _____ C:\Users\Zuhair\random.dat
2016-04-17 14:10 - 2016-04-17 14:10 - 00000045 _____ C:\Users\Zuhair\jagex_cl_runescape_LIVE.dat
2016-04-17 14:10 - 2016-04-17 14:10 - 00000000 ____D C:\.jagex_cache_32
2016-04-13 12:00 - 2016-04-13 12:02 - 43786008 _____ C:\Users\Zuhair\Downloads\torbrowser-install-5.5.4_en-US.exe
2016-04-13 11:56 - 2016-04-17 14:10 - 00000000 ____D C:\Users\Zuhair\jagexcache
2016-04-13 11:56 - 2016-04-13 11:56 - 00002114 _____ C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2016-04-13 11:56 - 2016-04-13 11:56 - 00002084 _____ C:\Users\Zuhair\Desktop\RuneScape.lnk
2016-04-13 11:56 - 2016-04-13 11:56 - 00000012 _____ C:\Users\Zuhair\jagexappletviewer.preferences
2016-04-13 11:56 - 2016-04-13 11:56 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2016-04-13 11:54 - 2016-04-13 11:54 - 24223744 _____ C:\Users\Zuhair\Downloads\RuneScape.msi
2016-04-13 11:51 - 2016-04-13 12:28 - 03229821 _____ C:\Users\Zuhair\Downloads\DIFFERENTIAL EQUATIONS up to 2008.pptx
2016-04-12 21:01 - 2016-04-12 21:01 - 00026632 _____ C:\Users\Zuhair\Downloads\2014page1.pdf
2016-04-10 15:45 - 2016-04-10 15:45 - 00142815 _____ C:\Users\Zuhair\Downloads\JTHBJ46G072123859.pdf
2016-04-10 10:32 - 2016-04-10 10:32 - 00000000 ____D C:\Users\Zuhair\Documents\Outlook Files
2016-04-08 11:03 - 2016-04-08 11:03 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-08 11:03 - 2016-04-08 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-08 11:02 - 2016-04-08 11:03 - 00000000 ____D C:\Program Files\iTunes
2016-04-08 11:02 - 2016-04-08 11:02 - 00000000 ____D C:\Program Files\iPod
2016-04-08 11:02 - 2016-04-08 11:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-08 08:36 - 2016-04-08 08:37 - 00020410 _____ C:\Users\Zuhair\Downloads\[kat.cr]roller.coaster.tycoon.3.platinum.reloaded.torrent
2016-04-05 20:12 - 2016-04-05 20:13 - 01315657 _____ C:\Users\Zuhair\Downloads\combined_document_2.pdf
2016-04-05 20:12 - 2016-04-05 20:12 - 00251223 _____ C:\Users\Zuhair\Documents\Collaborative Project Script 2.pdf
2016-04-05 19:55 - 2016-04-05 19:55 - 01070850 _____ C:\Users\Zuhair\Downloads\images.pdf
2016-04-05 17:57 - 2016-04-05 19:52 - 00000000 ____D C:\Users\Zuhair\Documents\Theatre Collaborative Project Stuff
2016-04-05 13:08 - 2016-04-05 13:09 - 00243615 _____ C:\Users\Zuhair\Documents\Collaborative Project Script.pdf
2016-04-04 14:08 - 2016-04-04 14:08 - 00231201 _____ C:\Users\Zuhair\Downloads\Kunmi Script.pdf
2016-04-04 11:34 - 2016-04-04 11:34 - 00000000 ____D C:\Users\Zuhair\AppData\Local\OfficeBSCache-MyComputer
2016-03-31 11:59 - 2016-03-31 11:59 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-31 11:59 - 2016-03-31 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-31 09:39 - 2016-03-31 09:39 - 00348369 _____ C:\Users\Zuhair\Documents\meningitis_Sept_20_2013_001.pdf
2016-03-31 09:32 - 2016-03-31 09:32 - 03286208 _____ (Microsoft Corporation) C:\Users\Zuhair\Downloads\Setup.X86.en-US_O365ProPlusRetail_f03f51ea-3bd8-4f70-9451-7169e4b64bcd_TX_PR_b_64_.exe
2016-03-30 21:56 - 2016-03-30 21:57 - 97402427 _____ C:\Users\Zuhair\Downloads\Guns of August Outline.pdf
2016-03-30 21:47 - 2016-03-30 21:47 - 00000042 _____ C:\Users\Zuhair\Documents\BF2 Key.txt
2016-03-30 19:19 - 2016-03-30 19:19 - 00010037 _____ C:\Users\Zuhair\Documents\OXYGEN Project Summary.pdf
2016-03-29 19:47 - 2016-03-29 19:47 - 00210442 _____ C:\Users\Zuhair\Downloads\2016 SanDisk FAQ.pdf
2016-03-29 19:47 - 2016-03-29 19:47 - 00121426 _____ C:\Users\Zuhair\Downloads\ACT Score Report.pdf
2016-03-29 19:45 - 2016-03-29 19:45 - 00144807 _____ C:\Users\Zuhair\Downloads\ACT and SAT Score Reports.pdf
2016-03-29 19:44 - 2016-03-29 19:44 - 00245861 _____ C:\Users\Zuhair\Downloads\combined_document.pdf
2016-03-28 22:25 - 2016-04-19 21:01 - 00013249 _____ C:\Users\Zuhair\Documents\UTD Major Plan.xlsx
2016-03-26 22:52 - 2016-03-26 22:52 - 00082530 _____ C:\Users\Zuhair\Downloads\STAAR-2013-Key-G8-Read.pdf
2016-03-26 22:52 - 2016-03-26 22:52 - 00075218 _____ C:\Users\Zuhair\Downloads\STAAR-2014-Key-G8-Read.pdf
2016-03-26 22:23 - 2016-03-26 22:27 - 00000000 ____D C:\Users\Zuhair\Downloads\The.Revenant.2015.1080p.WEBRip.x264.AAC-ETRG
2016-03-26 22:22 - 2016-03-26 22:22 - 00012917 _____ C:\Users\Zuhair\Downloads\[kat.cr]the.revenant.2015.1080p.webrip.x264.aac.etrg.torrent
2016-03-26 19:51 - 2016-03-26 22:21 - 00010160 _____ C:\Users\Zuhair\Documents\Classes for PreMed.xlsx
2016-03-26 16:48 - 2016-03-26 16:48 - 00079735 _____ C:\Users\Zuhair\Downloads\PerfStandgrades38.pdf
2016-03-26 15:59 - 2016-03-26 15:59 - 00173845 _____ C:\Users\Zuhair\Downloads\STAAR2015-fall-eoc-A1-P.pdf
2016-03-26 13:54 - 2016-03-26 13:54 - 00125808 _____ C:\Users\Zuhair\Downloads\STAAR-G6-2014Test-math.pdf
2016-03-26 13:03 - 2016-03-26 13:03 - 04072868 _____ C:\Users\Zuhair\Downloads\STAAR-G8-2014Test-math.pdf
2016-03-25 18:49 - 2016-03-25 18:49 - 00072411 _____ C:\Users\Zuhair\Downloads\starwarsepisodevii-theforceawakens2015720pblurayx264-ytsag-english-81597.zip
2016-03-24 19:45 - 2016-03-29 19:53 - 00000000 ____D C:\Users\Zuhair\Documents\SanDisk
2016-03-23 11:55 - 2016-03-23 11:56 - 366559596 _____ C:\Users\Zuhair\Downloads\2015_May_papers_and_MS-2016-03-23.zip
2016-03-23 11:43 - 2016-03-23 11:44 - 232706109 _____ C:\Users\Zuhair\Downloads\2014_November_papers_and_MS-2016-03-23.zip
2016-03-23 11:27 - 2016-03-23 11:29 - 423853025 _____ C:\Users\Zuhair\Downloads\2014_May_papers_and_MS-2016-03-23.zip
2016-03-23 11:21 - 2016-03-23 11:21 - 199178391 _____ C:\Users\Zuhair\Downloads\2013_November_papers_and_MS-2016-03-23.zip
2016-03-23 11:19 - 2016-03-23 11:20 - 317844266 _____ C:\Users\Zuhair\Downloads\2013_May_papers_and_MS-2016-03-23.zip
2016-03-22 22:06 - 2016-03-23 13:43 - 00000000 ____D C:\Users\Zuhair\Documents\IB Tests
2016-03-22 18:25 - 2016-05-19 13:11 - 00000000 ___RD C:\Users\Zuhair\Google Drive
2016-03-22 18:25 - 2016-03-22 18:25 - 00001805 _____ C:\Users\Zuhair\Desktop\Google Drive.lnk
2016-03-22 18:24 - 2016-04-27 17:26 - 00002126 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-03-22 18:24 - 2016-04-27 17:26 - 00002124 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-03-22 18:24 - 2016-04-27 17:26 - 00002114 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-03-22 18:24 - 2016-04-27 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-22 18:23 - 2016-03-22 18:23 - 00987728 _____ (Google Inc.) C:\Users\Zuhair\Downloads\googledrivesync.exe
2016-03-22 12:18 - 2016-03-22 12:18 - 01604656 _____ C:\Users\Zuhair\Downloads\Topic 6.1 - Circular motion.pptx
2016-03-21 21:47 - 2016-03-21 21:47 - 01905152 _____ C:\Users\Zuhair\Downloads\ECON_PPT_Aggregate_Demand_and_Supply.ppt
2016-03-21 18:47 - 2016-03-21 18:47 - 00058012 _____ C:\Users\Zuhair\Downloads\2016-2017_Parent_Calendar_updated_01_27_2016.pdf
2016-03-21 18:39 - 2016-03-21 18:39 - 00216049 _____ C:\Users\Zuhair\Downloads\2015-2016_School_Year_Calendar_as_of_1-7-16.pdf
2016-03-15 21:39 - 2016-03-15 21:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-15 21:39 - 2016-03-15 21:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-15 18:37 - 2016-03-15 18:37 - 00435006 _____ C:\Users\Zuhair\Downloads\UT Dallas National Merit Finalist Scholarship.pdf
2016-03-15 17:23 - 2016-03-15 17:23 - 00000000 ____D C:\703f2bdfe69789f75a
2016-03-15 17:21 - 2016-03-15 17:21 - 00000000 ____D C:\ProgramData\Socialclub
2016-03-13 12:06 - 2016-03-13 12:06 - 00002737 _____ C:\Users\Zuhair\Desktop\µTorrent.lnk
2016-03-13 12:06 - 2016-03-13 12:06 - 00002737 _____ C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-03-13 12:05 - 2016-05-16 12:02 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\uTorrent
2016-03-13 12:05 - 2016-03-13 12:05 - 02094080 _____ (BitTorrent Inc.) C:\Users\Zuhair\Downloads\uTorrent.exe
2016-03-13 11:48 - 2016-03-13 11:54 - 00000000 ____D C:\Users\Zuhair\Documents\Chem IA
2016-03-11 22:51 - 2016-03-11 22:51 - 00047530 _____ C:\Users\Zuhair\Downloads\downloadmela.com_-Six-Easy-Pieces-By-Richard-Feynman.pdf
2016-03-11 22:37 - 2016-03-11 22:37 - 00031689 _____ C:\Users\Zuhair\Downloads\The Guns Of August The Pulitzer Prize Winning Classic About The Outbreak Of World War I.pdf
2016-03-10 10:33 - 2016-03-10 10:41 - 00027020 _____ C:\Users\Zuhair\Documents\Kunmi Math IA.xlsx
2016-03-09 20:17 - 2016-03-28 13:17 - 00000000 ____D C:\Users\Zuhair\Documents\JYL Documentation
2016-03-09 11:17 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 11:17 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 11:17 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 11:17 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 11:17 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 11:17 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 11:17 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 11:17 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 11:17 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 11:17 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 11:17 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 11:17 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 11:17 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 11:17 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 11:17 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 11:17 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 11:17 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 11:17 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 11:17 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 11:17 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 11:17 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 11:17 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 11:17 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 11:17 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 11:17 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 11:17 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 11:17 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 11:17 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 11:17 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 11:17 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 11:17 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 11:17 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 11:17 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 11:17 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 11:17 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 11:17 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 11:16 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 11:16 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 11:16 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 11:16 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 11:16 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 11:16 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 11:16 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 11:16 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 11:16 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 11:16 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 11:16 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 11:16 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 11:16 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 11:16 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 11:16 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 11:16 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 11:16 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 11:16 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 11:16 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 11:16 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 11:16 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 11:16 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 11:16 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 11:16 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 11:16 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 11:16 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 11:16 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 11:16 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 11:16 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 11:16 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 11:16 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 11:16 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 11:16 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 11:16 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 11:16 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 11:16 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 11:16 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 11:16 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 11:16 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 11:16 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 11:16 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 11:16 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 11:16 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 11:16 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 11:16 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 11:16 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 11:16 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 11:16 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 11:16 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 11:16 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 11:16 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 11:16 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 11:16 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 11:16 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 11:16 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 11:16 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 11:16 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 11:16 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 11:16 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 11:16 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 11:16 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 11:16 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 11:16 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 11:16 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 11:16 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 11:16 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 11:16 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-07 22:47 - 2016-03-07 22:47 - 00002140 _____ C:\Users\Zuhair\Desktop\Popcorn-Time.lnk
2016-03-07 22:47 - 2016-03-07 22:47 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-03-07 22:45 - 2016-05-16 18:30 - 00000000 ____D C:\Users\Zuhair\AppData\Local\Popcorn-Time
2016-03-07 16:59 - 2016-03-07 16:59 - 00000008 _____ C:\Users\Zuhair\Documents\Ahmed Steam ID.txt
2016-03-07 10:04 - 2016-03-07 10:04 - 00000803 _____ C:\Users\Zuhair\Documents\Downloads - Shortcut (3).lnk
2016-03-07 09:01 - 2016-03-07 09:02 - 00568849 _____ C:\Users\Zuhair\Downloads\convert-jpg-to-pdf.net_2016-03-07_15-01-30.pdf
2016-03-06 22:11 - 2016-03-06 22:11 - 25073723 _____ C:\Users\Zuhair\Downloads\TXGM_HH_U2.pdf
2016-03-06 21:40 - 2016-03-06 21:40 - 85855704 _____ C:\Users\Zuhair\Downloads\TXGM_HH_U1 (1).pdf
2016-03-05 21:56 - 2016-03-05 21:56 - 1153343166 _____ C:\WINDOWS\MEMORY.DMP
2016-03-05 21:56 - 2016-03-05 21:56 - 00283212 _____ C:\WINDOWS\Minidump\030516-35062-01.dmp
2016-03-05 21:56 - 2016-03-05 21:56 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-04 20:35 - 2016-03-04 20:35 - 00092071 _____ C:\Users\Zuhair\Downloads\EllipticCurveCatalog.svg
2016-03-01 21:59 - 2016-03-11 12:47 - 00030069 _____ C:\Users\Zuhair\Documents\IB Chemistry IA Data.xlsx
2016-03-01 21:45 - 2016-03-01 21:45 - 33429025 _____ (Popcorn Time) C:\Users\Zuhair\Downloads\Popcorn-Time-0.3.9-Setup.exe
2016-03-01 19:57 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 19:57 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 19:57 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 19:57 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 19:57 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 19:57 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 19:57 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 19:57 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 19:57 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 19:57 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 19:57 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 19:57 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 19:57 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 19:57 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 19:57 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 19:57 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 19:57 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 19:57 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 19:57 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 19:57 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 19:57 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 19:57 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 19:57 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 19:57 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 19:57 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 19:57 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 19:57 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 19:57 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 19:57 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 19:57 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 19:57 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 19:57 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 19:57 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 19:57 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 19:57 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 19:57 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 19:57 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 19:57 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 19:57 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 19:57 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 19:57 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 19:57 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 19:57 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-01 19:56 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 19:56 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 19:56 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 19:56 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 19:56 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 19:56 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 19:56 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 19:56 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 19:56 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 19:56 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 19:56 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 19:56 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 19:56 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 19:56 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 19:56 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 19:56 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 19:56 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 19:56 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 19:56 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 19:56 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 19:56 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 19:56 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 19:56 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 19:56 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 19:56 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 19:56 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 19:56 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 19:56 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 19:56 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 19:56 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 19:56 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 19:56 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 19:56 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 19:56 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 19:56 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 19:56 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 19:56 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 19:56 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 19:56 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 19:56 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 17:33 - 2016-03-01 21:59 - 00009156 _____ C:\Users\Zuhair\Documents\Chemistry IA Data.xlsx
2016-02-29 11:29 - 2016-02-29 11:29 - 00001944 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-02-28 10:45 - 2016-02-28 10:45 - 04046846 _____ C:\Users\Zuhair\Downloads\convert-jpg-to-pdf.net_2016-02-28_16-45-01.pdf
2016-02-28 03:36 - 2016-02-28 03:36 - 00635112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-02-28 03:36 - 2016-02-28 03:36 - 00390400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-02-28 03:36 - 2016-02-28 03:36 - 00333080 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-02-28 03:36 - 2016-02-28 03:36 - 00088816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-02-28 01:51 - 2016-02-28 01:51 - 00439536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-02-28 01:51 - 2016-02-28 01:51 - 00267016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-02-28 01:51 - 2016-02-28 01:51 - 00243480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-02-28 01:51 - 2016-02-28 01:51 - 00085232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-02-26 12:52 - 2016-02-26 12:52 - 00015784 _____ C:\Users\Zuhair\Downloads\STANDARD DEV.xlsx
2016-02-25 17:44 - 2016-02-25 17:44 - 00000000 ____D C:\Users\Zuhair\Documents\New folder (2)
2016-02-22 22:34 - 2016-02-22 22:34 - 00735328 _____ (Oracle Corporation) C:\Users\Zuhair\Downloads\JavaSetup8u73.exe
2016-02-22 18:57 - 2016-02-22 18:57 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-22 18:57 - 2016-02-22 18:57 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-21 12:19 - 2016-03-14 16:44 - 00000000 ____D C:\Users\Zuhair\Documents\PSP Essays
2016-02-20 18:42 - 2016-03-15 13:51 - 00000000 ____D C:\Users\Zuhair\Documents\IB Math IA

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-19 18:42 - 2015-06-09 21:26 - 00000678 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1574225677-2836999415-375273348-1001.job
2016-05-19 18:39 - 2014-10-31 18:40 - 00000582 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1574225677-2836999415-375273348-1001.job
2016-05-19 18:30 - 2014-09-10 16:35 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 18:30 - 2014-09-10 16:35 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 18:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-19 17:41 - 2014-09-10 16:30 - 00000000 ____D C:\Users\Zuhair\AppData\Local\Packages
2016-05-19 17:28 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-19 17:28 - 2014-08-18 17:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-19 17:07 - 2015-05-28 20:44 - 00000000 ____D C:\Users\Zuhair\Documents\Games
2016-05-19 16:59 - 2015-09-15 03:13 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-05-19 16:59 - 2015-09-15 03:12 - 00000000 ____D C:\Program Files\Rockstar Games
2016-05-19 15:14 - 2014-09-10 16:34 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0FFD0F67-2A99-4460-AC1C-8E89290D6C26}
2016-05-19 14:40 - 2015-12-25 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-05-19 13:08 - 2015-11-20 00:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-05-19 13:08 - 2015-03-10 22:21 - 00000000 __SHD C:\Users\Zuhair\IntelGraphicsProfiles
2016-05-19 13:07 - 2015-11-20 00:31 - 00000000 ____D C:\Users\Zuhair
2016-05-19 13:05 - 2015-12-23 18:44 - 00000091 _____ C:\HaxLogs.txt
2016-05-19 13:05 - 2015-11-20 00:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-19 12:52 - 2015-12-27 11:05 - 00000000 ____D C:\Program Files (x86)\Mod Organizer
2016-05-19 12:52 - 2014-09-10 20:37 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-18 21:29 - 2015-08-03 11:35 - 00000000 ____D C:\Users\Zuhair\Documents\Books
2016-05-18 14:35 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-18 14:35 - 2015-08-06 14:17 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-17 21:50 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 17:43 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-17 17:40 - 2014-04-01 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-17 10:26 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-16 21:03 - 2015-03-09 21:10 - 00000000 ____D C:\Users\Zuhair\Documents\Any Video Converter
2016-05-16 14:12 - 2014-09-23 16:45 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-16 14:10 - 2015-05-16 21:33 - 00000000 ____D C:\Users\Zuhair\Downloads\PopcornTime
2016-05-16 13:40 - 2015-09-14 13:50 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-05-16 13:40 - 2015-09-14 13:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-05-16 12:21 - 2015-07-27 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Advanced Warfare
2016-05-15 19:55 - 2015-08-08 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-15 16:05 - 2014-09-17 21:20 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\vlc
2016-05-15 12:52 - 2014-09-13 20:32 - 00000000 ____D C:\Users\Zuhair\.gimp-2.8
2016-05-15 12:01 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-14 19:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 09:58 - 2014-09-10 15:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 23:32 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 23:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 23:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 23:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 23:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-12 23:31 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 23:30 - 2015-07-30 14:28 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Skype
2016-05-12 19:03 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-12 18:47 - 2014-09-10 16:35 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 18:47 - 2014-09-10 16:35 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 21:08 - 2014-09-12 21:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 20:45 - 2014-09-12 21:15 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 20:28 - 2015-06-09 21:26 - 00003830 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1574225677-2836999415-375273348-1001
2016-05-11 20:28 - 2014-10-31 18:40 - 00003734 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1574225677-2836999415-375273348-1001
2016-05-11 17:18 - 2015-04-12 11:39 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 17:15 - 2015-04-12 11:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-11 17:11 - 2015-07-30 14:28 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 14:57 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 14:57 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 19:34 - 2015-11-13 15:16 - 00000000 ____D C:\Users\Zuhair\Documents\Theory of Knowledge
2016-05-10 18:25 - 2014-09-10 16:35 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 18:25 - 2014-09-10 16:35 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-28 20:12 - 2014-10-10 15:54 - 00000000 ____D C:\ProgramData\McAfee
2016-04-28 20:11 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 20:11 - 2014-10-10 15:54 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-04-27 12:35 - 2015-08-25 10:57 - 00000600 _____ C:\Users\Zuhair\PUTTY.RND
2016-04-27 11:54 - 2015-08-25 10:55 - 00000000 ____D C:\Users\Zuhair\Downloads\UltraSurf 15.01
2016-04-26 20:03 - 2015-01-26 08:58 - 00000000 ____D C:\Users\Zuhair\Documents\TI-Nspire
2016-04-26 19:37 - 2015-01-26 08:57 - 00000000 ____D C:\Users\Zuhair\AppData\Roaming\Texas Instruments
2016-04-26 19:32 - 2015-01-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2016-04-26 19:32 - 2015-01-23 21:31 - 00000000 ____D C:\Program Files (x86)\TI Education
2016-04-26 12:49 - 2015-08-06 15:00 - 00002414 _____ C:\Users\Zuhair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 12:49 - 2014-09-10 16:57 - 00000000 __RDO C:\Users\Zuhair\OneDrive
2016-04-25 10:43 - 2014-09-10 18:06 - 00000000 ____D C:\ProgramData\Oracle
2016-04-25 10:14 - 2015-04-05 12:50 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-25 10:14 - 2014-10-13 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-04-25 10:14 - 2014-10-13 11:33 - 00000000 ____D C:\Program Files\Java
2016-04-25 10:14 - 2014-09-10 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-25 10:13 - 2015-09-04 20:32 - 00000000 ____D C:\Users\Zuhair\.oracle_jre_usage
2016-04-25 10:12 - 2014-10-13 11:36 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-25 10:11 - 2016-01-20 19:24 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-22 19:51 - 2014-12-18 18:37 - 00000000 ____D C:\Users\Zuhair\Documents\Scan
2016-04-22 19:43 - 2016-02-06 22:23 - 00000000 ____D C:\ProgramData\boost_interprocess

==================== Files in the root of some directories =======

2016-01-09 15:26 - 2016-01-09 15:26 - 0000132 _____ () C:\Users\Zuhair\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2015-11-26 18:41 - 2015-11-26 18:41 - 0000044 _____ () C:\Users\Zuhair\AppData\Roaming\WB.CFG
2015-03-18 22:41 - 2015-03-18 22:41 - 0000094 _____ () C:\Users\Zuhair\AppData\Local\fusioncache.dat
2016-05-15 12:50 - 2016-05-15 12:50 - 0000885 _____ () C:\Users\Zuhair\AppData\Local\recently-used.xbel
2014-09-10 19:31 - 2014-09-11 19:11 - 0007602 _____ () C:\Users\Zuhair\AppData\Local\Resmon.ResmonCfg
2015-07-03 17:31 - 2015-07-03 17:31 - 0000000 _____ () C:\Users\Zuhair\AppData\Local\{225EB22E-8886-41D5-9B6E-1D6A8A4689E0}
2015-11-20 00:26 - 2015-11-20 00:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-05-17 17:49

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by Zuhair (2016-05-19 18:54:01)
Running from C:\Users\Zuhair\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-20 06:18:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1574225677-2836999415-375273348-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1574225677-2836999415-375273348-1005 - Limited - Enabled)
DefaultAccount (S-1-5-21-1574225677-2836999415-375273348-503 - Limited - Disabled)
Guest (S-1-5-21-1574225677-2836999415-375273348-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1574225677-2836999415-375273348-1003 - Limited - Enabled)
Zuhair (S-1-5-21-1574225677-2836999415-375273348-1001 - Administrator - Enabled) => C:\Users\Zuhair

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{E2078C11-E9EC-BD96-037C-A3423082F2BF}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Batman: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek)
Democracy 3 (HKLM-x32\...\1207659953_is1) (Version: 2.10.0.16 - GOG.com)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.17.0.4911 (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\GoToMeeting) (Version: 7.17.0.4911 - CitrixOnline)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{96C730E4-F055-4118-BDF3-6E071763853C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eff1d9d1-41fa-49ef-a986-082bfe49c293}) (Version: 16.8.0 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Juniper Networks Setup Client (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version: - Squad)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.6.140.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time) <==== ATTENTION
Popcorn-Time (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation)
Skype 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spotify (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Star Wars - Battlefront II (HKLM\...\Steam App 6060) (Version: - Pandemic Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Storage Place Launcher (HKLM-x32\...\{3D5003E2-6986-401B-B4F4-BE044D99155D}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
Stremio (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Stremio) (Version: 3.5.1 - Smart Code Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TI-Nspire Computer Link (HKLM-x32\...\{6C5AC088-3136-4043-8985-8B0772A9580E}) (Version: 3.9.0.455 - Texas Instruments Inc.)
TI-Nspire Student Software (HKLM-x32\...\{F46F949B-755F-4BEF-A4B9-7B3B73D0104A}) (Version: 3.9.0.463 - Texas Instruments Inc.)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{DF800E02-DCC0-424B-A126-5AE2E07B3DD4}) (Version: 1.2.2.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Face Recognition (HKLM\...\{2E557F12-8BE7-4DA8-AABB-7814DD6A783F}) (Version: 4.0.4.1 - Toshiba Corporation)
TOSHIBA Favorites (HKLM-x32\...\{7F0A0381-8555-47EF-A200-7F48244D6A69}) (Version: 1.0.0.1 - TOSHIBA America Information Systems, Inc)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.02.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\WhatsApp) (Version: 0.2.684 - WhatsApp)
Wi-Fi Analytics Tool (HKLM-x32\...\{41A6B30E-330B-4B56-9054-8F3D22B857E5}) (Version: 2.1.5 - AmpedWireless)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1574225677-2836999415-375273348-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Zuhair\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1574225677-2836999415-375273348-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Zuhair\AppData\Local\Citrix\GoToMeeting\1831\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {007F7F62-7D76-48C7-AA16-03F6078D40A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {06E79C6B-A6EC-40AE-B4E8-365D6A365937} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {113AF55B-2D5A-4AE0-8342-AAE506BCA84E} - System32\Tasks\Origin => C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe [2015-08-03] () <==== ATTENTION
Task: {1D3D810B-5014-4F0D-8B21-D406B350B2D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1E82E9C2-9AEE-4131-8401-4BB3A24A71C8} - System32\Tasks\{E96801D7-EC66-4C71-8619-0D8EBB67DF38} => pcalua.exe -a "C:\Users\Zuhair\Documents\Games\NBA 2K13\nba2k13.exe" -d "C:\Users\Zuhair\Documents\Games\NBA 2K13"
Task: {1EA01363-62A7-416D-813F-D43733A4B7BB} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-12] (McAfee, Inc.)
Task: {2C671389-2CFB-4763-8230-E1C571571B0A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {2E97B304-A061-4A99-9C32-E916538A8859} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {2F1144CB-909F-4FA3-8A30-BCA7B48B71E1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1574225677-2836999415-375273348-1001 => C:\Users\Zuhair\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {32AD5E32-5F13-4CCD-89B1-3C83F2C27FF4} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {3BE1D4B4-BDAC-4DD2-BC88-AF07467080DD} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {3E2FD156-2635-4B91-9FD2-7621916E4839} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EA3E8B9-A63C-495A-86FB-94E37CA788BA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {44D4C2B5-BFBC-495D-8FE8-E3DDD7C04554} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-01] (Microsoft Corporation)
Task: {4534378F-AEF8-484E-AA61-3E1F6B2B1B21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4985F2D9-5B2A-4408-BA9C-F5BD61D7343F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {57929690-6693-4D99-B668-2B248AB8CBB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {5AB1CFA7-CF64-4FB1-B9F8-EA4C45B7CA48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-17] (Synaptics Incorporated)
Task: {5DB22E15-DFEA-4EC1-8E58-AF186FA3A0C0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {619F5A31-2019-434D-9452-16CD612F94EE} - System32\Tasks\G2MUploadTask-S-1-5-21-1574225677-2836999415-375273348-1001 => C:\Users\Zuhair\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe [2016-05-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7690DF5E-DAEC-4773-A320-C7B285FEA3F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7B57D402-3246-4BE4-B04F-9E5D1D568198} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {82B186E9-4120-4067-B46A-BE96A7411B14} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {86E8E108-EDBB-44B0-9D2B-286F17A12BA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {8B75934C-3694-4F61-B278-48C3F122D16B} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
Task: {94399792-27FC-429A-8685-02674DAF1E54} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {A5C662B1-13D8-42F7-86B1-868CCC26AEDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8877285-A9BB-4A42-B3EA-63FCA10C528B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {A9FF9A55-3C6A-4C15-B3D9-16292FA4C633} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BAB41287-A832-4CB2-8CA2-1E7DC758C078} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {BFF7A848-67C5-4C81-89DC-1E6887109999} - System32\Tasks\{697BF24D-78EE-4CAE-B00F-BA59AE286B04} => pcalua.exe -a "C:\Users\Zuhair\Documents\Games\Call of Duty Advanced Warfare\Call of Duty Advanced Warfare\unins001.exe"
Task: {C20ECCFE-02CD-4A68-8AC8-119B1A1C44DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C72DCD8F-C1AB-4241-97CB-8A211666D1E2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D54FA8E5-9134-407C-BA3F-618D0B0FAC9F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-09-10] (Microsoft)
Task: {D676A6C4-D8F4-48E6-B9DA-21DAEA5CD098} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {D9E1B20C-D617-4A46-96B1-5F8296E8189C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-09-10] (Microsoft Corporation)
Task: {D9E2DC4D-619B-41EC-A3F1-C7A803EF3DA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DF2572CE-CF3B-4336-A01A-7E014120EF10} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {E345D165-6BB1-46E4-8EFC-EA45BCCF4B77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EB3B9E35-1510-4E69-A6BE-15926FD5379C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {ECE403AA-32AB-4AE5-9B94-19A859020738} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-09-10] (Microsoft Corporation)
Task: {F37BAC23-CCAF-4D76-8C82-DD45A0288790} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E4F231-1166-41CB-9859-1B60AC05C73F} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {FEA7174D-A0F8-4537-BCCF-B07702DCCD4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FFA53182-209F-423C-A8C7-D4E7DA396611} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1574225677-2836999415-375273348-1001.job => C:\Users\Zuhair\AppData\Local\Citrix\GoToMeeting\4911\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1574225677-2836999415-375273348-1001.job => C:\Users\Zuhair\AppData\Local\Citrix\GoToMeeting\4911\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-27 14:53 - 2013-03-27 14:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2015-06-11 09:48 - 2015-06-11 09:48 - 00022528 _____ () C:\WINDOWS\System32\sst9clm.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 10:47 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-10 18:44 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 10:47 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 12:49 - 2016-04-26 12:49 - 00959176 _____ () C:\Users\Zuhair\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2016-05-17 15:36 - 2016-05-01 06:52 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-18 17:37 - 2016-04-18 17:37 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-05-27 12:46 - 2015-05-27 12:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-07-18 00:35 - 2016-01-07 18:44 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-03-31 09:33 - 2016-05-01 04:52 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-06 22:21 - 2013-10-03 23:53 - 00734720 _____ () C:\WINDOWS\system32\SnMinDrv.dll
2014-11-29 15:20 - 2014-08-18 17:08 - 00087552 _____ () C:\WINDOWS\system32\SSDEVM64.DLL
2015-12-17 16:38 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 18:43 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 18:43 - 2016-04-22 23:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-05-10 18:44 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 18:44 - 2016-04-22 22:58 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-10 18:44 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 18:44 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-08-01 16:24 - 2013-08-01 16:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-08-05 13:15 - 2015-06-11 09:48 - 01604096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\sst9cdu.dll
2016-01-21 10:07 - 2016-01-21 10:07 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-14 18:05 - 2015-12-14 18:06 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-29 12:41 - 2016-03-29 12:41 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 12:41 - 2016-03-29 12:41 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 11:28 - 2016-03-04 11:28 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-18 17:37 - 2016-04-18 17:37 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 17:37 - 2016-04-18 17:37 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-08-18 16:57 - 2013-12-09 17:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-04-26 12:49 - 2016-04-26 12:49 - 00679624 _____ () C:\Users\Zuhair\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-19 13:10 - 2016-05-19 13:10 - 00098816 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32api.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00110080 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\pywintypes27.dll
2016-05-19 13:10 - 2016-05-19 13:10 - 00364544 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\pythoncom27.dll
2016-05-19 13:10 - 2016-05-19 13:10 - 00320512 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32com.shell.shell.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00776704 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_hashlib.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 01176576 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._core_.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00806400 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._gdi_.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00816128 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._windows_.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 01067008 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._controls_.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00733184 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._misc_.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00682496 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\pysqlite2._sqlite.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00088064 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_ctypes.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00119808 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32file.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00108544 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32security.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00007168 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\hashobjs_ext.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00017920 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\thumbnails_ext.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00088064 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\usb_ext.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00167936 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32gui.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00018432 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32event.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00046080 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_socket.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 01208320 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_ssl.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00128512 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_elementtree.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00127488 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\pyexpat.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00012288 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\common.time34.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00038912 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32inet.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00036864 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_psutil_windows.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00525208 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\windows._lib_cacheinvalidation.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00011264 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32crypt.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00077312 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._html2.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00027136 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_multiprocessing.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00020480 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\_yappi.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00035840 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32process.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00686080 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\unicodedata.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00078848 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._animate.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00123392 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\wx._wizard.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00024064 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32pipe.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00010240 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\select.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00025600 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32pdh.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00017408 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32profile.pyd
2016-05-19 13:10 - 2016-05-19 13:10 - 00022528 ____R () C:\Users\Zuhair\AppData\Local\Temp\_MEI72682\win32ts.pyd
2016-05-03 09:41 - 2016-05-03 09:41 - 22346936 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 09:41 - 2016-05-03 09:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-05-03 09:41 - 2016-05-03 09:41 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2016-05-12 18:46 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 18:46 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2015-03-17 08:50 - 2015-03-17 08:50 - 00537088 _____ () C:\Program Files (x86)\Samsung\Easy Document Creator\EDCAddin.dll
2015-03-17 08:50 - 2015-03-17 08:50 - 00626688 _____ () C:\Program Files (x86)\Samsung\Easy Document Creator\EDCOffice.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\sharepoint.com -> hxxps://cometmail-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Control Panel\Desktop\\Wallpaper -> c:\users\zuhair\pictures\background pics\masjid\jama masjid.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Samsung Network PC Fax.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_93D7758D722C600E87BB208A824D37F1"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "Comrade.exe"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\StartupApproved\Run: => "NowUSeeIt Player"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1B0A39B1-6F28-41AC-A956-973AB049021A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EEF7C1ED-9642-4A6B-A2F2-7B64F9503853}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{477E7607-2A0F-49BA-8971-A038E2B0A458}C:\users\zuhair\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\zuhair\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{DCCAC357-87A5-4622-8B0B-5A25C6419C05}C:\users\zuhair\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\zuhair\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{439DE7AF-B141-45DE-AA8C-A8E9B831F731}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{DE860B25-8F2E-40B5-A86E-6440B842851D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{DD8ADF53-65D7-4C2B-8957-A28F715BB7AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{B1297B8B-D466-4F25-83CE-4011B94E0C0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [UDP Query User{E0711E86-9E87-4EAB-8D94-262E7FAE92C5}C:\users\zuhair\downloads\ultrasurf 15.01\u1502.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1502.exe
FirewallRules: [TCP Query User{22F5492F-7ED3-4676-8973-0082FB3941F8}C:\users\zuhair\downloads\ultrasurf 15.01\u1502.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1502.exe
FirewallRules: [{327B9CE2-007E-4107-8A99-177F5AA2AB8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9734402C-1A98-4527-A46F-D98D142C1803}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{881D1B78-4B6A-4415-890B-E29E7E37DD7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85262FA7-E719-4A77-8F18-31DBFDA4A05C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B497ED72-D346-420A-AFC0-C3736AB4AAF2}] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{92E5F6AD-B367-4F2E-AB3A-A010B07AD5B1}] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{4EBA6114-0E08-4067-A082-1DC54D3C294B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{3E5821CA-70A7-4605-A67C-3FC6BB98682A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{1CDC0B0C-D1E5-40CE-AF98-B069B86B764B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DB741CD8-752D-4E02-A013-8DBB2C56E43B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9235DF7F-0216-4DBD-B849-A35EA3ABC58B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{76AC516C-4522-47DE-B9C2-CCA262EF5D01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [UDP Query User{22DF25CC-24C2-4F47-84F7-545521F9CDE4}C:\users\zuhair\downloads\ultrasurf 15.01\u1501.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1501.exe
FirewallRules: [TCP Query User{1CA91207-A527-4F85-9614-9A76D5E09C12}C:\users\zuhair\downloads\ultrasurf 15.01\u1501.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1501.exe
FirewallRules: [{76459F6D-89B1-40B0-B795-ADD373560DAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{20A3E09F-DE3B-43EC-96F0-C71A2C93ACEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{51D714D7-BB29-4784-ABE1-DB034859F823}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{DB9E4C11-7BC8-4DDF-8B02-5D225803D1E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{158D1311-F40B-4495-BBA7-FD12660653CD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3224B7E9-A92E-4B47-862F-B6BA1AA62742}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{200B4196-C735-4950-9F17-317B5B066D26}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76EDD38A-F3E5-469B-9445-94B019F960FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A07421DA-E5D9-4389-97A5-7BAF667EBB9B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6DB9BC97-F06A-47E1-8371-3C2480E016B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C92043C7-7225-4083-A3E9-4A466AB677F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7249D59A-96E1-4389-BCCB-8A20D292E013}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBC6EEB9-B3E4-4699-9F62-C439B38045EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47546E43-76EA-424C-84B5-0603E5AF3D18}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2341D4E8-71F1-4CD6-AD56-44A0940338DD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{559D5094-B126-4AD9-905D-420832B255A8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8F88978B-702F-499A-881D-0E24238F2625}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [TCP Query User{807404C5-6D7C-4860-91A6-00E190DB1074}C:\users\zuhair\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\zuhair\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{4EEFF6CD-B641-4458-A8F4-679D0CD32A07}C:\users\zuhair\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\zuhair\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{5564068F-2105-4EAB-BAE9-1DFBE8D832C1}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F037BF92-3984-4DEA-A732-727EF6FBC462}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{2C69E25A-A910-4214-8AD4-6ADA290EB137}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{BCF757D7-6B71-41BC-81D5-6AB727E7104A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{6C59BAA5-B8BE-43CF-B819-9FF8BB00B9FE}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{8FE0291A-16F4-4401-A4FB-FBBA97F0D287}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{044DEC08-1E6E-42C6-B981-45DACBDC9D4C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6626D11F-F814-48CF-9B29-EAC3C2375ABC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B0228AC5-952F-48B1-8E27-5D83B65A6929}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1D921A75-8B47-4E60-9101-BEE842CC0E42}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{50341E83-961F-4B13-956C-B07EE7EEDB75}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{5C926EBC-B293-46BC-8B27-15434B428A63}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{26ACDA75-8874-49F5-9F92-1CAC3F7CF647}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{EE05C0FB-D58D-48D8-AC66-1FBD7D59CB9F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{8C9C1C79-61BF-4016-AB2F-4114FD033836}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{848F0F1B-6DB0-4671-B58A-9A2E88B41F41}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F8D65D36-B7E3-4C01-8F87-5534ED36217F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{658FC76A-9105-4E80-8A81-9F20427B607E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{3F691E95-426C-41B5-9318-F39D4D117C5E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{A84C93DA-847F-4F84-9180-F67D78B865E2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{18FF1F83-2434-4837-B08C-FFE84DF0F785}C:\users\zuhair\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zuhair\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{30844818-808F-4DE1-BF4F-B88C751A8BFD}C:\users\zuhair\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zuhair\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3B444F72-EA3E-4FFD-A01C-1877F5050520}] => (Allow) C:\Users\Zuhair\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B1AB276B-499A-4055-9793-5FE97DD6C141}] => (Allow) C:\Users\Zuhair\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{BDAAB37E-9518-4723-A4ED-06E3B2D85836}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe
FirewallRules: [UDP Query User{734A64FA-8A82-4E9C-9598-57E254630C62}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe
FirewallRules: [TCP Query User{6065BE00-3C1F-46B7-A00F-C08BD6519447}C:\program files (x86)\ti education\ti-nspire student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\jre\bin\java.exe
FirewallRules: [UDP Query User{1298C7DA-6B4B-42A0-B8C0-F7C93E2EFD5C}C:\program files (x86)\ti education\ti-nspire student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\jre\bin\java.exe
FirewallRules: [TCP Query User{378E70C1-0FFA-4C16-AD03-4D549465287C}C:\program files (x86)\ti education\ti-nspire student software\ti-diagnostics\ti-diagnostic.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\ti-diagnostics\ti-diagnostic.exe
FirewallRules: [UDP Query User{6087F463-1948-4369-89F1-E12661FA0D3E}C:\program files (x86)\ti education\ti-nspire student software\ti-diagnostics\ti-diagnostic.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire student software\ti-diagnostics\ti-diagnostic.exe
FirewallRules: [{B3C6F8F7-D856-40AC-BAEF-F5718E2C25DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BE0F677C-F372-41C5-83CC-628EAB89A7C2}C:\users\zuhair\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zuhair\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4AE79B78-EC05-4FE4-8FB7-9FA57FA215A6}C:\users\zuhair\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\zuhair\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C4B1487D-C914-4B93-A49D-AEC55ED0F9C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{86F0D0A0-C77C-4585-B000-1A4A090DC28C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [TCP Query User{C5E7F226-48DA-4363-ACBE-24C92B1C7423}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{9E2684C1-ECDD-4B5C-A008-A24E7DC73BC5}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{33B01089-123E-4505-81C9-881CBF9856D5}C:\users\zuhair\documents\zuhair utilities\ultrasurf\bittorrent.exe] => (Allow) C:\users\zuhair\documents\zuhair utilities\ultrasurf\bittorrent.exe
FirewallRules: [UDP Query User{9CCB9443-A21E-4D63-98AA-2FB1F7C02EAE}C:\users\zuhair\documents\zuhair utilities\ultrasurf\bittorrent.exe] => (Allow) C:\users\zuhair\documents\zuhair utilities\ultrasurf\bittorrent.exe
FirewallRules: [TCP Query User{490885AF-42E5-4467-8F45-3C585DAE3B69}C:\users\zuhair\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\zuhair\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [UDP Query User{A7968362-903C-479A-8492-1642F5F53A5B}C:\users\zuhair\appdata\roaming\bittorrent\updates\7.9.3_40299.exe] => (Allow) C:\users\zuhair\appdata\roaming\bittorrent\updates\7.9.3_40299.exe
FirewallRules: [TCP Query User{4670EBF8-A17E-41E7-AD94-FE1868199AA7}C:\users\zuhair\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\zuhair\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{C835B5F1-FB23-4B4E-8AED-54D8A999E4D1}C:\users\zuhair\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\zuhair\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{7115318D-669F-470C-844B-EA2426CB071F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{264FF872-FD43-49CC-9681-A01A31BD4280}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8FE4E0CC-C780-4211-B7D0-55050F3CBDC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E2FBC4B0-4792-486A-A447-2D2F94B39C43}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0314CC9C-4FBF-421A-9163-757F28443202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C492F224-E6ED-4E3F-8B29-65BF524059C6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F382489B-F5D1-4ECC-9E7A-294C68776457}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{CAE01438-0BDB-4B4C-82CF-A93B41A76203}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B88FBD13-A3FC-4305-8221-704DA01DCF55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{03E05467-F818-4C24-86B6-F34B5A51E898}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{E9106F61-9962-413D-8614-B82ED42CCD29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{A351416A-AD75-4D7D-B426-B37810FB29FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{770A3D13-8F12-498B-919D-B7AF73B172DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C8DB118A-41ED-410A-A37F-A7EE0E88B5AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{80F62792-2BC3-4440-A58A-EBE3A2D47CDE}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{719F1EE8-4FA5-414C-A7DB-403E806099F9}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{4EEB786A-C7FC-4948-949B-A88C06E229F6}C:\users\zuhair\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) C:\users\zuhair\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [UDP Query User{2A29CA02-A23F-4609-A612-477E74C9BB8C}C:\users\zuhair\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) C:\users\zuhair\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{4F474A59-5ED1-4F44-9B8F-EE7444EAE8A4}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{1F6E413A-1D3E-4CBF-8106-4A6D04D9FCD1}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{26A8B57C-EA39-4F85-8A6C-39E71DBD990F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{1652D095-2305-4982-B208-2BC2B2D90E2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [TCP Query User{8F02DE6D-58C6-45F2-ABE1-0434681BA655}C:\users\zuhair\downloads\ultrasurf 15.01\u1504.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1504.exe
FirewallRules: [UDP Query User{EF393C05-4F5A-47D5-A42F-A21E8F37F465}C:\users\zuhair\downloads\ultrasurf 15.01\u1504.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01\u1504.exe
FirewallRules: [{2CFD9421-D226-41C8-A385-EB371F06EAAF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{624C0402-F34A-46F6-8CDF-B066353E288A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{8E198FD1-A049-44F1-9519-BFB82BE9E525}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{D14C812E-3948-44E4-B8B7-B88DEFF36F53}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{475C0392-0207-4A28-9236-AE921DD3DD04}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C3D78100-EDCF-4C88-8AE2-F0E1C34083D3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{70D116D8-6FAF-4583-93CE-5D70A8FA9601}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{5955D2CA-6507-442D-9B4E-FE573F39F115}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{C6984A81-C5F4-492A-A783-8E127A8184E6}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{019F2859-C8E6-48F6-84C2-58C87FCC4752}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{BE851F97-82EF-4693-9EDE-8EF6B31A8F86}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{8BA398FF-B601-4B6B-971C-E2707B4F96B4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{7A59FB5B-1C78-4EFE-8E31-DD0BFD175E6F}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{155CE209-C8CD-4203-A6C6-E155E27E8EEA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{954C7935-B412-47A1-9562-B7EF998C9501}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{308CEE8E-EEFE-4756-96E0-1B15DFE5BC18}C:\users\zuhair\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\zuhair\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{F0DE7480-1F2D-4731-8077-4770DA4DB91C}C:\users\zuhair\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\zuhair\appdata\local\popcorn-time\nw.exe
FirewallRules: [{9D8B16AB-7356-45DD-ACE3-2CD5C940ED7F}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{42FDAEAF-84EC-4AB9-ACFC-A9FAD47D1847}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C9323B0-FB17-4B99-BACD-4DEA780F1E8B}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B942B7CD-EABA-4E20-B24E-A5514B82A926}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59E1EE60-BA2E-49B6-8573-06710186D7BB}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD863730-4765-4D1A-AA7C-DFF8C3663DB6}] => (Allow) C:\Users\Zuhair\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{45BE52AB-EA36-430E-A6EA-17DDDB6E65C6}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{E77B571A-D9D5-4836-9BFA-D32DB5DB4A71}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{989B2897-A422-424A-B6DC-EC3C3BB80AC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{674CCAFE-C399-462B-91D9-B48B10EFD027}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{B78687B9-A0D6-4ED6-9593-6E836E7BC50E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{1CF10F9E-1D3D-443D-AA33-4FB39F16887C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FC2B21D0-8B13-4387-AB70-3A662D34D836}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FD2C6B6D-94D0-4F96-BAE1-CB36CC93696E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{59A83632-EE1F-468A-9CC6-767C53CB7055}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{05E27B4A-884F-4DAB-A0FE-BC9F40B830A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B577C72B-C6FE-4908-9B65-DAAF42D5A3D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{2297CB70-793A-4760-863F-4A94F12B404C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{80BEE5DE-2E10-473A-8365-7D94207C3F48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{D22B0789-56DD-4C88-AACD-A9B9835F53C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [TCP Query User{D08E26C9-8992-4490-99AC-9EFAF88D8570}C:\program files (x86)\ti education\ti-nspire computer link\ti-nspire computer link.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire computer link\ti-nspire computer link.exe
FirewallRules: [UDP Query User{9E67F7D3-56CD-4DBC-848D-AC7BE11C9A8A}C:\program files (x86)\ti education\ti-nspire computer link\ti-nspire computer link.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire computer link\ti-nspire computer link.exe
FirewallRules: [TCP Query User{7D971698-FEA3-4A96-8833-703BC7E84990}C:\program files (x86)\ti education\ti-nspire computer link\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire computer link\jre\bin\java.exe
FirewallRules: [UDP Query User{E230BA1E-D79D-4521-91DD-9631D3081C92}C:\program files (x86)\ti education\ti-nspire computer link\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire computer link\jre\bin\java.exe
FirewallRules: [TCP Query User{36344DCF-0FE7-4E75-874C-37FC2C1D0F8D}C:\users\zuhair\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\zuhair\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{D2BB5EB7-5C24-4F16-897E-B697E34E718C}C:\users\zuhair\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\zuhair\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{66F31E02-C8DD-44A8-95E5-8E8B4D9FE2A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-05-2016 18:04:27 Scheduled Checkpoint
19-05-2016 18:36:23 McAfee Vulnerability Scanner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2016 06:44:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/19/2016 06:36:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/19/2016 06:07:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/19/2016 04:52:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZUHAIR)
Description: Activation of app Weather.TheWeatherChannel_t3yemqpq4kp7p!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/19/2016 02:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Cortana.BackgroundTask.dll, version: 0.0.0.0, time stamp: 0x571af2e6
Exception code: 0xc0000409
Fault offset: 0x000000000007f5c9
Faulting process id: 0x3374
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (05/19/2016 01:05:24 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/19/2016 01:00:32 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/19/2016 12:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: Cortana.Core.dll, version: 0.0.0.0, time stamp: 0x571af2d0
Exception code: 0xc0000005
Fault offset: 0x000000000001325d
Faulting process id: 0x27c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (05/19/2016 12:39:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Zuhair.local already in use; will try Zuhair-2.local instead

Error: (05/19/2016 12:39:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Zuhair.local. AAAA 2605:6000:88DD:E800:1966:2CE2:D5C9:4FAE


System errors:
=============
Error: (05/19/2016 04:53:10 PM) (Source: DCOM) (EventID: 10001) (User: ZUHAIR)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX471v8hk112p9h1wvjtjmt53ere8bqvtv.mca31App.AppXcr2napxrt9bnht8xzh5w88dt5cfay92d.mcaUnavailableUnavailable

Error: (05/19/2016 04:32:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Get Office.

Error: (05/19/2016 02:37:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (05/19/2016 01:28:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/19/2016 01:12:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/19/2016 01:07:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (05/19/2016 01:07:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (05/19/2016 01:07:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Samsung Network Fax Server service failed to start due to the following error:
%%2

Error: (05/19/2016 01:06:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update service service failed to start due to the following error:
%%1053

Error: (05/19/2016 01:06:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update service service to connect.


CodeIntegrity:
===================================
Date: 2016-05-19 18:58:04.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-19 17:40:16.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-17 17:41:56.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-15 09:08:48.022
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-14 14:15:07.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 09:55:05.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 18:40:46.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-20 08:11:07.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-17 20:29:49.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-17 13:44:52.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 12198.85 MB
Available physical RAM: 6353.85 MB
Total Virtual: 14054.85 MB
Available Virtual: 8035.27 MB

==================== Drives ================================

Drive c: (TI10700300A) (Fixed) (Total:920.08 GB) (Free:207.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 May 2016 - 09:36 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 20 May 2016 - 09:37 AM

Greetings djohn4562 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Cracking Software Warning

--------------------

There is evidence of pirated software on your computer and I would request you remove it prior to completing the steps I have posted.
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
C:\Program Files (x86)\NowUSeeItPlayer
GroupPolicyUsers\S-1-5-21-1574225677-2836999415-375273348-1001\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {EF9C718F-7F6B-46A3-84BE-5342B861A88F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir="
2015-07-03 17:31 - 2015-07-03 17:31 - 0000000 _____ () C:\Users\Zuhair\AppData\Local\{225EB22E-8886-41D5-9B6E-1D6A8A4689E0}
C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe
Task: {007F7F62-7D76-48C7-AA16-03F6078D40A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {06E79C6B-A6EC-40AE-B4E8-365D6A365937} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {113AF55B-2D5A-4AE0-8342-AAE506BCA84E} - System32\Tasks\Origin => C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe [2015-08-03] () <==== ATTENTION
Task: {1D3D810B-5014-4F0D-8B21-D406B350B2D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
C:\Program Files (x86)\Professional PC Cleaner
Task: {3BE1D4B4-BDAC-4DD2-BC88-AF07467080DD} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {3E2FD156-2635-4B91-9FD2-7621916E4839} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EA3E8B9-A63C-495A-86FB-94E37CA788BA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4534378F-AEF8-484E-AA61-3E1F6B2B1B21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4985F2D9-5B2A-4408-BA9C-F5BD61D7343F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A5C662B1-13D8-42F7-86B1-868CCC26AEDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A9FF9A55-3C6A-4C15-B3D9-16292FA4C633} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C72DCD8F-C1AB-4241-97CB-8A211666D1E2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E345D165-6BB1-46E4-8EFC-EA45BCCF4B77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F37BAC23-CCAF-4D76-8C82-DD45A0288790} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E4F231-1166-41CB-9859-1B60AC05C73F} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {FFA53182-209F-423C-A8C7-D4E7DA396611} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Users\Zuhair\AppData\Local\Temp\_MEI72682
FirewallRules: [UDP Query User{E0711E86-9E87-4EAB-8D94-262E7FAE92C5}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe
FirewallRules: [TCP Query User{22F5492F-7ED3-4676-8973-0082FB3941F8}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe
C:\users\zuhair\downloads\ultrasurf 15.01
FirewallRules: [UDP Query User{22DF25CC-24C2-4F47-84F7-545521F9CDE4}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe
FirewallRules: [TCP Query User{1CA91207-A527-4F85-9614-9A76D5E09C12}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe
Folder: C:\703f2bdfe69789f75a
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 20 May 2016 - 09:37 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 20 May 2016 - 07:52 PM

# AdwCleaner v5.117 - Logfile created 20/05/2016 at 14:52:42
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Zuhair - ZUHAIR
# Running from : C:\Users\Zuhair\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[#] Folder Deleted : C:\ProgramData\Application Data\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Program Files (x86)\Popcorn Time
[#] Folder Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
[-] Folder Deleted : C:\Users\Zuhair\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchsafer-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searchsafer-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.developpement-durable.gouv.fr_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.developpement-durable.gouv.fr_0.localstorage-journal
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.invisiblemask.com_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.invisiblemask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trainingmask.com_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [NetRadio.exe]
[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [NetRadio.vshost.exe]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ljibkigjccbegnbeojkoafejpoiachej
[-] Key Deleted : HKCU\Software\CoinisRS
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1929100-0FD2-40A0-A385-1344D2651760}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data Restored : HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF9C718F-7F6B-46A3-84BE-5342B861A88F}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[-] Value Deleted : HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NowUSeeIt Player]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ljibkigjccbegnbeojkoafejpoiachej
[-] [C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oiokahphinmbmakkehgelkmpolmnbkdh
[-] [C:\Users\Zuhair\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6563 bytes] - [20/05/2016 14:52:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [6904 bytes] - [20/05/2016 14:45:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6709 bytes] ##########
 
Fix result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by Zuhair (2016-05-20 12:32:14) Run:1
Running from C:\Users\Zuhair\Desktop
Loaded Profiles: Zuhair (Available Profiles: Zuhair)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
C:\Program Files (x86)\NowUSeeItPlayer
GroupPolicyUsers\S-1-5-21-1574225677-2836999415-375273348-1001\User: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKU\S-1-5-21-1574225677-2836999415-375273348-1001 -> {EF9C718F-7F6B-46A3-84BE-5342B861A88F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
CHR HomePage: Default -> hxxp://www.palikan.com/?f=1&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir=
CHR StartupUrls: Default -> "hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_48_ssg07&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByCzytDyCyByEyDyCzz0CtN0D0Tzu0StCyEtByDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAzz0DzyyEtDyEyCtGtA0B0C0EtGzy0EtB0CtGtC0D0BtDtGyB0D0F0CyC0DyDtD0Ezy0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0CtBzztBtD0EyEtGtCyD0CtDtGyE0ByCyEtG0A0CyDyCtGyDzzyB0C0B0C0BzztD0ByBzy2QtN0A0LzutB&cr=940053585&ir="
2015-07-03 17:31 - 2015-07-03 17:31 - 0000000 _____ () C:\Users\Zuhair\AppData\Local\{225EB22E-8886-41D5-9B6E-1D6A8A4689E0}
C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe
Task: {007F7F62-7D76-48C7-AA16-03F6078D40A2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {06E79C6B-A6EC-40AE-B4E8-365D6A365937} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
Task: {113AF55B-2D5A-4AE0-8342-AAE506BCA84E} - System32\Tasks\Origin => C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe [2015-08-03] () <==== ATTENTION
Task: {1D3D810B-5014-4F0D-8B21-D406B350B2D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
C:\Program Files (x86)\Professional PC Cleaner
Task: {3BE1D4B4-BDAC-4DD2-BC88-AF07467080DD} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {3E2FD156-2635-4B91-9FD2-7621916E4839} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EA3E8B9-A63C-495A-86FB-94E37CA788BA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {4534378F-AEF8-484E-AA61-3E1F6B2B1B21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4985F2D9-5B2A-4408-BA9C-F5BD61D7343F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A5C662B1-13D8-42F7-86B1-868CCC26AEDB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A9FF9A55-3C6A-4C15-B3D9-16292FA4C633} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C72DCD8F-C1AB-4241-97CB-8A211666D1E2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E345D165-6BB1-46E4-8EFC-EA45BCCF4B77} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F37BAC23-CCAF-4D76-8C82-DD45A0288790} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F5E4F231-1166-41CB-9859-1B60AC05C73F} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
Task: {FFA53182-209F-423C-A8C7-D4E7DA396611} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Users\Zuhair\AppData\Local\Temp\_MEI72682
FirewallRules: [UDP Query User{E0711E86-9E87-4EAB-8D94-262E7FAE92C5}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe
FirewallRules: [TCP Query User{22F5492F-7ED3-4676-8973-0082FB3941F8}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe
C:\users\zuhair\downloads\ultrasurf 15.01
FirewallRules: [UDP Query User{22DF25CC-24C2-4F47-84F7-545521F9CDE4}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe
FirewallRules: [TCP Query User{1CA91207-A527-4F85-9614-9A76D5E09C12}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe] => (Allow) C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe
Folder: C:\703f2bdfe69789f75a
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKU\S-1-5-21-1574225677-2836999415-375273348-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value removed successfully
"C:\Program Files (x86)\NowUSeeItPlayer" => not found.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1574225677-2836999415-375273348-1001\User => moved successfully
"HKU\S-1-5-21-1574225677-2836999415-375273348-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}" => key removed successfully
HKCR\CLSID\{6586d803-df30-46d3-a89a-4136c8571d45} => key not found. 
"HKU\S-1-5-21-1574225677-2836999415-375273348-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF9C718F-7F6B-46A3-84BE-5342B861A88F}" => key removed successfully
HKCR\CLSID\{EF9C718F-7F6B-46A3-84BE-5342B861A88F} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Zuhair\AppData\Local\{225EB22E-8886-41D5-9B6E-1D6A8A4689E0} => moved successfully
C:\Users\Zuhair\AppData\Roaming\Origin\update.vbe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{007F7F62-7D76-48C7-AA16-03F6078D40A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{007F7F62-7D76-48C7-AA16-03F6078D40A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06E79C6B-A6EC-40AE-B4E8-365D6A365937}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06E79C6B-A6EC-40AE-B4E8-365D6A365937}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{113AF55B-2D5A-4AE0-8342-AAE506BCA84E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113AF55B-2D5A-4AE0-8342-AAE506BCA84E}" => key removed successfully
C:\WINDOWS\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D3D810B-5014-4F0D-8B21-D406B350B2D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D3D810B-5014-4F0D-8B21-D406B350B2D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"C:\Program Files (x86)\Professional PC Cleaner" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BE1D4B4-BDAC-4DD2-BC88-AF07467080DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BE1D4B4-BDAC-4DD2-BC88-AF07467080DD}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E2FD156-2635-4B91-9FD2-7621916E4839}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2FD156-2635-4B91-9FD2-7621916E4839}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EA3E8B9-A63C-495A-86FB-94E37CA788BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA3E8B9-A63C-495A-86FB-94E37CA788BA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4534378F-AEF8-484E-AA61-3E1F6B2B1B21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4534378F-AEF8-484E-AA61-3E1F6B2B1B21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4985F2D9-5B2A-4408-BA9C-F5BD61D7343F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4985F2D9-5B2A-4408-BA9C-F5BD61D7343F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5C662B1-13D8-42F7-86B1-868CCC26AEDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C662B1-13D8-42F7-86B1-868CCC26AEDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9FF9A55-3C6A-4C15-B3D9-16292FA4C633}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9FF9A55-3C6A-4C15-B3D9-16292FA4C633}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C72DCD8F-C1AB-4241-97CB-8A211666D1E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C72DCD8F-C1AB-4241-97CB-8A211666D1E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E345D165-6BB1-46E4-8EFC-EA45BCCF4B77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E345D165-6BB1-46E4-8EFC-EA45BCCF4B77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F37BAC23-CCAF-4D76-8C82-DD45A0288790}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F37BAC23-CCAF-4D76-8C82-DD45A0288790}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5E4F231-1166-41CB-9859-1B60AC05C73F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5E4F231-1166-41CB-9859-1B60AC05C73F}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProfessionalPCCleaner_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFA53182-209F-423C-A8C7-D4E7DA396611}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA53182-209F-423C-A8C7-D4E7DA396611}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"C:\Users\Zuhair\AppData\Local\Temp\_MEI72682" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E0711E86-9E87-4EAB-8D94-262E7FAE92C5}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{22F5492F-7ED3-4676-8973-0082FB3941F8}C:\users\zuhair\downloads\ultrasurf 15.01ᔂ.exe => value not found.
C:\users\zuhair\downloads\ultrasurf 15.01 => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22DF25CC-24C2-4F47-84F7-545521F9CDE4}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1CA91207-A527-4F85-9614-9A76D5E09C12}C:\users\zuhair\downloads\ultrasurf 15.01ᔁ.exe => value not found.
 
========================= Folder: C:\703f2bdfe69789f75a ========================
 
2014-03-26 21:50 - 2014-03-26 21:50 - 1901056 ____N () C:\703f2bdfe69789f75a\netfx_core_x64.msi
2014-03-26 21:50 - 2014-03-26 21:50 - 1163264 ____N () C:\703f2bdfe69789f75a\netfx_core_x86.msi
2014-03-26 21:50 - 2014-03-26 21:50 - 0872448 ____N () C:\703f2bdfe69789f75a\netfx_extended_x64.msi
2014-03-26 21:50 - 2014-03-26 21:50 - 0495616 ____N () C:\703f2bdfe69789f75a\netfx_extended_x86.msi
2014-04-12 11:48 - 2014-04-12 11:48 - 1572864 _____ () C:\703f2bdfe69789f75a\netfx_Full_GDR_x64.msi
2016-03-15 17:23 - 2016-03-15 17:23 - 0000000 ____D () C:\703f2bdfe69789f75a\NetFx451
2014-03-26 21:50 - 2014-03-26 21:50 - 1544192 ____N () C:\703f2bdfe69789f75a\NetFx451\netfx_Full_GDR_x64.msi
 
====== End of Folder: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:32:18 ====
 
 

 


Also, my laptop's radio noise has gotten louder, no fix yet

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 20 May 2016 - 08:04 PM

Thank you for the logs. Please do this.

===================================================

Identifying Applications Utilizing System Speakers

--------------------
  • Right click on the Speaker icon in the lower right corner of the screen
  • Select Open Volume Mixer
  • What Application(s) is listed?
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Application(s)?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 20 May 2016 - 08:24 PM

There are no applications listed, just system sounds and speakers, and there is no green bar next to the system sounds.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 20 May 2016 - 08:31 PM

Thanks,

Which browser(s) is affected?

Please do this.

===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browser(s)?
  • Zoek log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 May 2016 - 02:56 PM

I think Chrome is affected, from which the virus might be running. I have used a Cleaner to delete my temp files and cleared all of my Chrome data, but the internet radio is still happening in the background.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 21 May 2016 - 02:59 PM

Hold off on doing anything unless I ask since that can change the dynamics and I won't know what has been modified.

Did you try Internet Explorer? If not, please do so. That will provide us with an important bit of information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 May 2016 - 03:27 PM

Even without opening Chrome, it is still starting up the radio, I am using Edge right now in Windows 10.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 21 May 2016 - 04:28 PM

Greetings,

Please do these things for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\Users\Zuhair\AppData\Local\Temp\_MEI4522
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
explorer.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\explorer.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Search log
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 21 May 2016 - 05:02 PM

Greetings,

Sorry I posted more steps before letting you finish the last ones! :)

Please do this.

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Allow the Prescan to finish
  • Click Scan
  • When the Status box shows Scan Finished place a checkmark in the following and select Delete

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0083451463855228mcinstcleanup (C:\WINDOWS\TEMP\008345~1.EXE -cleanup -nolog) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0083451463855228mcinstcleanup (C:\WINDOWS\TEMP\008345~1.EXE -cleanup -nolog) -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • TDSSKiller log
  • aswMBR log
  • MTB log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 May 2016 - 07:44 PM

k


Edited by djohn4562, 22 May 2016 - 11:55 AM.


#13 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 21 May 2016 - 07:47 PM

k


Edited by djohn4562, 22 May 2016 - 11:56 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:40 AM

Posted 21 May 2016 - 09:33 PM

That all looks good.

Could you boot into Safe Mode with Networking and tell me if you still hear it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 djohn4562

djohn4562
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 22 May 2016 - 10:34 AM

I opened it and it does not play any sounds, although there is an X next to the audio an network indicators in the task bar.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users