Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by moez (administrator) on MOEZ-PC (14-10-2016 16:59:12)
Running from C:\Users\moez\Desktop
Loaded Profiles: moez (Available Profiles: moez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
() E:\Program Files (x86)\EagleGet\EGMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(EagleGet.com) E:\Program Files (x86)\EagleGet\EagleGet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKU\S-1-5-21-318700280-1262799068-3410121159-1000\...\Run: [EagleGet] => E:\Program Files (x86)\EagleGet\EagleGet.exe [1945776 2016-09-13] (EagleGet.com)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-07-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-07-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{49C2C95E-1790-4D78-8806-D3DBD630AF07}: [DhcpNameServer] 192.168.10.10 192.168.10.1
Tcpip\..\Interfaces\{8533FD6F-1DCD-47F7-8B2A-B3F3F3C6FC61}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-318700280-1262799068-3410121159-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mhotspot.com/search.html
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files (x86)\office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\jav\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files (x86)\office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\jav\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> E:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-09-13] (EagleGet.com)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office2\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files (x86)\office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 3y9rp38n.default
FF ProfilePath: C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default [2016-10-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks_port", 9150
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks_remote_dns", true
FF Extension: (anonymoX) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\client@anonymox.net.xpi [2016-07-29]
FF Extension: (User-Agent Switcher) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2016-09-22]
FF Extension: (&Yandex Elements&) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\yasearch@yandex.ru [2016-07-26] [not signed]
FF Extension: (Video AdBlock) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-07-31]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-07-27]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> E:\Program Files (x86)\jav\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> E:\Program Files (x86)\jav\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-318700280-1262799068-3410121159-1000: eagleget.com/EagleGet32 -> E:\Program Files (x86)\EagleGet\npEagleget.dll [2016-09-13] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\firefox\firefox.exe
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default [2016-10-14]
CHR Extension: (عروض Google التقديمية) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-27]
CHR Extension: (محرّر مستندات Google) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-27]
CHR Extension: (Google Drive) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (Youtube) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Kaspersky Protection) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-07-27]
CHR Extension: (جداول بيانات Google ) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-27]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-02]
CHR Extension: (EagleGet Free Downloader) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27]
CHR Extension: (Gmail) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-318700280-1262799068-3410121159-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - E:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2016-07-27]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - E:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2016-07-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-08-31] (Kaspersky Lab ZAO)
R2 egGetSvc; E:\Program Files (x86)\EagleGet\EGMonitor.exe [247984 2016-09-13] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; E:\Program Files (x86)\Microsoft Office2\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3993184 2016-04-11] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor)
S3 ShareItSvc; E:\Program Files (x86)\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-02] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77624 2016-09-13] (eagleGet) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-07-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-07-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-07-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-07-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-07-27] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-07-27] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [629064 2016-03-10] (Realtek Semiconductor Corporation)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-01-06] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-01-06] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-02] (Synaptics Incorporated)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-04-28] (Oracle Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-14 16:59 - 2016-10-14 16:59 - 00023023 _____ C:\Users\moez\Desktop\FRST.txt
2016-10-14 16:59 - 2016-10-14 16:59 - 00000000 ____D C:\FRST
2016-10-14 16:58 - 2016-10-14 16:58 - 02406912 _____ (Farbar) C:\Users\moez\Desktop\FRST64.exe
2016-10-14 16:57 - 2016-10-14 16:58 - 02406912 _____ (Farbar) C:\Users\moez\Downloads\FRST64.exe
2016-10-14 06:58 - 2016-10-14 06:59 - 00001552 _____ C:\Users\moez\Desktop\ZHPCleaner.txt
2016-10-14 06:50 - 2016-10-14 06:52 - 00004053 _____ C:\Users\moez\Desktop\ZHPCleaner2.txt
2016-10-14 06:44 - 2016-10-14 06:44 - 00000828 _____ C:\Users\moez\Desktop\ZHPCleaner.lnk
2016-10-14 06:42 - 2016-10-14 06:43 - 02454016 _____ C:\Users\moez\Desktop\ZHPCleaner.exe
2016-10-13 05:45 - 2016-10-13 05:47 - 00001456 _____ C:\Users\moez\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 02:12 - 2016-10-13 02:12 - 00001676 _____ C:\Users\moez\Desktop\AdwCleaner[C0].txt
2016-10-13 02:09 - 2016-10-13 02:07 - 00001668 _____ C:\Users\moez\Desktop\AdwCleaner[S0].txt
2016-10-13 02:05 - 2016-10-13 02:10 - 00000000 ____D C:\AdwCleaner
2016-10-13 02:03 - 2016-10-13 02:04 - 00002544 _____ C:\Users\moez\Desktop\Rkill.txt
2016-10-13 02:02 - 2016-10-13 01:59 - 03874368 _____ C:\Users\moez\Desktop\adwcleaner_6.021.exe
2016-10-12 23:24 - 2016-10-14 06:40 - 00139511 _____ C:\Users\moez\Desktop\ZHPDiag.txt
2016-10-12 23:19 - 2016-10-14 06:59 - 00000000 ____D C:\Users\moez\AppData\Roaming\ZHP
2016-10-12 23:19 - 2016-10-14 06:38 - 00000818 _____ C:\Users\moez\Desktop\ZHPDiag.lnk
2016-10-12 23:17 - 2016-10-12 23:17 - 02404864 _____ C:\Users\moez\Desktop\ZHPDiag3.exe
2016-10-12 23:15 - 2016-10-12 23:17 - 02404864 _____ C:\Users\moez\Downloads\ZHPDiag3.exe
2016-10-11 20:41 - 2016-10-11 20:41 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder (2).DiagCab
2016-10-11 20:38 - 2016-10-11 20:39 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder.DiagCab
2016-10-11 20:38 - 2016-10-11 20:39 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder (1).DiagCab
2016-10-11 20:08 - 2016-10-11 20:08 - 00000000 ____D C:\Users\moez\Desktop\New folder (10)
2016-10-11 18:14 - 2016-10-11 18:14 - 00000000 ____D C:\Users\moez\AppData\LocalLow\Playdead
2016-10-11 18:13 - 2016-10-11 18:13 - 00000000 ____D C:\Users\moez\Documents\CPY_SAVES
2016-10-11 18:11 - 2016-10-11 18:11 - 00000672 _____ C:\Users\Public\Desktop\Inside.lnk
2016-10-11 18:11 - 2016-10-11 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inside
2016-10-11 13:53 - 2016-10-11 13:53 - 00001080 _____ C:\Users\moez\Desktop\IP Video System Design Tool 8 VIVOTEK.lnk
2016-10-11 13:53 - 2016-10-11 13:53 - 00000000 ____D C:\Users\moez\AppData\Roaming\JVSG
2016-10-11 13:53 - 2016-10-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Video System Design Tool 8 VIVOTEK
2016-10-11 13:39 - 2016-10-11 04:03 - 261150051 ____R C:\Users\moez\Desktop\TechSmith Camtasia Studio 8.6.0 Build 2079 + Key [SadeemPC].zip
2016-10-10 15:22 - 2016-10-10 15:22 - 00000000 ____D C:\Program Files\HP
2016-10-10 15:22 - 2010-10-14 04:12 - 00350720 _____ C:\Windows\system32\mvhlewsi.dll
2016-10-10 14:57 - 2016-10-11 00:59 - 00000000 ____D C:\Users\moez\Desktop\New folder (9)
2016-10-10 13:43 - 2016-10-10 13:43 - 00003198 _____ C:\Windows\System32\Tasks\{F3A134A3-0A8D-46B6-86D6-9AE150D30785}
2016-10-10 13:26 - 2016-10-10 13:26 - 00000000 ___HD C:\CanoScan
2016-10-10 13:08 - 2016-10-10 13:09 - 01165151 _____ C:\Users\moez\Desktop\Untitled-1.ai
2016-10-10 01:55 - 2016-10-10 01:56 - 00000000 ____D C:\Users\moez\Desktop\New folder (8)
2016-10-09 12:48 - 2016-10-09 12:48 - 00000000 ____D C:\Users\moez\AppData\Roaming\PrimoPDF
2016-10-09 12:09 - 2016-10-09 12:09 - 00000000 ____D C:\Users\moez\Desktop\New folder (7)
2016-10-09 09:58 - 2016-10-09 09:59 - 00000000 ____D C:\Users\moez\Desktop\New folder
2016-10-07 18:02 - 2016-10-07 18:02 - 00000000 ____D C:\Users\moez\Documents\MPC-HC Capture
2016-10-06 03:19 - 2016-10-06 03:19 - 00058749 _____ C:\Users\moez\Downloads\Fucking Machines - Sasha Grey-[rarbg.com].torrent
2016-10-06 03:18 - 2016-10-06 03:18 - 00156281 _____ C:\Users\moez\Downloads\The Best Of Sasha Grey - 2015 Digital Playground XXX DVDRip-[rarbg.com].torrent
2016-10-05 18:39 - 2016-10-05 18:43 - 00000000 ____D C:\Users\moez\Desktop\New folder (6)
2016-10-05 00:14 - 2016-10-05 00:14 - 00000000 __RHD C:\MSOCache
2016-10-04 22:07 - 2016-10-04 22:07 - 00000000 ____D C:\Users\moez\Documents\قوالب Office المخصصة
2016-10-04 21:25 - 2016-10-04 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-10-04 21:23 - 2016-10-04 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-10-04 21:22 - 2016-10-04 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-10-04 21:17 - 2016-10-04 21:17 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-04 21:17 - 2016-10-04 21:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-10-04 19:17 - 2016-10-04 19:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-10-04 19:15 - 2016-10-04 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-10-04 19:13 - 2016-10-04 19:13 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-10-04 19:12 - 2016-10-04 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-04 19:11 - 2016-10-04 19:11 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-04 19:10 - 2016-10-04 19:12 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-04 19:10 - 2016-10-04 19:10 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-28 23:21 - 2016-09-28 23:21 - 01034556 _____ C:\Users\moez\Downloads\Windows6.1-KB2999226-x64 (1).msu
2016-09-28 14:17 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-09-28 14:16 - 2016-09-28 14:16 - 01034556 _____ C:\Users\moez\Downloads\Windows6.1-KB2999226-x64.msu
2016-09-28 14:11 - 2016-09-28 14:11 - 00000000 ____D C:\ProgramData\Steam
2016-09-28 13:43 - 2016-09-28 16:10 - 00000000 ____D C:\Program Files\Reason
2016-09-28 13:24 - 2016-09-28 13:24 - 00000489 _____ C:\Users\moez\Age of Mythology.lnk
2016-09-28 13:24 - 2016-09-28 13:24 - 00000489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology.lnk
2016-09-27 23:58 - 2016-09-27 23:58 - 00000680 _____ C:\Users\moez\Desktop\Nmap - Zenmap GUI.lnk
2016-09-27 23:58 - 2016-09-27 23:58 - 00000000 ____D C:\Users\moez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2016-09-27 23:56 - 2016-09-27 23:56 - 00000000 ____D C:\Users\moez\AppData\Roaming\Subversion
2016-09-27 23:52 - 2016-09-27 23:52 - 00000218 _____ C:\Users\moez\AppData\Local\recently-used.xbel
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Enhance Video Colors.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Darken Video.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Brighten Video.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00000000 __SHD C:\Users\IntelGraphicsProfiles
2016-09-24 01:29 - 2016-09-30 13:57 - 00000000 ____D C:\Users\moez\.zenmap
2016-09-24 01:29 - 2016-09-27 23:57 - 00000000 ____D C:\Program Files\Npcap
2016-09-24 01:25 - 2016-09-24 01:25 - 00042800 _____ C:\Users\moez\Downloads\news17.html
2016-09-24 01:14 - 2016-09-24 01:14 - 00000449 _____ C:\Users\moez\Desktop\x.php
2016-09-20 21:43 - 2016-09-26 17:23 - 00000000 ____D C:\Users\moez\AppData\Roaming\dvdcss
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-14 16:53 - 2016-07-29 03:04 - 00000000 ____D C:\Users\moez\AppData\Local\CrashDumps
2016-10-14 16:51 - 2016-07-27 03:41 - 00000000 ____D C:\Users\moez\Documents\EGDownloads
2016-10-14 16:48 - 2016-07-27 13:09 - 00000842 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-14 16:37 - 2016-07-27 06:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-14 15:32 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-14 15:32 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-14 15:25 - 2016-07-27 13:08 - 00000838 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-14 15:25 - 2016-07-27 05:21 - 00000000 __SHD C:\Users\moez\IntelGraphicsProfiles
2016-10-14 15:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 03:52 - 2016-08-01 02:43 - 00000000 ____D C:\Users\moez\Downloads\SHAREit
2016-10-14 01:04 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-13 15:11 - 2016-08-04 02:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 15:10 - 2016-08-04 02:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-13 05:45 - 2016-07-27 14:24 - 00000000 ____D C:\Users\moez\AppData\Roaming\Adobe
2016-10-12 04:37 - 2016-07-29 04:07 - 00000000 ____D C:\Users\moez\AppData\Local\Microsoft Games
2016-10-11 20:42 - 2016-07-27 04:10 - 00000000 ____D C:\Users\moez\AppData\Local\ElevatedDiagnostics
2016-10-11 19:18 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-11 19:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-11 18:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-11 13:49 - 2016-07-28 01:27 - 00000000 ____D C:\Users\moez\AppData\Roaming\uTorrent
2016-10-10 14:21 - 2016-09-10 01:30 - 00000000 ____D C:\Users\moez\.VirtualBox
2016-10-10 14:18 - 2016-09-10 01:38 - 00000000 ____D C:\Users\moez\VirtualBox VMs
2016-10-10 13:51 - 2016-08-08 18:41 - 00007597 _____ C:\Users\moez\AppData\Local\resmon.resmoncfg
2016-10-10 12:41 - 2016-07-27 20:05 - 00000034 _____ C:\Users\moez\AppData\Roaming\AdobeWLCMCache.dat
2016-10-10 00:02 - 2016-07-31 05:39 - 00000000 ____D C:\Users\moez\AppData\Roaming\MPC-HC
2016-10-09 12:09 - 2016-07-27 18:42 - 00000512 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-10-09 11:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-09 09:15 - 2016-07-26 14:23 - 00000000 ____D C:\Users\moez
2016-10-05 21:39 - 2009-07-14 04:34 - 00000541 _____ C:\Windows\win.ini
2016-10-04 21:36 - 2016-07-26 23:09 - 00825352 _____ C:\Users\moez\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 21:34 - 2009-07-14 06:45 - 20950728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-04 21:23 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-04 21:20 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-04 21:16 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-10-04 19:10 - 2016-07-26 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-04 19:03 - 2016-08-03 17:04 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2016-10-01 14:17 - 2016-07-27 05:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-30 22:05 - 2016-07-27 13:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 22:05 - 2016-07-27 13:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-28 05:56 - 2016-07-28 01:29 - 00000000 ___SD C:\Users\moez\AppData\LocalLow\Temp
2016-09-26 17:23 - 2016-08-12 03:02 - 00000000 ____D C:\Users\moez\AppData\Roaming\vlc
2016-09-17 23:41 - 2016-07-27 03:41 - 00000712 _____ C:\Users\Public\Desktop\EagleGet.lnk
2016-09-17 23:41 - 2016-07-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2016-09-16 12:31 - 2016-08-16 12:22 - 00000392 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
==================== Files in the root of some directories =======
2016-07-27 20:12 - 2016-08-24 02:01 - 0000132 _____ () C:\Users\moez\AppData\Roaming\Adobe IllExport Filter CC Prefs
2016-07-27 20:05 - 2016-10-10 12:41 - 0000034 _____ () C:\Users\moez\AppData\Roaming\AdobeWLCMCache.dat
2016-07-27 20:16 - 2016-07-27 20:16 - 0000694 _____ () C:\Users\moez\AppData\Roaming\Contact Sheet II.xml
2016-07-27 20:16 - 2016-07-27 20:16 - 0004393 _____ () C:\Users\moez\AppData\Roaming\ContactSheetII.log
2016-07-28 19:08 - 2016-07-29 06:57 - 302675591 _____ () C:\Users\moez\AppData\Local\ACCCx3_7_5_291.zip.aamdownload
2016-07-28 19:08 - 2016-07-29 06:57 - 0003392 _____ () C:\Users\moez\AppData\Local\ACCCx3_7_5_291.zip.aamdownload.aamd
2016-10-13 05:45 - 2016-10-13 05:47 - 0001456 _____ () C:\Users\moez\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-27 23:52 - 2016-09-27 23:52 - 0000218 _____ () C:\Users\moez\AppData\Local\recently-used.xbel
2016-08-08 18:41 - 2016-10-10 13:51 - 0007597 _____ () C:\Users\moez\AppData\Local\resmon.resmoncfg
2016-09-24 01:29 - 2016-09-28 00:09 - 0000297 _____ () C:\Users\moez\AppData\Local\zenmap.exe.log
2016-08-16 10:17 - 2016-08-16 10:17 - 0000000 _____ () C:\Users\moez\AppData\Local\{949575ED-BC6C-489E-8096-CA9580EF65A7}
2016-08-22 02:21 - 2016-08-22 02:21 - 0005082 _____ () C:\ProgramData\axcoxrwd.giw
Some files in TEMP:
====================
C:\Users\moez\AppData\Local\Temp\libeay32.dll
C:\Users\moez\AppData\Local\Temp\msvcr120.dll
C:\Users\moez\AppData\Local\Temp\siinst.exe
C:\Users\moez\AppData\Local\Temp\sqlite3.dll
C:\Users\moez\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-05 04:32
==================== End of FRST.txt ============================
Ran by moez (administrator) on MOEZ-PC (14-10-2016 16:59:12)
Running from C:\Users\moez\Desktop
Loaded Profiles: moez (Available Profiles: moez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
() E:\Program Files (x86)\EagleGet\EGMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(EagleGet.com) E:\Program Files (x86)\EagleGet\EagleGet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKU\S-1-5-21-318700280-1262799068-3410121159-1000\...\Run: [EagleGet] => E:\Program Files (x86)\EagleGet\EagleGet.exe [1945776 2016-09-13] (EagleGet.com)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177952 2016-07-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-07-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{49C2C95E-1790-4D78-8806-D3DBD630AF07}: [DhcpNameServer] 192.168.10.10 192.168.10.1
Tcpip\..\Interfaces\{8533FD6F-1DCD-47F7-8B2A-B3F3F3C6FC61}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-318700280-1262799068-3410121159-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mhotspot.com/search.html
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files (x86)\office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\jav\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files (x86)\office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files (x86)\office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\jav\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> E:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-09-13] (EagleGet.com)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files (x86)\Microsoft Office2\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-07-27] (AO Kaspersky Lab)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office2\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files (x86)\office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 3y9rp38n.default
FF ProfilePath: C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default [2016-10-13]
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks_port", 9150
FF NetworkProxy: Mozilla\Firefox\Profiles\3y9rp38n.default -> socks_remote_dns", true
FF Extension: (anonymoX) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\client@anonymox.net.xpi [2016-07-29]
FF Extension: (User-Agent Switcher) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\jid1-kyxEAcWua7BEKq@jetpack.xpi [2016-09-22]
FF Extension: (&Yandex Elements&) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\yasearch@yandex.ru [2016-07-26] [not signed]
FF Extension: (Video AdBlock) - C:\Users\moez\AppData\Roaming\Mozilla\Firefox\Profiles\3y9rp38n.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-07-31]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-07-27]
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> E:\Program Files (x86)\jav\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> E:\Program Files (x86)\jav\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-318700280-1262799068-3410121159-1000: eagleget.com/EagleGet32 -> E:\Program Files (x86)\EagleGet\npEagleget.dll [2016-09-13] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\firefox\firefox.exe
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default [2016-10-14]
CHR Extension: (عروض Google التقديمية) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-27]
CHR Extension: (محرّر مستندات Google) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-27]
CHR Extension: (Google Drive) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (Youtube) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Kaspersky Protection) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-07-27]
CHR Extension: (جداول بيانات Google ) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-27]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-02]
CHR Extension: (EagleGet Free Downloader) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27]
CHR Extension: (Gmail) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\moez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-318700280-1262799068-3410121159-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - E:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2016-07-27]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - E:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2016-07-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-08-31] (Kaspersky Lab ZAO)
R2 egGetSvc; E:\Program Files (x86)\EagleGet\EGMonitor.exe [247984 2016-09-13] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; E:\Program Files (x86)\Microsoft Office2\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3993184 2016-04-11] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-10-07] (Realtek Semiconductor)
S3 ShareItSvc; E:\Program Files (x86)\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-02] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77624 2016-09-13] (eagleGet) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-07-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-07-27] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-07-27] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-07-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-07-27] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-07-27] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [629064 2016-03-10] (Realtek Semiconductor Corporation)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-01-06] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3709656 2015-01-06] (Realtek Semiconductor Corporation )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-02] (Synaptics Incorporated)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-04-28] (Oracle Corporation)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-14 16:59 - 2016-10-14 16:59 - 00023023 _____ C:\Users\moez\Desktop\FRST.txt
2016-10-14 16:59 - 2016-10-14 16:59 - 00000000 ____D C:\FRST
2016-10-14 16:58 - 2016-10-14 16:58 - 02406912 _____ (Farbar) C:\Users\moez\Desktop\FRST64.exe
2016-10-14 16:57 - 2016-10-14 16:58 - 02406912 _____ (Farbar) C:\Users\moez\Downloads\FRST64.exe
2016-10-14 06:58 - 2016-10-14 06:59 - 00001552 _____ C:\Users\moez\Desktop\ZHPCleaner.txt
2016-10-14 06:50 - 2016-10-14 06:52 - 00004053 _____ C:\Users\moez\Desktop\ZHPCleaner2.txt
2016-10-14 06:44 - 2016-10-14 06:44 - 00000828 _____ C:\Users\moez\Desktop\ZHPCleaner.lnk
2016-10-14 06:42 - 2016-10-14 06:43 - 02454016 _____ C:\Users\moez\Desktop\ZHPCleaner.exe
2016-10-13 05:45 - 2016-10-13 05:47 - 00001456 _____ C:\Users\moez\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 02:12 - 2016-10-13 02:12 - 00001676 _____ C:\Users\moez\Desktop\AdwCleaner[C0].txt
2016-10-13 02:09 - 2016-10-13 02:07 - 00001668 _____ C:\Users\moez\Desktop\AdwCleaner[S0].txt
2016-10-13 02:05 - 2016-10-13 02:10 - 00000000 ____D C:\AdwCleaner
2016-10-13 02:03 - 2016-10-13 02:04 - 00002544 _____ C:\Users\moez\Desktop\Rkill.txt
2016-10-13 02:02 - 2016-10-13 01:59 - 03874368 _____ C:\Users\moez\Desktop\adwcleaner_6.021.exe
2016-10-12 23:24 - 2016-10-14 06:40 - 00139511 _____ C:\Users\moez\Desktop\ZHPDiag.txt
2016-10-12 23:19 - 2016-10-14 06:59 - 00000000 ____D C:\Users\moez\AppData\Roaming\ZHP
2016-10-12 23:19 - 2016-10-14 06:38 - 00000818 _____ C:\Users\moez\Desktop\ZHPDiag.lnk
2016-10-12 23:17 - 2016-10-12 23:17 - 02404864 _____ C:\Users\moez\Desktop\ZHPDiag3.exe
2016-10-12 23:15 - 2016-10-12 23:17 - 02404864 _____ C:\Users\moez\Downloads\ZHPDiag3.exe
2016-10-11 20:41 - 2016-10-11 20:41 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder (2).DiagCab
2016-10-11 20:38 - 2016-10-11 20:39 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder.DiagCab
2016-10-11 20:38 - 2016-10-11 20:39 - 00214298 _____ C:\Users\moez\Downloads\winfilefolder (1).DiagCab
2016-10-11 20:08 - 2016-10-11 20:08 - 00000000 ____D C:\Users\moez\Desktop\New folder (10)
2016-10-11 18:14 - 2016-10-11 18:14 - 00000000 ____D C:\Users\moez\AppData\LocalLow\Playdead
2016-10-11 18:13 - 2016-10-11 18:13 - 00000000 ____D C:\Users\moez\Documents\CPY_SAVES
2016-10-11 18:11 - 2016-10-11 18:11 - 00000672 _____ C:\Users\Public\Desktop\Inside.lnk
2016-10-11 18:11 - 2016-10-11 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inside
2016-10-11 13:53 - 2016-10-11 13:53 - 00001080 _____ C:\Users\moez\Desktop\IP Video System Design Tool 8 VIVOTEK.lnk
2016-10-11 13:53 - 2016-10-11 13:53 - 00000000 ____D C:\Users\moez\AppData\Roaming\JVSG
2016-10-11 13:53 - 2016-10-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Video System Design Tool 8 VIVOTEK
2016-10-11 13:39 - 2016-10-11 04:03 - 261150051 ____R C:\Users\moez\Desktop\TechSmith Camtasia Studio 8.6.0 Build 2079 + Key [SadeemPC].zip
2016-10-10 15:22 - 2016-10-10 15:22 - 00000000 ____D C:\Program Files\HP
2016-10-10 15:22 - 2010-10-14 04:12 - 00350720 _____ C:\Windows\system32\mvhlewsi.dll
2016-10-10 14:57 - 2016-10-11 00:59 - 00000000 ____D C:\Users\moez\Desktop\New folder (9)
2016-10-10 13:43 - 2016-10-10 13:43 - 00003198 _____ C:\Windows\System32\Tasks\{F3A134A3-0A8D-46B6-86D6-9AE150D30785}
2016-10-10 13:26 - 2016-10-10 13:26 - 00000000 ___HD C:\CanoScan
2016-10-10 13:08 - 2016-10-10 13:09 - 01165151 _____ C:\Users\moez\Desktop\Untitled-1.ai
2016-10-10 01:55 - 2016-10-10 01:56 - 00000000 ____D C:\Users\moez\Desktop\New folder (8)
2016-10-09 12:48 - 2016-10-09 12:48 - 00000000 ____D C:\Users\moez\AppData\Roaming\PrimoPDF
2016-10-09 12:09 - 2016-10-09 12:09 - 00000000 ____D C:\Users\moez\Desktop\New folder (7)
2016-10-09 09:58 - 2016-10-09 09:59 - 00000000 ____D C:\Users\moez\Desktop\New folder
2016-10-07 18:02 - 2016-10-07 18:02 - 00000000 ____D C:\Users\moez\Documents\MPC-HC Capture
2016-10-06 03:19 - 2016-10-06 03:19 - 00058749 _____ C:\Users\moez\Downloads\Fucking Machines - Sasha Grey-[rarbg.com].torrent
2016-10-06 03:18 - 2016-10-06 03:18 - 00156281 _____ C:\Users\moez\Downloads\The Best Of Sasha Grey - 2015 Digital Playground XXX DVDRip-[rarbg.com].torrent
2016-10-05 18:39 - 2016-10-05 18:43 - 00000000 ____D C:\Users\moez\Desktop\New folder (6)
2016-10-05 00:14 - 2016-10-05 00:14 - 00000000 __RHD C:\MSOCache
2016-10-04 22:07 - 2016-10-04 22:07 - 00000000 ____D C:\Users\moez\Documents\قوالب Office المخصصة
2016-10-04 21:25 - 2016-10-04 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-10-04 21:23 - 2016-10-04 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-10-04 21:22 - 2016-10-04 21:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-10-04 21:17 - 2016-10-04 21:17 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-04 21:17 - 2016-10-04 21:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-10-04 19:17 - 2016-10-04 19:17 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-10-04 19:15 - 2016-10-04 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-10-04 19:13 - 2016-10-04 19:13 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-10-04 19:12 - 2016-10-04 19:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-10-04 19:11 - 2016-10-04 19:11 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-04 19:10 - 2016-10-04 19:12 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-04 19:10 - 2016-10-04 19:10 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-28 23:21 - 2016-09-28 23:21 - 01034556 _____ C:\Users\moez\Downloads\Windows6.1-KB2999226-x64 (1).msu
2016-09-28 14:17 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-09-28 14:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-09-28 14:16 - 2016-09-28 14:16 - 01034556 _____ C:\Users\moez\Downloads\Windows6.1-KB2999226-x64.msu
2016-09-28 14:11 - 2016-09-28 14:11 - 00000000 ____D C:\ProgramData\Steam
2016-09-28 13:43 - 2016-09-28 16:10 - 00000000 ____D C:\Program Files\Reason
2016-09-28 13:24 - 2016-09-28 13:24 - 00000489 _____ C:\Users\moez\Age of Mythology.lnk
2016-09-28 13:24 - 2016-09-28 13:24 - 00000489 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology.lnk
2016-09-27 23:58 - 2016-09-27 23:58 - 00000680 _____ C:\Users\moez\Desktop\Nmap - Zenmap GUI.lnk
2016-09-27 23:58 - 2016-09-27 23:58 - 00000000 ____D C:\Users\moez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2016-09-27 23:56 - 2016-09-27 23:56 - 00000000 ____D C:\Users\moez\AppData\Roaming\Subversion
2016-09-27 23:52 - 2016-09-27 23:52 - 00000218 _____ C:\Users\moez\AppData\Local\recently-used.xbel
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Enhance Video Colors.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Darken Video.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00008148 ___SH C:\Users\IntelGraphicsProfiles\Brighten Video.man.igpi
2016-09-26 21:38 - 2016-09-26 21:38 - 00000000 __SHD C:\Users\IntelGraphicsProfiles
2016-09-24 01:29 - 2016-09-30 13:57 - 00000000 ____D C:\Users\moez\.zenmap
2016-09-24 01:29 - 2016-09-27 23:57 - 00000000 ____D C:\Program Files\Npcap
2016-09-24 01:25 - 2016-09-24 01:25 - 00042800 _____ C:\Users\moez\Downloads\news17.html
2016-09-24 01:14 - 2016-09-24 01:14 - 00000449 _____ C:\Users\moez\Desktop\x.php
2016-09-20 21:43 - 2016-09-26 17:23 - 00000000 ____D C:\Users\moez\AppData\Roaming\dvdcss
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-14 16:53 - 2016-07-29 03:04 - 00000000 ____D C:\Users\moez\AppData\Local\CrashDumps
2016-10-14 16:51 - 2016-07-27 03:41 - 00000000 ____D C:\Users\moez\Documents\EGDownloads
2016-10-14 16:48 - 2016-07-27 13:09 - 00000842 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-14 16:37 - 2016-07-27 06:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-14 15:32 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-14 15:32 - 2009-07-14 06:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-14 15:25 - 2016-07-27 13:08 - 00000838 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-14 15:25 - 2016-07-27 05:21 - 00000000 __SHD C:\Users\moez\IntelGraphicsProfiles
2016-10-14 15:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-14 03:52 - 2016-08-01 02:43 - 00000000 ____D C:\Users\moez\Downloads\SHAREit
2016-10-14 01:04 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-10-13 15:11 - 2016-08-04 02:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 15:10 - 2016-08-04 02:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-13 05:45 - 2016-07-27 14:24 - 00000000 ____D C:\Users\moez\AppData\Roaming\Adobe
2016-10-12 04:37 - 2016-07-29 04:07 - 00000000 ____D C:\Users\moez\AppData\Local\Microsoft Games
2016-10-11 20:42 - 2016-07-27 04:10 - 00000000 ____D C:\Users\moez\AppData\Local\ElevatedDiagnostics
2016-10-11 19:18 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-11 19:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-10-11 18:32 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-11 13:49 - 2016-07-28 01:27 - 00000000 ____D C:\Users\moez\AppData\Roaming\uTorrent
2016-10-10 14:21 - 2016-09-10 01:30 - 00000000 ____D C:\Users\moez\.VirtualBox
2016-10-10 14:18 - 2016-09-10 01:38 - 00000000 ____D C:\Users\moez\VirtualBox VMs
2016-10-10 13:51 - 2016-08-08 18:41 - 00007597 _____ C:\Users\moez\AppData\Local\resmon.resmoncfg
2016-10-10 12:41 - 2016-07-27 20:05 - 00000034 _____ C:\Users\moez\AppData\Roaming\AdobeWLCMCache.dat
2016-10-10 00:02 - 2016-07-31 05:39 - 00000000 ____D C:\Users\moez\AppData\Roaming\MPC-HC
2016-10-09 12:09 - 2016-07-27 18:42 - 00000512 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-10-09 11:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-09 09:15 - 2016-07-26 14:23 - 00000000 ____D C:\Users\moez
2016-10-05 21:39 - 2009-07-14 04:34 - 00000541 _____ C:\Windows\win.ini
2016-10-04 21:36 - 2016-07-26 23:09 - 00825352 _____ C:\Users\moez\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-04 21:34 - 2009-07-14 06:45 - 20950728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-04 21:23 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-04 21:20 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-04 21:16 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-10-04 19:10 - 2016-07-26 21:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-04 19:03 - 2016-08-03 17:04 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2016-10-01 14:17 - 2016-07-27 05:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-30 22:05 - 2016-07-27 13:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-30 22:05 - 2016-07-27 13:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-28 05:56 - 2016-07-28 01:29 - 00000000 ___SD C:\Users\moez\AppData\LocalLow\Temp
2016-09-26 17:23 - 2016-08-12 03:02 - 00000000 ____D C:\Users\moez\AppData\Roaming\vlc
2016-09-17 23:41 - 2016-07-27 03:41 - 00000712 _____ C:\Users\Public\Desktop\EagleGet.lnk
2016-09-17 23:41 - 2016-07-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2016-09-16 12:31 - 2016-08-16 12:22 - 00000392 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
==================== Files in the root of some directories =======
2016-07-27 20:12 - 2016-08-24 02:01 - 0000132 _____ () C:\Users\moez\AppData\Roaming\Adobe IllExport Filter CC Prefs
2016-07-27 20:05 - 2016-10-10 12:41 - 0000034 _____ () C:\Users\moez\AppData\Roaming\AdobeWLCMCache.dat
2016-07-27 20:16 - 2016-07-27 20:16 - 0000694 _____ () C:\Users\moez\AppData\Roaming\Contact Sheet II.xml
2016-07-27 20:16 - 2016-07-27 20:16 - 0004393 _____ () C:\Users\moez\AppData\Roaming\ContactSheetII.log
2016-07-28 19:08 - 2016-07-29 06:57 - 302675591 _____ () C:\Users\moez\AppData\Local\ACCCx3_7_5_291.zip.aamdownload
2016-07-28 19:08 - 2016-07-29 06:57 - 0003392 _____ () C:\Users\moez\AppData\Local\ACCCx3_7_5_291.zip.aamdownload.aamd
2016-10-13 05:45 - 2016-10-13 05:47 - 0001456 _____ () C:\Users\moez\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-27 23:52 - 2016-09-27 23:52 - 0000218 _____ () C:\Users\moez\AppData\Local\recently-used.xbel
2016-08-08 18:41 - 2016-10-10 13:51 - 0007597 _____ () C:\Users\moez\AppData\Local\resmon.resmoncfg
2016-09-24 01:29 - 2016-09-28 00:09 - 0000297 _____ () C:\Users\moez\AppData\Local\zenmap.exe.log
2016-08-16 10:17 - 2016-08-16 10:17 - 0000000 _____ () C:\Users\moez\AppData\Local\{949575ED-BC6C-489E-8096-CA9580EF65A7}
2016-08-22 02:21 - 2016-08-22 02:21 - 0005082 _____ () C:\ProgramData\axcoxrwd.giw
Some files in TEMP:
====================
C:\Users\moez\AppData\Local\Temp\libeay32.dll
C:\Users\moez\AppData\Local\Temp\msvcr120.dll
C:\Users\moez\AppData\Local\Temp\siinst.exe
C:\Users\moez\AppData\Local\Temp\sqlite3.dll
C:\Users\moez\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-05 04:32
==================== End of FRST.txt ============================