Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by User (administrator) on YASMINEEISSA (20-04-2017 18:55:33)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7638232 2014-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2011-10-24] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}] => "C:\Users\User\Downloads\LeagueofLegends_EUNE_Installer_2016_11_10.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}"
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1982152 2017-03-19] (BitTorrent Inc.)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [YdjlPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Ahgnworks\lfdrestk.dll <===== ATTENTION
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: H - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {103698e4-f684-11e6-9a36-38b1db014f18} - J:\LaunchU3.exe -a
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {6a295423-dca7-11e4-950e-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {73a69a7c-dc9d-11e4-b6b1-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {80353946-fe4e-11e5-8525-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8EABEE9E-E59C-41DC-981E-060F01CD4241}: [DhcpNameServer] 31.3.244.140 31.3.244.135
Tcpip\..\Interfaces\{C35CEF1B-ACDE-4149-AE7F-25CD9378F774}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CBA2B8CA-D7D4-4916-8BC5-0DF41581E01B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{E7A2171E-50EE-4274-86D8-38F4DDABDA00}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default [2017-04-20]
FF Extension: (Avira Browser Safety) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\Extensions\abs@avira.com.xpi [2017-04-05]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-08-11] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.linkzb.com"
CHR NewTab: Default -> Active:"chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-16]
CHR Extension: (Facebook Smilies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkldoljdjdpmoladccmlamcelippnil [2015-09-01]
CHR Extension: (Web Navigation) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2015-02-15] [UpdateUrl: hxxp://www.linkszb.com/addon/chrome/update.xml] <==== ATTENTION
CHR Extension: (iLivid) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-12-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-10-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [814264 2011-10-24] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-13] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [800536 2013-11-25] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-03-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-03-25] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171152 2011-10-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2011-10-24] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2011-10-24] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3450584 2014-05-22] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 18:55 - 2017-04-20 18:58 - 00019377 _____ C:\Users\User\Downloads\FRST.txt
2017-04-20 18:54 - 2017-04-20 18:55 - 00000000 ____D C:\FRST
2017-04-20 18:54 - 2017-04-20 18:54 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-04-19 13:27 - 2017-04-19 13:55 - 00038741 _____ C:\Users\User\Desktop\moh.elmougy expence.xlsx
2017-04-18 23:18 - 2017-04-18 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-17 21:09 - 2017-04-20 00:23 - 00000000 ____D C:\Users\User\AppData\Local\Ahgnworks
2017-04-17 01:03 - 2017-04-17 01:03 - 00129456 _____ C:\Users\User\Desktop\My_CV.pdf
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\User\Documents\Paradox Interactive
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-04-16 21:07 - 2017-04-17 21:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Crusader.Kings.II.v2.7.Incl.Monks.and.Mystics.DLC
2017-04-16 01:52 - 2017-04-16 01:52 - 00000000 ____D C:\Users\User\Documents\Darkest
2017-04-14 22:59 - 2017-04-14 22:59 - 01814595 _____ C:\Users\User\Desktop\PM list total egypt.xlsx
2017-04-14 22:41 - 2017-04-14 22:41 - 00785267 _____ C:\Users\User\Desktop\Mogy List.xlsx
2017-04-14 20:52 - 2017-04-19 00:49 - 00000000 ____D C:\Users\User\AppData\Local\DungeonSouls
2017-04-14 19:16 - 2017-04-14 19:16 - 01809419 _____ C:\Users\User\Desktop\M.Elmougy Mater list.xlsx
2017-04-14 10:56 - 2017-04-14 11:16 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband Savegames
2017-04-14 10:53 - 2017-04-14 11:02 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband
2017-04-14 10:53 - 2017-04-14 10:53 - 00000000 ____D C:\ProgramData\SkidRow
2017-04-14 10:48 - 2017-04-14 10:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Mount&Blade Warband
2017-04-14 10:47 - 2017-04-14 10:47 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2017-04-13 09:38 - 2017-04-13 09:38 - 00017753 _____ C:\Users\User\Desktop\Copy of مؤتمر الازهر.xlsx
2017-04-13 02:06 - 2017-04-14 01:30 - 00000000 ____D C:\World of Warcraft
2017-04-09 11:29 - 2017-04-09 11:29 - 00011268 _____ C:\Users\User\Desktop\Copy of Cairo.xlsx
2017-04-08 17:12 - 2017-04-08 17:20 - 93413688 _____ C:\Users\User\Downloads\simtentacles.7z
2017-04-07 10:28 - 2017-04-07 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-04-05 12:22 - 2017-04-05 12:22 - 01767772 _____ C:\Users\User\Desktop\Diabetes.pptx intro..pptx
2017-04-01 17:22 - 2017-04-02 16:17 - 00000000 ____D C:\Users\User\Documents\StarCraft II
2017-04-01 13:41 - 2017-04-06 20:05 - 00000000 ____D C:\Users\User\AppData\Local\Warframe
2017-03-29 20:47 - 2017-03-29 20:47 - 00002274 _____ C:\Users\User\Downloads\SexLabRomance_IgnoreGender.7z
2017-03-29 16:31 - 2017-04-20 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-26 23:08 - 2017-03-26 23:08 - 00000000 ____D C:\Users\User\AppData\Local\LOOT
2017-03-26 22:59 - 2017-03-26 22:59 - 00000000 ____D C:\Users\User\AppData\Local\Nexus
2017-03-26 22:45 - 2017-04-20 02:41 - 00000000 ____D C:\Users\User\Desktop\games
2017-03-26 22:44 - 2017-03-26 22:44 - 00362812 _____ C:\Users\User\Downloads\skse_1_07_03_installer.exe
2017-03-26 22:35 - 2017-03-26 22:35 - 00000000 ____D C:\Users\User\AppData\Local\Skyrim
2017-03-26 22:34 - 2017-03-26 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2017-03-25 15:49 - 2017-03-25 15:49 - 00000000 ____D C:\Users\User\AppData\Local\Disc_Soft_Ltd
2017-03-25 13:40 - 2017-03-25 13:40 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-03-25 04:33 - 2017-03-25 04:33 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-03-25 04:30 - 2017-03-26 22:22 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2017-03-25 04:30 - 2017-03-25 04:30 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-03-25 04:30 - 2017-03-25 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:33 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-03-25 04:06 - 2017-03-25 04:08 - 00694744 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller.exe
2017-03-24 20:48 - 2017-03-24 20:48 - 01124791 _____ C:\Users\User\Downloads\cp_orange_x3.rar
2017-03-22 19:11 - 2017-03-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 18:49 - 2017-02-02 15:26 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000.job
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-18 23:22 - 2017-03-09 20:52 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2017-04-18 23:19 - 2017-02-18 15:02 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000
2017-04-18 23:19 - 2017-02-18 15:02 - 00000424 _____ C:\Users\User\AppData\Local\UserProducts.xml
2017-04-18 23:16 - 2013-03-22 10:00 - 00000817 _____ C:\Windows\SysWOW64\bscs.ini
2017-04-18 23:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-17 23:50 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-04-17 20:51 - 2017-02-18 15:02 - 00003282 _____ C:\Windows\System32\Tasks\update-sys
2017-04-16 01:21 - 2017-03-18 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-04-16 01:21 - 2017-03-18 09:01 - 00000000 ____D C:\GOG Games
2017-04-16 01:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-16 01:19 - 2015-04-15 00:33 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-04-16 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-15 21:49 - 2009-07-14 07:13 - 00786474 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 21:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-14 10:11 - 2015-06-30 02:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 11:33 - 2016-11-23 11:20 - 00003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 11:33 - 2016-11-23 11:20 - 00003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 19:59 - 2017-03-05 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-04-09 19:09 - 2015-05-06 07:17 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-04-09 11:43 - 2017-02-23 12:22 - 00019314 _____ C:\Users\User\Desktop\Q1 target.xlsx
2017-04-05 23:52 - 2016-11-23 11:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 23:52 - 2016-11-23 11:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 16:17 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Blizzard Entertainment
2017-04-02 16:16 - 2017-03-11 21:58 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-01 23:20 - 2014-12-19 22:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 23:17 - 2014-12-19 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-26 22:34 - 2017-03-18 08:48 - 00000000 ____D C:\Users\User\Documents\My Games
2017-03-24 15:49 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-22 19:11 - 2014-12-19 22:49 - 00000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories =======
2011-10-26 19:14 - 2011-10-26 19:14 - 0001042 _____ () C:\Users\User\AppData\Roaming\coreavc.ini
2017-02-18 15:02 - 2017-02-18 15:02 - 0000003 _____ () C:\Users\User\AppData\Local\updater.log
2017-02-18 15:02 - 2017-04-18 23:19 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
2014-12-19 22:35 - 2014-12-19 22:49 - 0000000 ____D () C:\Users\User\AppData\Local\Temp\avgnt.exe
2017-04-17 08:46 - 2017-04-17 08:46 - 0065536 _____ () C:\Users\User\AppData\Local\Temp\truck.dll
2017-03-09 17:04 - 2017-02-18 16:54 - 0106866 _____ () C:\Users\User\AppData\Local\Temp\Uninstall.exe
2017-04-17 21:08 - 2017-04-17 21:08 - 0000000 _____ () C:\Users\User\AppData\Local\Temp\yutmntti.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-14 02:54
==================== End of FRST.txt ============================
Ran by User (administrator) on YASMINEEISSA (20-04-2017 18:55:33)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7638232 2014-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2011-10-24] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [76288 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [VmbNotifier] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe [1861632 2013-03-25] (Vodafone)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}] => "C:\Users\User\Downloads\LeagueofLegends_EUNE_Installer_2016_11_10.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{8CE67B9E-3AC8-4ED2-A8EE-28E6FE3D0B51}"
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1982152 2017-03-19] (BitTorrent Inc.)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\Run: [YdjlPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Ahgnworks\lfdrestk.dll <===== ATTENTION
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: H - H:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {103698e4-f684-11e6-9a36-38b1db014f18} - J:\LaunchU3.exe -a
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {6a295423-dca7-11e4-950e-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {73a69a7c-dc9d-11e4-b6b1-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4281429499-1691222031-488837525-1000\...\MountPoints2: {80353946-fe4e-11e5-8525-38b1db014f18} - D:\setup_vmc_lite.exe /checkApplicationPresence
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8EABEE9E-E59C-41DC-981E-060F01CD4241}: [DhcpNameServer] 31.3.244.140 31.3.244.135
Tcpip\..\Interfaces\{C35CEF1B-ACDE-4149-AE7F-25CD9378F774}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CBA2B8CA-D7D4-4916-8BC5-0DF41581E01B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{E7A2171E-50EE-4274-86D8-38F4DDABDA00}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-17] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default [2017-04-20]
FF Extension: (Avira Browser Safety) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\Extensions\abs@avira.com.xpi [2017-04-05]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m4r8vass.default\features\{487674e3-342e-48b9-8fbf-744d67d3d592}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-08-11] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.linkzb.com"
CHR NewTab: Default -> Active:"chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-16]
CHR Extension: (Facebook Smilies) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkldoljdjdpmoladccmlamcelippnil [2015-09-01]
CHR Extension: (Web Navigation) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja [2015-02-15] [UpdateUrl: hxxp://www.linkszb.com/addon/chrome/update.xml] <==== ATTENTION
CHR Extension: (iLivid) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [2014-12-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-10-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [814264 2011-10-24] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-13] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [800536 2013-11-25] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-03-25] (Vodafone) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-03-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-03-25] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171152 2011-10-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2011-10-24] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2011-10-24] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3450584 2014-05-22] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 18:55 - 2017-04-20 18:58 - 00019377 _____ C:\Users\User\Downloads\FRST.txt
2017-04-20 18:54 - 2017-04-20 18:55 - 00000000 ____D C:\FRST
2017-04-20 18:54 - 2017-04-20 18:54 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-04-19 13:27 - 2017-04-19 13:55 - 00038741 _____ C:\Users\User\Desktop\moh.elmougy expence.xlsx
2017-04-18 23:18 - 2017-04-18 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-17 21:09 - 2017-04-20 00:23 - 00000000 ____D C:\Users\User\AppData\Local\Ahgnworks
2017-04-17 01:03 - 2017-04-17 01:03 - 00129456 _____ C:\Users\User\Desktop\My_CV.pdf
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\User\Documents\Paradox Interactive
2017-04-16 21:35 - 2017-04-16 21:35 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-04-16 21:07 - 2017-04-17 21:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Crusader.Kings.II.v2.7.Incl.Monks.and.Mystics.DLC
2017-04-16 01:52 - 2017-04-16 01:52 - 00000000 ____D C:\Users\User\Documents\Darkest
2017-04-14 22:59 - 2017-04-14 22:59 - 01814595 _____ C:\Users\User\Desktop\PM list total egypt.xlsx
2017-04-14 22:41 - 2017-04-14 22:41 - 00785267 _____ C:\Users\User\Desktop\Mogy List.xlsx
2017-04-14 20:52 - 2017-04-19 00:49 - 00000000 ____D C:\Users\User\AppData\Local\DungeonSouls
2017-04-14 19:16 - 2017-04-14 19:16 - 01809419 _____ C:\Users\User\Desktop\M.Elmougy Mater list.xlsx
2017-04-14 10:56 - 2017-04-14 11:16 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband Savegames
2017-04-14 10:53 - 2017-04-14 11:02 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband
2017-04-14 10:53 - 2017-04-14 10:53 - 00000000 ____D C:\ProgramData\SkidRow
2017-04-14 10:48 - 2017-04-14 10:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Mount&Blade Warband
2017-04-14 10:47 - 2017-04-14 10:47 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2017-04-13 09:38 - 2017-04-13 09:38 - 00017753 _____ C:\Users\User\Desktop\Copy of مؤتمر الازهر.xlsx
2017-04-13 02:06 - 2017-04-14 01:30 - 00000000 ____D C:\World of Warcraft
2017-04-09 11:29 - 2017-04-09 11:29 - 00011268 _____ C:\Users\User\Desktop\Copy of Cairo.xlsx
2017-04-08 17:12 - 2017-04-08 17:20 - 93413688 _____ C:\Users\User\Downloads\simtentacles.7z
2017-04-07 10:28 - 2017-04-07 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2017-04-05 12:22 - 2017-04-05 12:22 - 01767772 _____ C:\Users\User\Desktop\Diabetes.pptx intro..pptx
2017-04-01 17:22 - 2017-04-02 16:17 - 00000000 ____D C:\Users\User\Documents\StarCraft II
2017-04-01 13:41 - 2017-04-06 20:05 - 00000000 ____D C:\Users\User\AppData\Local\Warframe
2017-03-29 20:47 - 2017-03-29 20:47 - 00002274 _____ C:\Users\User\Downloads\SexLabRomance_IgnoreGender.7z
2017-03-29 16:31 - 2017-04-20 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-26 23:08 - 2017-03-26 23:08 - 00000000 ____D C:\Users\User\AppData\Local\LOOT
2017-03-26 22:59 - 2017-03-26 22:59 - 00000000 ____D C:\Users\User\AppData\Local\Nexus
2017-03-26 22:45 - 2017-04-20 02:41 - 00000000 ____D C:\Users\User\Desktop\games
2017-03-26 22:44 - 2017-03-26 22:44 - 00362812 _____ C:\Users\User\Downloads\skse_1_07_03_installer.exe
2017-03-26 22:35 - 2017-03-26 22:35 - 00000000 ____D C:\Users\User\AppData\Local\Skyrim
2017-03-26 22:34 - 2017-03-26 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2017-03-25 15:49 - 2017-03-25 15:49 - 00000000 ____D C:\Users\User\AppData\Local\Disc_Soft_Ltd
2017-03-25 13:40 - 2017-03-25 13:40 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-03-25 04:33 - 2017-03-25 04:33 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-03-25 04:30 - 2017-03-26 22:22 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2017-03-25 04:30 - 2017-03-25 04:30 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-03-25 04:30 - 2017-03-25 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:33 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-03-25 04:29 - 2017-03-25 04:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-03-25 04:06 - 2017-03-25 04:08 - 00694744 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller.exe
2017-03-24 20:48 - 2017-03-24 20:48 - 01124791 _____ C:\Users\User\Downloads\cp_orange_x3.rar
2017-03-22 19:11 - 2017-03-22 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-20 18:49 - 2017-02-02 15:26 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2017-04-20 18:48 - 2017-02-18 15:02 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000.job
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-20 18:48 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-18 23:22 - 2017-03-09 20:52 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2017-04-18 23:19 - 2017-02-18 15:02 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4281429499-1691222031-488837525-1000
2017-04-18 23:19 - 2017-02-18 15:02 - 00000424 _____ C:\Users\User\AppData\Local\UserProducts.xml
2017-04-18 23:16 - 2013-03-22 10:00 - 00000817 _____ C:\Windows\SysWOW64\bscs.ini
2017-04-18 23:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-17 23:50 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-04-17 20:51 - 2017-02-18 15:02 - 00003282 _____ C:\Windows\System32\Tasks\update-sys
2017-04-16 01:21 - 2017-03-18 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-04-16 01:21 - 2017-03-18 09:01 - 00000000 ____D C:\GOG Games
2017-04-16 01:21 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-16 01:19 - 2015-04-15 00:33 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-04-16 01:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-15 21:49 - 2009-07-14 07:13 - 00786474 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 21:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-14 10:11 - 2015-06-30 02:15 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-11 11:33 - 2016-11-23 11:20 - 00003274 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 11:33 - 2016-11-23 11:20 - 00003146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 19:59 - 2017-03-05 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2017-04-09 19:09 - 2015-05-06 07:17 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2017-04-09 11:43 - 2017-02-23 12:22 - 00019314 _____ C:\Users\User\Desktop\Q1 target.xlsx
2017-04-05 23:52 - 2016-11-23 11:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 23:52 - 2016-11-23 11:41 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 16:17 - 2017-03-11 21:55 - 00000000 ____D C:\Users\User\AppData\Local\Blizzard Entertainment
2017-04-02 16:16 - 2017-03-11 21:58 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-04-01 23:20 - 2014-12-19 22:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-01 23:17 - 2014-12-19 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-26 22:34 - 2017-03-18 08:48 - 00000000 ____D C:\Users\User\Documents\My Games
2017-03-24 15:49 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-22 19:11 - 2014-12-19 22:49 - 00000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories =======
2011-10-26 19:14 - 2011-10-26 19:14 - 0001042 _____ () C:\Users\User\AppData\Roaming\coreavc.ini
2017-02-18 15:02 - 2017-02-18 15:02 - 0000003 _____ () C:\Users\User\AppData\Local\updater.log
2017-02-18 15:02 - 2017-04-18 23:19 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
2014-12-19 22:35 - 2014-12-19 22:49 - 0000000 ____D () C:\Users\User\AppData\Local\Temp\avgnt.exe
2017-04-17 08:46 - 2017-04-17 08:46 - 0065536 _____ () C:\Users\User\AppData\Local\Temp\truck.dll
2017-03-09 17:04 - 2017-02-18 16:54 - 0106866 _____ () C:\Users\User\AppData\Local\Temp\Uninstall.exe
2017-04-17 21:08 - 2017-04-17 21:08 - 0000000 _____ () C:\Users\User\AppData\Local\Temp\yutmntti.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-14 02:54
==================== End of FRST.txt ============================