Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Dell (24-11-2016 12:03:34)
Running from C:\Users\Dell\Desktop
Windows 8.1 (Update) (X64) (2015-09-11 14:12:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2699064319-4166293819-890525629-500 - Administrator - Disabled)
Dell (S-1-5-21-2699064319-4166293819-890525629-1001 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2699064319-4166293819-890525629-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.29.1517 - Bitdefender)
Cheatbook Database 2010 (HKLM-x32\...\Cheatbook Database 2010) (Version: - )
COWON Media Center - jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 7.5.3 - COWON)
Critical Damage (HKLM-x32\...\Critical Damage_is1) (Version: 1.0 - Media Contact LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.9 - Synaptics Incorporated)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Facebook Games Arcade 0.10.0.3 (HKLM-x32\...\{C3B7C124-136A-4E19-B21C-BDA26F8BA5A7}) (Version: 0.10.0.3 - Facebook)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Google Chrome (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.134 - PandoraTV)
Mad Truckers (HKLM-x32\...\MadTruckers_is1) (Version: 1.0 - Media Contact LLC)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools لحزمة اللغة لـ Office Runtime (x64) - ARA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ARA) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Need For Extreme 3D (HKLM-x32\...\Need For Extreme 3D_is1) (Version: 1.0 - MyPlayCity, Inc.)
Offroad Racers (HKLM-x32\...\Offroad_Racers_is1) (Version: 1.0 - Media Contact LLC)
Police Supercars Racing (HKLM-x32\...\Police Supercars Racing_is1) (Version: 1.0 - Media Contact LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Super Bikes (HKLM-x32\...\Super Bikes_is1) (Version: 1.0 - Media Contact LLC)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
Viber (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.)
Viber (x32 Version: 6.1.0.1623 - Viber Media Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.1 - win.rar GmbH)
ZTEMT UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {107FB967-8792-47C0-A1F5-DFC2215933FE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-09] (Synaptics Incorporated)
Task: {1B62A4D7-5CA6-4CC3-B03A-1897ACFBB037} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {211B3D43-382C-4E1E-94FF-6DD154F24790} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-24] ()
Task: {3D115F1C-5C1B-491B-BFF0-F9DEDCF016F4} - System32\Tasks\{E7AB0E22-5E98-4672-A99A-A0F1B17DCB23} => pcalua.exe -a C:\Users\Dell\AppData\Local\Temp\ghostr\Install.exe -d C:\Users\Dell\AppData\Local\Temp\ghostr <==== ATTENTION
Task: {44767C6C-F90A-4F08-A698-F0658FC52158} - System32\Tasks\{53247D98-7A5C-49DF-9D2A-00F764CE0F02} => pcalua.exe -a C:\Users\Dell\Documents\games\Games\busdriver_setup.exe -d C:\Users\Dell\Documents\games\Games
Task: {4512DCB5-EA06-458A-AB55-E9A5E9229C79} - System32\Tasks\Western Digital\SmartWare\____Volume_fe0d9545_5cb6_4077_93b0_ec37d6172632______Volume_5168b858_8c9d_11e6_828a_303a645e6aa4__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {4BAD07E9-E85E-425B-A70D-133341ED01CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001UA => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {4FED003B-ACEC-4839-8389-E951C88C3891} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {653B3BF6-0D36-424C-8E6A-353F82196447} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {6DFA4F86-93CA-4FFD-A66F-37444CE7E84C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {93ACA764-DF78-42DB-913C-B848F8B72C70} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {9CC949CB-6C14-47E0-8002-0375F56DC737} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {A71A4F2C-0AE1-4171-8C9E-8D7EDA038903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001Core => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {D3D19C03-4641-458F-A313-984E88354C8B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {E55C1F97-D896-4CA6-A2DF-CD1A042FA15B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001Core.job => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001UA.job => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-11-21 22:50 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-11-22 00:40 - 2016-11-22 00:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpbr.mdl
2016-11-22 00:40 - 2016-11-22 00:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpdsp.mdl
2016-11-22 00:40 - 2016-11-22 00:41 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpph.mdl
2016-11-22 00:40 - 2016-11-22 00:41 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttprbl.mdl
2015-09-11 16:50 - 2010-06-16 01:44 - 00008192 _____ () C:\windows\SysWOW64\srvany.exe
2015-09-11 16:50 - 2010-12-27 16:59 - 00163840 _____ () C:\windows\KMService.exe
2016-09-27 18:09 - 2010-05-11 14:28 - 00403456 _____ () C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe
2015-01-15 18:50 - 2013-08-19 18:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-01-15 18:50 - 2013-08-19 18:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-09-11 16:25 - 2010-11-11 11:24 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-01-15 18:50 - 2013-08-19 18:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2016-08-01 18:34 - 2016-08-01 18:34 - 00042928 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
2015-01-15 19:01 - 2013-12-18 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 01029120 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 49805824 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libcef.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 00688640 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 01665024 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libglesv2.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 00074752 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libegl.dll
2015-01-15 18:43 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Dell\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Dell\Downloads\UsbFix_9.005.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-11-24 11:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2699064319-4166293819-890525629-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\Downloads\Documents\Books\inception-toupie-christopher-nolan.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D1110EF-8987-4C05-AE21-05BB80967414}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{63BE0E7B-157D-43C0-A0FF-FE5053938527}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6C5DFCB9-815B-4699-AECF-D87CE7960E4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{D19BF207-DA85-4B02-B544-A1A5D291CEAF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B62AC1DE-A83B-4600-99D4-6BDE01CCAFF4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{635D29C9-24CB-400D-AA98-930A5D5F0BDF}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{33F1BCF7-6AFC-46BC-940E-64D10A9DC552}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{658A9377-5994-435F-90C8-6A9F07D825C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3E9896F3-F77E-4C0E-9773-8B818FD0F33A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{064E85A2-499B-463E-AEC9-38EFB21B7F47}C:\users\dell\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dell\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0D4A335C-EE40-4A5C-B31A-5B9B88D1B7DD}C:\users\dell\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dell\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{14A80806-118A-43B4-94F0-31BCD98F1EF7}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{76E10D50-2C60-4692-B252-67EC790E1AE4}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{A92DE73F-F817-4248-9360-2BD93D7B4225}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{561EADAD-9B9E-4856-8078-5B1E4BF62FC3}] => (Allow) LPort=2869
FirewallRules: [{31F20CF7-25FA-4E49-AFCF-2910AB4D00DE}] => (Allow) LPort=1900
FirewallRules: [{8C002A5B-3A97-4157-A900-0908F3DE62AB}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8D85052A-4BF2-4808-BA72-10050463B8B2}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9B5A85BB-9117-4537-905A-EB2D366AF852}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9D1DCD5E-2845-4774-A787-BD58F43BA6C3}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{736F5568-EDD9-4C47-BE35-A2610E6098DF}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A1FBFCE-F868-4BFA-803F-16F3FA43840E}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
==================== Restore Points =========================
30-10-2016 02:03:47 Removed Steam
08-11-2016 08:04:14 Scheduled Checkpoint
18-11-2016 22:07:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2016 11:26:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1364
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf12ad8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexFoodAndDrink
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d80
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf0dcb8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexHealthAndFitness
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: da4
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf08e98-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexNews
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1444
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf151e8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexFinance
System errors:
=============
Error: (11/23/2016 08:54:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:29:58 ص on 23/02/38 was unexpected.
Error: (11/22/2016 01:20:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
Error: (11/21/2016 08:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s).
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 8072.96 MB
Available physical RAM: 6044.75 MB
Total Virtual: 9352.96 MB
Available Virtual: 7309.09 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:871.48 GB) (Free:591.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B4342F10)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Dell (24-11-2016 12:03:34)
Running from C:\Users\Dell\Desktop
Windows 8.1 (Update) (X64) (2015-09-11 14:12:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2699064319-4166293819-890525629-500 - Administrator - Disabled)
Dell (S-1-5-21-2699064319-4166293819-890525629-1001 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2699064319-4166293819-890525629-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.29.1517 - Bitdefender)
Cheatbook Database 2010 (HKLM-x32\...\Cheatbook Database 2010) (Version: - )
COWON Media Center - jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 7.5.3 - COWON)
Critical Damage (HKLM-x32\...\Critical Damage_is1) (Version: 1.0 - Media Contact LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.9 - Synaptics Incorporated)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Facebook Games Arcade 0.10.0.3 (HKLM-x32\...\{C3B7C124-136A-4E19-B21C-BDA26F8BA5A7}) (Version: 0.10.0.3 - Facebook)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Google Chrome (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.134 - PandoraTV)
Mad Truckers (HKLM-x32\...\MadTruckers_is1) (Version: 1.0 - Media Contact LLC)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools لحزمة اللغة لـ Office Runtime (x64) - ARA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ARA) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Need For Extreme 3D (HKLM-x32\...\Need For Extreme 3D_is1) (Version: 1.0 - MyPlayCity, Inc.)
Offroad Racers (HKLM-x32\...\Offroad_Racers_is1) (Version: 1.0 - Media Contact LLC)
Police Supercars Racing (HKLM-x32\...\Police Supercars Racing_is1) (Version: 1.0 - Media Contact LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Super Bikes (HKLM-x32\...\Super Bikes_is1) (Version: 1.0 - Media Contact LLC)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
Viber (HKU\S-1-5-21-2699064319-4166293819-890525629-1001\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.)
Viber (x32 Version: 6.1.0.1623 - Viber Media Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.00 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.1 - win.rar GmbH)
ZTEMT UI (HKLM\...\ZTEWireless-101_is1) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2699064319-4166293819-890525629-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dell\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {107FB967-8792-47C0-A1F5-DFC2215933FE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-09] (Synaptics Incorporated)
Task: {1B62A4D7-5CA6-4CC3-B03A-1897ACFBB037} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {211B3D43-382C-4E1E-94FF-6DD154F24790} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-24] ()
Task: {3D115F1C-5C1B-491B-BFF0-F9DEDCF016F4} - System32\Tasks\{E7AB0E22-5E98-4672-A99A-A0F1B17DCB23} => pcalua.exe -a C:\Users\Dell\AppData\Local\Temp\ghostr\Install.exe -d C:\Users\Dell\AppData\Local\Temp\ghostr <==== ATTENTION
Task: {44767C6C-F90A-4F08-A698-F0658FC52158} - System32\Tasks\{53247D98-7A5C-49DF-9D2A-00F764CE0F02} => pcalua.exe -a C:\Users\Dell\Documents\games\Games\busdriver_setup.exe -d C:\Users\Dell\Documents\games\Games
Task: {4512DCB5-EA06-458A-AB55-E9A5E9229C79} - System32\Tasks\Western Digital\SmartWare\____Volume_fe0d9545_5cb6_4077_93b0_ec37d6172632______Volume_5168b858_8c9d_11e6_828a_303a645e6aa4__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {4BAD07E9-E85E-425B-A70D-133341ED01CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001UA => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {4FED003B-ACEC-4839-8389-E951C88C3891} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {653B3BF6-0D36-424C-8E6A-353F82196447} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {6DFA4F86-93CA-4FFD-A66F-37444CE7E84C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {93ACA764-DF78-42DB-913C-B848F8B72C70} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {9CC949CB-6C14-47E0-8002-0375F56DC737} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {A71A4F2C-0AE1-4171-8C9E-8D7EDA038903} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001Core => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {D3D19C03-4641-458F-A313-984E88354C8B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {E55C1F97-D896-4CA6-A2DF-CD1A042FA15B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001Core.job => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699064319-4166293819-890525629-1001UA.job => C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-11-21 22:50 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-11-22 00:40 - 2016-11-22 00:40 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpbr.mdl
2016-11-22 00:40 - 2016-11-22 00:40 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpdsp.mdl
2016-11-22 00:40 - 2016-11-22 00:41 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttpph.mdl
2016-11-22 00:40 - 2016-11-22 00:41 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02351_002\ashttprbl.mdl
2015-09-11 16:50 - 2010-06-16 01:44 - 00008192 _____ () C:\windows\SysWOW64\srvany.exe
2015-09-11 16:50 - 2010-12-27 16:59 - 00163840 _____ () C:\windows\KMService.exe
2016-09-27 18:09 - 2010-05-11 14:28 - 00403456 _____ () C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe
2015-01-15 18:50 - 2013-08-19 18:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-01-15 18:50 - 2013-08-19 18:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-09-11 16:25 - 2010-11-11 11:24 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-01-15 18:50 - 2013-08-19 18:21 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2016-08-01 18:34 - 2016-08-01 18:34 - 00042928 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe
2015-01-15 19:01 - 2013-12-18 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 01029120 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 49805824 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libcef.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 00688640 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 01665024 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libglesv2.dll
2016-07-29 18:01 - 2016-07-29 18:01 - 00074752 _____ () C:\Users\Dell\AppData\Local\Facebook\Games\libegl.dll
2015-01-15 18:43 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 19:41 - 2013-03-05 19:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Dell\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Dell\Downloads\UsbFix_9.005.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-11-24 11:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2699064319-4166293819-890525629-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\Downloads\Documents\Books\inception-toupie-christopher-nolan.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D1110EF-8987-4C05-AE21-05BB80967414}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{63BE0E7B-157D-43C0-A0FF-FE5053938527}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6C5DFCB9-815B-4699-AECF-D87CE7960E4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{D19BF207-DA85-4B02-B544-A1A5D291CEAF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B62AC1DE-A83B-4600-99D4-6BDE01CCAFF4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{635D29C9-24CB-400D-AA98-930A5D5F0BDF}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{33F1BCF7-6AFC-46BC-940E-64D10A9DC552}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{658A9377-5994-435F-90C8-6A9F07D825C5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3E9896F3-F77E-4C0E-9773-8B818FD0F33A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{064E85A2-499B-463E-AEC9-38EFB21B7F47}C:\users\dell\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dell\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0D4A335C-EE40-4A5C-B31A-5B9B88D1B7DD}C:\users\dell\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dell\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{14A80806-118A-43B4-94F0-31BCD98F1EF7}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{76E10D50-2C60-4692-B252-67EC790E1AE4}C:\users\dell\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\dell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{A92DE73F-F817-4248-9360-2BD93D7B4225}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{561EADAD-9B9E-4856-8078-5B1E4BF62FC3}] => (Allow) LPort=2869
FirewallRules: [{31F20CF7-25FA-4E49-AFCF-2910AB4D00DE}] => (Allow) LPort=1900
FirewallRules: [{8C002A5B-3A97-4157-A900-0908F3DE62AB}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8D85052A-4BF2-4808-BA72-10050463B8B2}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9B5A85BB-9117-4537-905A-EB2D366AF852}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9D1DCD5E-2845-4774-A787-BD58F43BA6C3}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{736F5568-EDD9-4C47-BE35-A2610E6098DF}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A1FBFCE-F868-4BFA-803F-16F3FA43840E}] => (Allow) C:\Users\Dell\AppData\Roaming\BitTorrent\BitTorrent.exe
==================== Restore Points =========================
30-10-2016 02:03:47 Removed Steam
08-11-2016 08:04:14 Scheduled Checkpoint
18-11-2016 22:07:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2016 11:26:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1364
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf12ad8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexFoodAndDrink
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingFoodAndDrink_8wekyb3d8bbwe!AppexFoodAndDrink failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-P2SG413)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d80
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf0dcb8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexHealthAndFitness
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: da4
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf08e98-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexNews
Error: (11/24/2016 11:26:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1444
Start Time: 01d24634cd06e9a3
Termination Time: 4294967295
Application Path: C:\windows\system32\backgroundTaskHost.exe
Report Id: 0bf151e8-b228-11e6-82ad-3417eb5f9409
Faulting package full name: Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe
Faulting package-relative application ID: AppexFinance
System errors:
=============
Error: (11/23/2016 08:54:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:29:58 ص on 23/02/38 was unexpected.
Error: (11/22/2016 01:20:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
Error: (11/21/2016 08:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\windows\System32\IWMSSvc.dll
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/21/2016 08:28:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s).
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 8072.96 MB
Available physical RAM: 6044.75 MB
Total Virtual: 9352.96 MB
Available Virtual: 7309.09 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:871.48 GB) (Free:591.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B4342F10)
Partition: GPT.
==================== End of Addition.txt ============================