Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Serwan (administrator) on SATELLITE (09-02-2017 20:31:20)
Running from C:\Users\Serwan\Desktop
Loaded Profiles: Serwan (Available Profiles: Serwan)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [GoogleChromeAutoLaunch_F0CF2F7C23D5715C1C8A576EF2A4D297] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26936 2016-05-31] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [30008 2016-05-31] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{5F0BE7A8-E3E8-4F41-AA1F-18D79ABC75B2}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{856FFBDC-0186-4FDC-99DA-B71B4685E57B}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3200766092-2998653729-1306303623-1000] ATTENTION => Default URLSearchHook is missing
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: No Name -> {73455575-E40C-433C-9784-C78DC7761455} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-12]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-28]
CHR Extension: (Google Docs) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28]
CHR Extension: (Google Drive) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Adblock Plus) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Dropbox for Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-04-28]
CHR Extension: (Google Sheets) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-03]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-03]
CHR Extension: (Personal Trainer) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2016-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Simple EPUB Reader) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-04-28]
CHR Extension: (Psykopaint) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-04-28]
CHR Extension: (Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 Browser; C:\Windows\System32\browser.dll [136704 2014-06-20] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-04-30] (Macrovision Europe Ltd.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2015-06-05] (National Instruments, Inc.)
S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50200 2016-06-08] (National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60440 2016-06-08] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [94752 2016-05-23] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [65096 2016-05-31] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [83528 2016-05-31] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [594984 2016-05-27] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394264 2016-06-08] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe [375160 2015-09-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [334424 2016-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [179304 2016-05-31] (National Instruments Corporation)
S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [37416 2016-06-14] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [102512 2016-05-19] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [65080 2016-05-31] (National Instruments Corporation)
S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [699952 2016-06-05] (National Instruments Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-12-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 NationalInstrumentsUSBLAN; C:\Windows\System32\DRIVERS\nationalinstrumentsblan.sys [86360 2015-10-09] (Belcarra Technologies 2005)
S3 ni1045k; C:\Windows\System32\drivers\ni1045kl.sys [13560 2016-06-10] (National Instruments Corporation)
S3 ni1065k; C:\Windows\System32\drivers\ni1065k.sys [27384 2016-06-10] (National Instruments Corporation)
R3 nidimk; C:\Windows\System32\drivers\nidimkl.sys [13576 2016-06-09] (National Instruments Corporation)
R3 nigevwrapper; C:\Windows\System32\DRIVERS\nigevwrapper.sys [123112 2016-10-12] (National Instruments Corporation)
R3 niimaqdxk; C:\Windows\System32\drivers\niimaqdxkl.sys [31832 2016-10-12] (National Instruments Corporation)
S3 nimdbgk; C:\Windows\System32\drivers\nimdbgkl.sys [13568 2016-06-09] (National Instruments Corporation)
S3 nimxdfk; C:\Windows\System32\drivers\nimxdfkl.sys [13560 2016-06-09] (National Instruments Corporation)
S3 niorbk; C:\Windows\System32\drivers\niorbkl.sys [13560 2016-06-09] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13600 2016-06-08] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [784120 2016-06-08] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13600 2016-06-08] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2016-03-15] (National Instruments Corporation)
R0 nipcibrd; C:\Windows\System32\drivers\nipcibrd.sys [98072 2016-06-10] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [64320 2016-06-10] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\System32\drivers\nipxifpk.sys [33088 2016-06-10] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\System32\drivers\nipxigpk.sys [22776 2016-06-10] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmkl.sys [13560 2016-06-10] (National Instruments Corporation)
R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [26872 2016-06-02] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15176 2016-01-21] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15176 2016-01-21] (National Instruments Corporation)
S3 niwdk; no ImagePath
R3 niwsk; C:\Windows\System32\DRIVERS\niwsk.sys [147144 2016-10-12] (National Instruments Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [174464 2009-09-21] (Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-08] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-04-24] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-04-24] (Xilinx, Inc.)
S3 catchme; \??\C:\Users\Serwan\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 niimaqk; system32\drivers\niimaqk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-09 20:02 - 2017-02-09 20:31 - 00028101 _____ C:\Users\Serwan\Desktop\FRST.txt
2017-02-09 20:02 - 2017-02-09 20:02 - 00000000 ____D C:\FRST
2017-02-09 20:02 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Desktop\FRST64.exe
2017-02-09 20:00 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Downloads\FRST64.exe
2017-02-09 18:50 - 2017-02-09 18:50 - 02660864 _____ C:\Users\Serwan\ZHPDiag3.exe
2017-02-09 18:09 - 2017-02-09 18:09 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-02-09 17:42 - 2017-02-09 17:41 - 00003705 _____ C:\Users\Serwan\Desktop\ZHPFixReport.txt
2017-02-09 17:37 - 2017-02-09 17:37 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-02-09 17:37 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Desktop\ZHPFix.exe
2017-02-09 17:36 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Downloads\ZHPFix.exe
2017-02-09 17:15 - 2017-02-09 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-09 03:38 - 2017-02-09 03:38 - 00271601 _____ C:\Users\Serwan\Desktop\ZHPDiag_1.txt
2017-02-09 02:40 - 2017-02-09 02:40 - 00292728 _____ C:\Windows\Minidump\020917-21746-01.dmp
2017-02-08 00:56 - 2017-02-08 01:29 - 00000000 ____D C:\ComboFix
2017-02-08 00:20 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-08 00:20 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-08 00:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-08 00:12 - 2017-02-08 01:13 - 00000000 ____D C:\Windows\erdnt
2017-02-08 00:12 - 2017-02-08 00:56 - 00000000 ____D C:\Qoobox
2017-02-07 23:54 - 2017-02-09 02:41 - 00598288 _____ C:\Windows\ntbtlog.txt
2017-02-07 23:06 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Desktop\RogueKillerX64.exe
2017-02-07 23:05 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Downloads\RogueKillerX64.exe
2017-02-07 07:38 - 2017-02-07 07:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-07 01:12 - 2017-02-07 01:12 - 05659775 ____R (Swearware) C:\Users\Serwan\Desktop\ComboFix.exe
2017-02-07 01:11 - 2017-02-07 01:12 - 05659775 _____ (Swearware) C:\Users\Serwan\Downloads\ComboFix (1).exe
2017-02-07 00:03 - 2017-02-07 00:03 - 05659775 ____R (Swearware) C:\Users\Serwan\Downloads\ComboFix.exe
2017-02-06 23:48 - 2017-02-06 23:48 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-02-06 21:51 - 2017-02-06 21:52 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (2).exe
2017-02-06 21:50 - 2017-02-06 21:54 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (2).exe
2017-02-06 21:29 - 2017-02-06 23:18 - 00001468 _____ C:\Users\Serwan\Desktop\ZHPCleaner.txt
2017-02-06 21:11 - 2017-02-06 21:11 - 00000832 _____ C:\Users\Serwan\Desktop\ZHPCleaner.lnk
2017-02-06 21:11 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Desktop\ZHPCleaner.exe
2017-02-06 21:10 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Downloads\ZHPCleaner.exe
2017-02-06 21:08 - 2017-02-06 21:09 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (1).exe
2017-02-06 20:52 - 2017-02-07 01:02 - 00000000 ____D C:\Users\Serwan\AppData\Local\CrashDumps
2017-02-05 20:52 - 2017-02-08 17:01 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-05 20:43 - 2017-02-06 21:55 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-05 20:43 - 2017-02-05 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-05 20:42 - 2017-02-05 20:42 - 34821984 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup.exe
2017-02-05 20:40 - 2017-02-05 20:40 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (1).exe
2017-02-05 20:18 - 2017-02-05 20:18 - 00001542 _____ C:\Users\Serwan\Documents\AdwCleaner[S0].txt
2017-02-05 20:15 - 2017-02-09 03:07 - 00000000 ____D C:\AdwCleaner
2017-02-05 20:15 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Desktop\adwcleaner_6.043.exe
2017-02-05 20:14 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043.exe
2017-02-05 20:14 - 2017-02-05 20:14 - 00003568 _____ C:\Users\Serwan\Documents\Rkill.txt
2017-02-05 19:55 - 2017-02-06 23:31 - 00003468 _____ C:\Users\Serwan\Desktop\Rkill.txt
2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.exe
2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.exe
2017-02-05 19:53 - 2017-02-05 19:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (2).com
2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (1).com
2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.com
2017-02-05 19:49 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.com
2017-02-05 19:02 - 2017-02-05 19:02 - 00273952 _____ C:\Users\Serwan\Documents\ZHPDiag.txt
2017-02-05 19:01 - 2017-02-09 19:35 - 00269374 _____ C:\Users\Serwan\Desktop\ZHPDiag.txt
2017-02-05 18:22 - 2017-02-09 18:50 - 00000669 _____ C:\Users\Serwan\Desktop\ZHPDiag.lnk
2017-02-05 18:21 - 2017-02-09 18:57 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\ZHP
2017-02-05 18:19 - 2017-02-05 18:20 - 02660352 _____ C:\Users\Serwan\Desktop\ZHPDiag3.exe
2017-02-05 02:29 - 2017-02-05 02:29 - 00000201 _____ C:\Users\Serwan\Documents\new 1.txt
2017-02-05 02:16 - 2017-02-05 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-04 03:58 - 2017-02-04 03:58 - 01183070 _____ C:\Users\Serwan\Downloads\The LanguageLab Library - Essays for TOEFL Writing TWE.pdf
2017-02-04 03:35 - 2017-02-04 03:36 - 06070046 _____ C:\Users\Serwan\Downloads\(Lecture Notes in Earth Sciences 90) Matthias Holschneider (auth.), Prof. Dr. Roland Klees, Roger Haagmans (eds.)-Wavelets in the Geosciences-Springer-Verlag Berlin Heidelberg (2000).pdf
2017-02-04 00:08 - 2017-02-04 00:08 - 00228856 _____ C:\Users\Serwan\Documents\77.pdf
2017-02-04 00:06 - 2017-02-04 00:06 - 00237569 _____ C:\Users\Serwan\Documents\77.ps
2017-02-04 00:05 - 2017-02-04 00:05 - 00000000 _____ C:\Users\Serwan\Documents\77.ps.crdownload
2017-02-03 00:36 - 2017-02-03 00:37 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (12).pdf
2017-02-01 21:21 - 2017-02-01 21:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (11).pdf
2017-01-29 22:44 - 2017-01-29 23:59 - 14184314 _____ C:\Users\Serwan\Downloads\fwdit.zip
2017-01-29 22:43 - 2017-01-29 22:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (10).pdf
2017-01-26 18:35 - 2017-01-26 18:35 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (9).pdf
2017-01-25 22:57 - 2017-01-25 22:57 - 00010482 _____ C:\Users\Serwan\Documents\Book2.xlsx
2017-01-25 22:45 - 2017-01-25 22:45 - 00039332 _____ C:\Users\Serwan\Documents\Electronic lab 3boor.pdf
2017-01-25 20:51 - 2017-01-25 20:51 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (8).pdf
2017-01-25 00:17 - 2017-01-25 00:18 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (7).pdf
2017-01-24 20:48 - 2017-01-24 20:48 - 01141274 _____ C:\Users\Serwan\Downloads\436-444.pdf
2017-01-24 20:20 - 2017-01-24 20:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (6).pdf
2017-01-22 22:44 - 2017-01-22 22:44 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (5).pdf
2017-01-22 22:41 - 2017-01-22 22:41 - 00004422 _____ C:\Users\Serwan\Downloads\6B36.tmp
2017-01-21 23:14 - 2017-01-21 23:14 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (4).pdf
2017-01-21 15:36 - 2017-01-21 15:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (3).pdf
2017-01-20 19:31 - 2017-01-20 19:32 - 00017482 _____ C:\Users\Serwan\Downloads\matlab.zip
2017-01-18 01:22 - 2017-01-18 01:22 - 00215213 _____ C:\Users\Serwan\Documents\Electronics Lab Grades.pdf
2017-01-18 00:32 - 2017-01-18 01:37 - 00020705 _____ C:\Users\Serwan\Downloads\Electronics Lab Grades.xlsx
2017-01-18 00:32 - 2017-01-18 00:32 - 00032660 _____ C:\Users\Serwan\Downloads\matlabcodeandsimulinkmodelforonelevel.zip
2017-01-17 02:37 - 2017-01-17 02:37 - 03629743 _____ C:\Users\Serwan\Downloads\10.1016@j.aeue.2013.05.013.pdf
2017-01-17 00:53 - 2017-01-17 00:53 - 00056553 _____ C:\Users\Serwan\Downloads\Muraqabat Time Table S1 2016-2017.pdf
2017-01-16 01:10 - 2017-01-16 01:10 - 00002027 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
2017-01-15 19:36 - 2017-01-15 19:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (2).pdf
2017-01-15 01:58 - 2017-01-15 01:58 - 01052147 _____ C:\Users\Serwan\Downloads\selection (2).pdf
2017-01-15 00:52 - 2017-01-15 00:52 - 01361442 _____ C:\Users\Serwan\Downloads\selection (1).pdf
2017-01-15 00:50 - 2017-01-15 00:50 - 01676839 _____ C:\Users\Serwan\Downloads\selection.pdf
2017-01-14 22:40 - 2017-01-14 22:40 - 00001044 _____ C:\Users\Serwan\Desktop\PDF Password Remover v3.0.lnk
2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover v3.0
2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\Program Files (x86)\PDF Password Remover v3.0
2017-01-14 22:38 - 2017-01-14 22:38 - 23520897 _____ C:\Users\Serwan\Downloads\commu.pdf
2017-01-14 21:28 - 2017-01-14 21:33 - 23520913 _____ C:\Users\Serwan\Downloads\(Communications in Computer and Information Science 511) Guy Plantier, Tanja Schultz, Ana Fred, Hugo Gamboa (eds.)-Biomedical Engineering Systems and Technologies_ 7th International Joint Conference, .pdf
2017-01-13 16:42 - 2017-01-13 16:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (1).pdf
2017-01-13 02:03 - 2017-01-13 02:03 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267.pdf
2017-01-13 01:59 - 2017-01-13 01:59 - 06206308 _____ C:\Users\Serwan\Downloads\yalefaces.zip
2017-01-13 01:12 - 2017-01-13 01:12 - 00005754 _____ C:\Users\Serwan\Downloads\687785774KFDA.rar
2017-01-11 23:08 - 2017-01-11 23:08 - 00228855 _____ C:\Users\Serwan\Downloads\77.pdf
2017-01-11 23:07 - 2017-01-11 23:07 - 00237569 _____ C:\Users\Serwan\Downloads\77.ps
2017-01-11 18:29 - 2017-01-11 18:29 - 00742365 _____ C:\Users\Serwan\Downloads\WhatsApp Video 2017-01-11 at 6.27.42 PM.mp4
2017-01-11 02:08 - 2017-01-11 02:08 - 00425057 _____ C:\Users\Serwan\Downloads\10.1109@7.993240.pdf
2017-01-11 02:01 - 2017-01-11 02:01 - 02012237 _____ C:\Users\Serwan\Downloads\antonini1992.pdf
2017-01-11 01:52 - 2017-01-11 01:52 - 01697317 _____ C:\Users\Serwan\Downloads\guan2013.pdf
2017-01-11 01:49 - 2017-01-11 01:49 - 00991101 _____ C:\Users\Serwan\Downloads\bashir2009.pdf
2017-01-11 01:44 - 2017-01-11 01:44 - 00492634 _____ C:\Users\Serwan\Downloads\rochareis2005.pdf
2017-01-11 00:26 - 2017-01-11 00:26 - 01925158 _____ C:\Users\Serwan\Downloads\videoplayback2 (online-video-cutter.com).mp4
2017-01-10 23:12 - 2017-01-10 23:12 - 00012755 _____ C:\Users\Serwan\Downloads\final exam semeter one.xlsx
2017-01-10 22:07 - 2017-01-05 21:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 22:07 - 2017-01-05 21:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 22:07 - 2017-01-05 21:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 22:07 - 2017-01-05 20:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 22:07 - 2017-01-05 20:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 22:07 - 2017-01-05 20:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 22:07 - 2017-01-05 20:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 22:07 - 2017-01-05 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 02:25 - 2017-01-10 02:25 - 01025961 _____ C:\Users\Serwan\Downloads\sazonov2010.pdf
2017-01-10 01:59 - 2017-01-10 01:59 - 03227981 _____ C:\Users\Serwan\Downloads\JAIDEVA С COSWAMI ANDREW K. CHAN-Fundamentals of Wavelets Theory, Algorithms, and Applications.djvu
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-09 20:30 - 2016-04-29 21:41 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-09 20:27 - 2016-12-12 20:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-09 20:27 - 2016-04-29 21:54 - 00000000 ___RD C:\Users\Serwan\Dropbox
2017-02-09 20:24 - 2016-04-29 21:40 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-09 20:18 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-09 20:11 - 2016-11-18 20:35 - 00000000 ____D C:\Program Files\CCleaner
2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-09 18:50 - 2016-04-28 02:49 - 00000000 ____D C:\Users\Serwan
2017-02-09 17:15 - 2016-04-29 21:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-09 17:06 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-02-09 02:40 - 2016-05-25 01:45 - 00000000 ____D C:\Windows\Minidump
2017-02-08 01:21 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2017-02-08 00:49 - 2009-07-14 08:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-07 22:42 - 2009-07-14 08:13 - 00781550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 20:24 - 2016-04-28 15:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 21:32 - 2016-12-18 21:54 - 00000000 ____D C:\Users\Serwan\Downloads\PC.Reviver.2.6.3.2
2017-02-05 03:01 - 2016-05-01 05:00 - 00000000 ____D C:\Windows\pss
2017-02-05 02:24 - 2014-08-03 01:29 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-29 22:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-29 02:44 - 2016-09-15 01:05 - 00000000 ____D C:\Users\Serwan\AppData\Local\ElevatedDiagnostics
2017-01-24 19:55 - 2016-05-11 04:15 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\vlc
2017-01-18 01:37 - 2016-04-30 02:45 - 00000000 ____D C:\Users\Serwan\Documents\MATLAB
2017-01-16 01:10 - 2016-04-30 00:34 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
2017-01-11 19:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 02:54 - 2016-04-29 04:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 02:52 - 2009-07-14 05:34 - 00000478 _____ C:\Windows\win.ini
2017-01-11 02:50 - 2016-05-07 16:46 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 02:45 - 2016-04-28 02:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-04-29 19:43 - 2016-04-29 19:43 - 0007641 _____ () C:\Users\Serwan\AppData\Local\Resmon.ResmonCfg
2016-12-18 22:50 - 2016-12-18 22:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Serwan\ZHPDiag3.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-03 00:55
==================== End of FRST.txt ============================
Ran by Serwan (administrator) on SATELLITE (09-02-2017 20:31:20)
Running from C:\Users\Serwan\Desktop
Loaded Profiles: Serwan (Available Profiles: Serwan)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [GoogleChromeAutoLaunch_F0CF2F7C23D5715C1C8A576EF2A4D297] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26936 2016-05-31] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [30008 2016-05-31] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{5F0BE7A8-E3E8-4F41-AA1F-18D79ABC75B2}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{856FFBDC-0186-4FDC-99DA-B71B4685E57B}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3200766092-2998653729-1306303623-1000] ATTENTION => Default URLSearchHook is missing
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: No Name -> {73455575-E40C-433C-9784-C78DC7761455} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-12]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Google Slides) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-28]
CHR Extension: (Google Docs) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28]
CHR Extension: (Google Drive) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28]
CHR Extension: (YouTube) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28]
CHR Extension: (Adblock Plus) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Dropbox for Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-04-28]
CHR Extension: (Google Sheets) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-03]
CHR Extension: (Kaspersky Password Manager) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (Grammarly for Chrome) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-03]
CHR Extension: (Personal Trainer) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2016-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Simple EPUB Reader) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-04-28]
CHR Extension: (Psykopaint) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-04-28]
CHR Extension: (Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 Browser; C:\Windows\System32\browser.dll [136704 2014-06-20] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-04-30] (Macrovision Europe Ltd.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2015-06-05] (National Instruments, Inc.)
S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50200 2016-06-08] (National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60440 2016-06-08] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [94752 2016-05-23] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [65096 2016-05-31] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [83528 2016-05-31] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [594984 2016-05-27] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394264 2016-06-08] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe [375160 2015-09-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [334424 2016-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [179304 2016-05-31] (National Instruments Corporation)
S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [37416 2016-06-14] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [102512 2016-05-19] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [65080 2016-05-31] (National Instruments Corporation)
S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [699952 2016-06-05] (National Instruments Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-12-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 NationalInstrumentsUSBLAN; C:\Windows\System32\DRIVERS\nationalinstrumentsblan.sys [86360 2015-10-09] (Belcarra Technologies 2005)
S3 ni1045k; C:\Windows\System32\drivers\ni1045kl.sys [13560 2016-06-10] (National Instruments Corporation)
S3 ni1065k; C:\Windows\System32\drivers\ni1065k.sys [27384 2016-06-10] (National Instruments Corporation)
R3 nidimk; C:\Windows\System32\drivers\nidimkl.sys [13576 2016-06-09] (National Instruments Corporation)
R3 nigevwrapper; C:\Windows\System32\DRIVERS\nigevwrapper.sys [123112 2016-10-12] (National Instruments Corporation)
R3 niimaqdxk; C:\Windows\System32\drivers\niimaqdxkl.sys [31832 2016-10-12] (National Instruments Corporation)
S3 nimdbgk; C:\Windows\System32\drivers\nimdbgkl.sys [13568 2016-06-09] (National Instruments Corporation)
S3 nimxdfk; C:\Windows\System32\drivers\nimxdfkl.sys [13560 2016-06-09] (National Instruments Corporation)
S3 niorbk; C:\Windows\System32\drivers\niorbkl.sys [13560 2016-06-09] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13600 2016-06-08] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [784120 2016-06-08] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13600 2016-06-08] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2016-03-15] (National Instruments Corporation)
R0 nipcibrd; C:\Windows\System32\drivers\nipcibrd.sys [98072 2016-06-10] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [64320 2016-06-10] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\System32\drivers\nipxifpk.sys [33088 2016-06-10] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\System32\drivers\nipxigpk.sys [22776 2016-06-10] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmkl.sys [13560 2016-06-10] (National Instruments Corporation)
R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [26872 2016-06-02] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15176 2016-01-21] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15176 2016-01-21] (National Instruments Corporation)
S3 niwdk; no ImagePath
R3 niwsk; C:\Windows\System32\DRIVERS\niwsk.sys [147144 2016-10-12] (National Instruments Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [174464 2009-09-21] (Windows (R) Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-08] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-04-24] (Jungo)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-04-24] (Xilinx, Inc.)
S3 catchme; \??\C:\Users\Serwan\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 niimaqk; system32\drivers\niimaqk.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-09 20:02 - 2017-02-09 20:31 - 00028101 _____ C:\Users\Serwan\Desktop\FRST.txt
2017-02-09 20:02 - 2017-02-09 20:02 - 00000000 ____D C:\FRST
2017-02-09 20:02 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Desktop\FRST64.exe
2017-02-09 20:00 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Downloads\FRST64.exe
2017-02-09 18:50 - 2017-02-09 18:50 - 02660864 _____ C:\Users\Serwan\ZHPDiag3.exe
2017-02-09 18:09 - 2017-02-09 18:09 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-02-09 17:42 - 2017-02-09 17:41 - 00003705 _____ C:\Users\Serwan\Desktop\ZHPFixReport.txt
2017-02-09 17:37 - 2017-02-09 17:37 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2017-02-09 17:37 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Desktop\ZHPFix.exe
2017-02-09 17:36 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Downloads\ZHPFix.exe
2017-02-09 17:15 - 2017-02-09 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-09 03:38 - 2017-02-09 03:38 - 00271601 _____ C:\Users\Serwan\Desktop\ZHPDiag_1.txt
2017-02-09 02:40 - 2017-02-09 02:40 - 00292728 _____ C:\Windows\Minidump\020917-21746-01.dmp
2017-02-08 00:56 - 2017-02-08 01:29 - 00000000 ____D C:\ComboFix
2017-02-08 00:20 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2017-02-08 00:20 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2017-02-08 00:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2017-02-08 00:20 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2017-02-08 00:12 - 2017-02-08 01:13 - 00000000 ____D C:\Windows\erdnt
2017-02-08 00:12 - 2017-02-08 00:56 - 00000000 ____D C:\Qoobox
2017-02-07 23:54 - 2017-02-09 02:41 - 00598288 _____ C:\Windows\ntbtlog.txt
2017-02-07 23:06 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Desktop\RogueKillerX64.exe
2017-02-07 23:05 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Downloads\RogueKillerX64.exe
2017-02-07 07:38 - 2017-02-07 07:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-07 01:12 - 2017-02-07 01:12 - 05659775 ____R (Swearware) C:\Users\Serwan\Desktop\ComboFix.exe
2017-02-07 01:11 - 2017-02-07 01:12 - 05659775 _____ (Swearware) C:\Users\Serwan\Downloads\ComboFix (1).exe
2017-02-07 00:03 - 2017-02-07 00:03 - 05659775 ____R (Swearware) C:\Users\Serwan\Downloads\ComboFix.exe
2017-02-06 23:48 - 2017-02-06 23:48 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-02-06 21:51 - 2017-02-06 21:52 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (2).exe
2017-02-06 21:50 - 2017-02-06 21:54 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (2).exe
2017-02-06 21:29 - 2017-02-06 23:18 - 00001468 _____ C:\Users\Serwan\Desktop\ZHPCleaner.txt
2017-02-06 21:11 - 2017-02-06 21:11 - 00000832 _____ C:\Users\Serwan\Desktop\ZHPCleaner.lnk
2017-02-06 21:11 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Desktop\ZHPCleaner.exe
2017-02-06 21:10 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Downloads\ZHPCleaner.exe
2017-02-06 21:08 - 2017-02-06 21:09 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (1).exe
2017-02-06 20:52 - 2017-02-07 01:02 - 00000000 ____D C:\Users\Serwan\AppData\Local\CrashDumps
2017-02-05 20:52 - 2017-02-08 17:01 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-05 20:43 - 2017-02-06 21:55 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-05 20:43 - 2017-02-05 20:51 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-05 20:42 - 2017-02-05 20:42 - 34821984 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup.exe
2017-02-05 20:40 - 2017-02-05 20:40 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (1).exe
2017-02-05 20:18 - 2017-02-05 20:18 - 00001542 _____ C:\Users\Serwan\Documents\AdwCleaner[S0].txt
2017-02-05 20:15 - 2017-02-09 03:07 - 00000000 ____D C:\AdwCleaner
2017-02-05 20:15 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Desktop\adwcleaner_6.043.exe
2017-02-05 20:14 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043.exe
2017-02-05 20:14 - 2017-02-05 20:14 - 00003568 _____ C:\Users\Serwan\Documents\Rkill.txt
2017-02-05 19:55 - 2017-02-06 23:31 - 00003468 _____ C:\Users\Serwan\Desktop\Rkill.txt
2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.exe
2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.exe
2017-02-05 19:53 - 2017-02-05 19:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (2).com
2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (1).com
2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.com
2017-02-05 19:49 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.com
2017-02-05 19:02 - 2017-02-05 19:02 - 00273952 _____ C:\Users\Serwan\Documents\ZHPDiag.txt
2017-02-05 19:01 - 2017-02-09 19:35 - 00269374 _____ C:\Users\Serwan\Desktop\ZHPDiag.txt
2017-02-05 18:22 - 2017-02-09 18:50 - 00000669 _____ C:\Users\Serwan\Desktop\ZHPDiag.lnk
2017-02-05 18:21 - 2017-02-09 18:57 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\ZHP
2017-02-05 18:19 - 2017-02-05 18:20 - 02660352 _____ C:\Users\Serwan\Desktop\ZHPDiag3.exe
2017-02-05 02:29 - 2017-02-05 02:29 - 00000201 _____ C:\Users\Serwan\Documents\new 1.txt
2017-02-05 02:16 - 2017-02-05 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-04 03:58 - 2017-02-04 03:58 - 01183070 _____ C:\Users\Serwan\Downloads\The LanguageLab Library - Essays for TOEFL Writing TWE.pdf
2017-02-04 03:35 - 2017-02-04 03:36 - 06070046 _____ C:\Users\Serwan\Downloads\(Lecture Notes in Earth Sciences 90) Matthias Holschneider (auth.), Prof. Dr. Roland Klees, Roger Haagmans (eds.)-Wavelets in the Geosciences-Springer-Verlag Berlin Heidelberg (2000).pdf
2017-02-04 00:08 - 2017-02-04 00:08 - 00228856 _____ C:\Users\Serwan\Documents\77.pdf
2017-02-04 00:06 - 2017-02-04 00:06 - 00237569 _____ C:\Users\Serwan\Documents\77.ps
2017-02-04 00:05 - 2017-02-04 00:05 - 00000000 _____ C:\Users\Serwan\Documents\77.ps.crdownload
2017-02-03 00:36 - 2017-02-03 00:37 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (12).pdf
2017-02-01 21:21 - 2017-02-01 21:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (11).pdf
2017-01-29 22:44 - 2017-01-29 23:59 - 14184314 _____ C:\Users\Serwan\Downloads\fwdit.zip
2017-01-29 22:43 - 2017-01-29 22:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (10).pdf
2017-01-26 18:35 - 2017-01-26 18:35 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (9).pdf
2017-01-25 22:57 - 2017-01-25 22:57 - 00010482 _____ C:\Users\Serwan\Documents\Book2.xlsx
2017-01-25 22:45 - 2017-01-25 22:45 - 00039332 _____ C:\Users\Serwan\Documents\Electronic lab 3boor.pdf
2017-01-25 20:51 - 2017-01-25 20:51 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (8).pdf
2017-01-25 00:17 - 2017-01-25 00:18 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (7).pdf
2017-01-24 20:48 - 2017-01-24 20:48 - 01141274 _____ C:\Users\Serwan\Downloads\436-444.pdf
2017-01-24 20:20 - 2017-01-24 20:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (6).pdf
2017-01-22 22:44 - 2017-01-22 22:44 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (5).pdf
2017-01-22 22:41 - 2017-01-22 22:41 - 00004422 _____ C:\Users\Serwan\Downloads\6B36.tmp
2017-01-21 23:14 - 2017-01-21 23:14 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (4).pdf
2017-01-21 15:36 - 2017-01-21 15:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (3).pdf
2017-01-20 19:31 - 2017-01-20 19:32 - 00017482 _____ C:\Users\Serwan\Downloads\matlab.zip
2017-01-18 01:22 - 2017-01-18 01:22 - 00215213 _____ C:\Users\Serwan\Documents\Electronics Lab Grades.pdf
2017-01-18 00:32 - 2017-01-18 01:37 - 00020705 _____ C:\Users\Serwan\Downloads\Electronics Lab Grades.xlsx
2017-01-18 00:32 - 2017-01-18 00:32 - 00032660 _____ C:\Users\Serwan\Downloads\matlabcodeandsimulinkmodelforonelevel.zip
2017-01-17 02:37 - 2017-01-17 02:37 - 03629743 _____ C:\Users\Serwan\Downloads\10.1016@j.aeue.2013.05.013.pdf
2017-01-17 00:53 - 2017-01-17 00:53 - 00056553 _____ C:\Users\Serwan\Downloads\Muraqabat Time Table S1 2016-2017.pdf
2017-01-16 01:10 - 2017-01-16 01:10 - 00002027 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
2017-01-15 19:36 - 2017-01-15 19:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (2).pdf
2017-01-15 01:58 - 2017-01-15 01:58 - 01052147 _____ C:\Users\Serwan\Downloads\selection (2).pdf
2017-01-15 00:52 - 2017-01-15 00:52 - 01361442 _____ C:\Users\Serwan\Downloads\selection (1).pdf
2017-01-15 00:50 - 2017-01-15 00:50 - 01676839 _____ C:\Users\Serwan\Downloads\selection.pdf
2017-01-14 22:40 - 2017-01-14 22:40 - 00001044 _____ C:\Users\Serwan\Desktop\PDF Password Remover v3.0.lnk
2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover v3.0
2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\Program Files (x86)\PDF Password Remover v3.0
2017-01-14 22:38 - 2017-01-14 22:38 - 23520897 _____ C:\Users\Serwan\Downloads\commu.pdf
2017-01-14 21:28 - 2017-01-14 21:33 - 23520913 _____ C:\Users\Serwan\Downloads\(Communications in Computer and Information Science 511) Guy Plantier, Tanja Schultz, Ana Fred, Hugo Gamboa (eds.)-Biomedical Engineering Systems and Technologies_ 7th International Joint Conference, .pdf
2017-01-13 16:42 - 2017-01-13 16:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (1).pdf
2017-01-13 02:03 - 2017-01-13 02:03 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267.pdf
2017-01-13 01:59 - 2017-01-13 01:59 - 06206308 _____ C:\Users\Serwan\Downloads\yalefaces.zip
2017-01-13 01:12 - 2017-01-13 01:12 - 00005754 _____ C:\Users\Serwan\Downloads\687785774KFDA.rar
2017-01-11 23:08 - 2017-01-11 23:08 - 00228855 _____ C:\Users\Serwan\Downloads\77.pdf
2017-01-11 23:07 - 2017-01-11 23:07 - 00237569 _____ C:\Users\Serwan\Downloads\77.ps
2017-01-11 18:29 - 2017-01-11 18:29 - 00742365 _____ C:\Users\Serwan\Downloads\WhatsApp Video 2017-01-11 at 6.27.42 PM.mp4
2017-01-11 02:08 - 2017-01-11 02:08 - 00425057 _____ C:\Users\Serwan\Downloads\10.1109@7.993240.pdf
2017-01-11 02:01 - 2017-01-11 02:01 - 02012237 _____ C:\Users\Serwan\Downloads\antonini1992.pdf
2017-01-11 01:52 - 2017-01-11 01:52 - 01697317 _____ C:\Users\Serwan\Downloads\guan2013.pdf
2017-01-11 01:49 - 2017-01-11 01:49 - 00991101 _____ C:\Users\Serwan\Downloads\bashir2009.pdf
2017-01-11 01:44 - 2017-01-11 01:44 - 00492634 _____ C:\Users\Serwan\Downloads\rochareis2005.pdf
2017-01-11 00:26 - 2017-01-11 00:26 - 01925158 _____ C:\Users\Serwan\Downloads\videoplayback2 (online-video-cutter.com).mp4
2017-01-10 23:12 - 2017-01-10 23:12 - 00012755 _____ C:\Users\Serwan\Downloads\final exam semeter one.xlsx
2017-01-10 22:07 - 2017-01-05 21:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 22:07 - 2017-01-05 21:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 22:07 - 2017-01-05 21:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 22:07 - 2017-01-05 21:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 22:07 - 2017-01-05 20:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 22:07 - 2017-01-05 20:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 22:07 - 2017-01-05 20:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 22:07 - 2017-01-05 20:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 22:07 - 2017-01-05 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 22:07 - 2017-01-05 20:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 22:07 - 2017-01-05 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 02:25 - 2017-01-10 02:25 - 01025961 _____ C:\Users\Serwan\Downloads\sazonov2010.pdf
2017-01-10 01:59 - 2017-01-10 01:59 - 03227981 _____ C:\Users\Serwan\Downloads\JAIDEVA С COSWAMI ANDREW K. CHAN-Fundamentals of Wavelets Theory, Algorithms, and Applications.djvu
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-09 20:30 - 2016-04-29 21:41 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-09 20:27 - 2016-12-12 20:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-09 20:27 - 2016-04-29 21:54 - 00000000 ___RD C:\Users\Serwan\Dropbox
2017-02-09 20:24 - 2016-04-29 21:40 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-09 20:18 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-09 20:11 - 2016-11-18 20:35 - 00000000 ____D C:\Program Files\CCleaner
2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-09 18:50 - 2016-04-28 02:49 - 00000000 ____D C:\Users\Serwan
2017-02-09 17:15 - 2016-04-29 21:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-09 17:06 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-02-09 02:40 - 2016-05-25 01:45 - 00000000 ____D C:\Windows\Minidump
2017-02-08 01:21 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2017-02-08 00:49 - 2009-07-14 08:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-07 22:42 - 2009-07-14 08:13 - 00781550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-07 20:24 - 2016-04-28 15:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 21:32 - 2016-12-18 21:54 - 00000000 ____D C:\Users\Serwan\Downloads\PC.Reviver.2.6.3.2
2017-02-05 03:01 - 2016-05-01 05:00 - 00000000 ____D C:\Windows\pss
2017-02-05 02:24 - 2014-08-03 01:29 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-29 22:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-29 02:44 - 2016-09-15 01:05 - 00000000 ____D C:\Users\Serwan\AppData\Local\ElevatedDiagnostics
2017-01-24 19:55 - 2016-05-11 04:15 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\vlc
2017-01-18 01:37 - 2016-04-30 02:45 - 00000000 ____D C:\Users\Serwan\Documents\MATLAB
2017-01-16 01:10 - 2016-04-30 00:34 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
2017-01-11 19:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 02:54 - 2016-04-29 04:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-11 02:52 - 2009-07-14 05:34 - 00000478 _____ C:\Windows\win.ini
2017-01-11 02:50 - 2016-05-07 16:46 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 02:45 - 2016-04-28 02:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2016-04-29 19:43 - 2016-04-29 19:43 - 0007641 _____ () C:\Users\Serwan\AppData\Local\Resmon.ResmonCfg
2016-12-18 22:50 - 2016-12-18 22:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Serwan\ZHPDiag3.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-03 00:55
==================== End of FRST.txt ============================