Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017 Ran by Serwan (administrator) on SATELLITE (09-02-2017 20:31:20) Running from C:\Users\Serwan\Desktop Loaded Profiles: Serwan (Available Profiles: Serwan) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\plugin-nm-server.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab) HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [GoogleChromeAutoLaunch_F0CF2F7C23D5715C1C8A576EF2A4D297] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd) AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26936 2016-05-31] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [30008 2016-05-31] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{5F0BE7A8-E3E8-4F41-AA1F-18D79ABC75B2}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{856FFBDC-0186-4FDC-99DA-B71B4685E57B}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-3200766092-2998653729-1306303623-1000] ATTENTION => Default URLSearchHook is missing BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO-x32: No Name -> {73455575-E40C-433C-9784-C78DC7761455} -> No File BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-12] (AO Kaspersky Lab) FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-12] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default [2017-02-09] CHR Extension: (Google Slides) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-28] CHR Extension: (Google Docs) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-28] CHR Extension: (Google Drive) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28] CHR Extension: (YouTube) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28] CHR Extension: (Adblock Plus) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Dropbox for Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-04-28] CHR Extension: (Google Sheets) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-28] CHR Extension: (Kaspersky Protection) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-03] CHR Extension: (Kaspersky Password Manager) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-12-12] CHR Extension: (Google Docs Offline) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29] CHR Extension: (Grammarly for Chrome) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-02-03] CHR Extension: (Personal Trainer) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke [2016-04-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21] CHR Extension: (Simple EPUB Reader) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-04-28] CHR Extension: (Psykopaint) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-04-28] CHR Extension: (Gmail) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28] CHR Extension: (Chrome Media Router) - C:\Users\Serwan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-3200766092-2998653729-1306303623-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) R3 Browser; C:\Windows\System32\browser.dll [136704 2014-06-20] (Microsoft Corporation) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-29] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-04-30] (Macrovision Europe Ltd.) [File not signed] S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) S2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2015-06-05] (National Instruments, Inc.) S2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50200 2016-06-08] (National Instruments Corporation) S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60440 2016-06-08] (National Instruments Corporation) R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [94752 2016-05-23] (National Instruments Corporation) R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [65096 2016-05-31] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [83528 2016-05-31] (National Instruments Corporation) R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [594984 2016-05-27] (National Instruments Corporation) S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394264 2016-06-08] (National Instruments Corporation) S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) R2 niLXIDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe [375160 2015-09-22] (National Instruments Corporation) R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [334424 2016-05-31] (National Instruments Corporation) R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [179304 2016-05-31] (National Instruments Corporation) S3 NiRioRpc; C:\Windows\SysWOW64\NiRioRpc.exe [37416 2016-06-14] (National Instruments Corporation) R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [102512 2016-05-19] (National Instruments Corporation) R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [65080 2016-05-31] (National Instruments Corporation) S2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [699952 2016-06-05] (National Instruments Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-12-12] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1036512 2016-12-12] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-12] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [134880 2016-12-12] (AO Kaspersky Lab) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) S3 NationalInstrumentsUSBLAN; C:\Windows\System32\DRIVERS\nationalinstrumentsblan.sys [86360 2015-10-09] (Belcarra Technologies 2005) S3 ni1045k; C:\Windows\System32\drivers\ni1045kl.sys [13560 2016-06-10] (National Instruments Corporation) S3 ni1065k; C:\Windows\System32\drivers\ni1065k.sys [27384 2016-06-10] (National Instruments Corporation) R3 nidimk; C:\Windows\System32\drivers\nidimkl.sys [13576 2016-06-09] (National Instruments Corporation) R3 nigevwrapper; C:\Windows\System32\DRIVERS\nigevwrapper.sys [123112 2016-10-12] (National Instruments Corporation) R3 niimaqdxk; C:\Windows\System32\drivers\niimaqdxkl.sys [31832 2016-10-12] (National Instruments Corporation) S3 nimdbgk; C:\Windows\System32\drivers\nimdbgkl.sys [13568 2016-06-09] (National Instruments Corporation) S3 nimxdfk; C:\Windows\System32\drivers\nimxdfkl.sys [13560 2016-06-09] (National Instruments Corporation) S3 niorbk; C:\Windows\System32\drivers\niorbkl.sys [13560 2016-06-09] (National Instruments Corporation) S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [13600 2016-06-08] (National Instruments Corporation) R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [784120 2016-06-08] (National Instruments Corporation) S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [13600 2016-06-08] (National Instruments Corporation) R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2016-03-15] (National Instruments Corporation) R0 nipcibrd; C:\Windows\System32\drivers\nipcibrd.sys [98072 2016-06-10] (National Instruments Corporation) R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [64320 2016-06-10] (National Instruments Corporation) S3 nipxifpk; C:\Windows\System32\drivers\nipxifpk.sys [33088 2016-06-10] (National Instruments Corporation) S3 nipxigpk; C:\Windows\System32\drivers\nipxigpk.sys [22776 2016-06-10] (National Instruments Corporation) R2 nipxirmk; C:\Windows\System32\drivers\nipxirmkl.sys [13560 2016-06-10] (National Instruments Corporation) R2 nistreamk; C:\Windows\System32\drivers\nistreamkl.sys [26872 2016-06-02] (National Instruments Corporation) R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15176 2016-01-21] (National Instruments Corporation) R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15176 2016-01-21] (National Instruments Corporation) S3 niwdk; no ImagePath R3 niwsk; C:\Windows\System32\DRIVERS\niwsk.sys [147144 2016-10-12] (National Instruments Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation ) R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [174464 2009-09-21] (Windows (R) Win 7 DDK provider) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-08] () R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-04-24] (Jungo) R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-04-24] (Xilinx, Inc.) S3 catchme; \??\C:\Users\Serwan\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 dbx; system32\DRIVERS\dbx.sys [X] S3 niimaqk; system32\drivers\niimaqk.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-09 20:02 - 2017-02-09 20:31 - 00028101 _____ C:\Users\Serwan\Desktop\FRST.txt 2017-02-09 20:02 - 2017-02-09 20:02 - 00000000 ____D C:\FRST 2017-02-09 20:02 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Desktop\FRST64.exe 2017-02-09 20:00 - 2017-02-09 20:01 - 02421248 _____ (Farbar) C:\Users\Serwan\Downloads\FRST64.exe 2017-02-09 18:50 - 2017-02-09 18:50 - 02660864 _____ C:\Users\Serwan\ZHPDiag3.exe 2017-02-09 18:09 - 2017-02-09 18:09 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2017-02-09 17:42 - 2017-02-09 17:41 - 00003705 _____ C:\Users\Serwan\Desktop\ZHPFixReport.txt 2017-02-09 17:37 - 2017-02-09 17:37 - 00001853 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2017-02-09 17:37 - 2017-02-09 17:37 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2017-02-09 17:37 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Desktop\ZHPFix.exe 2017-02-09 17:36 - 2017-02-09 17:36 - 03521617 _____ (Nicolas Coolman ) C:\Users\Serwan\Downloads\ZHPFix.exe 2017-02-09 17:15 - 2017-02-09 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-09 03:38 - 2017-02-09 03:38 - 00271601 _____ C:\Users\Serwan\Desktop\ZHPDiag_1.txt 2017-02-09 02:40 - 2017-02-09 02:40 - 00292728 _____ C:\Windows\Minidump\020917-21746-01.dmp 2017-02-08 00:56 - 2017-02-08 01:29 - 00000000 ____D C:\ComboFix 2017-02-08 00:20 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe 2017-02-08 00:20 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe 2017-02-08 00:20 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2017-02-08 00:20 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2017-02-08 00:20 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2017-02-08 00:20 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe 2017-02-08 00:20 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe 2017-02-08 00:20 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe 2017-02-08 00:12 - 2017-02-08 01:13 - 00000000 ____D C:\Windows\erdnt 2017-02-08 00:12 - 2017-02-08 00:56 - 00000000 ____D C:\Qoobox 2017-02-07 23:54 - 2017-02-09 02:41 - 00598288 _____ C:\Windows\ntbtlog.txt 2017-02-07 23:06 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Desktop\RogueKillerX64.exe 2017-02-07 23:05 - 2017-02-07 23:06 - 25983048 _____ C:\Users\Serwan\Downloads\RogueKillerX64.exe 2017-02-07 07:38 - 2017-02-07 07:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 07:38 - 2017-02-07 07:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-07 01:12 - 2017-02-07 01:12 - 05659775 ____R (Swearware) C:\Users\Serwan\Desktop\ComboFix.exe 2017-02-07 01:11 - 2017-02-07 01:12 - 05659775 _____ (Swearware) C:\Users\Serwan\Downloads\ComboFix (1).exe 2017-02-07 00:03 - 2017-02-07 00:03 - 05659775 ____R (Swearware) C:\Users\Serwan\Downloads\ComboFix.exe 2017-02-06 23:48 - 2017-02-06 23:48 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2017-02-06 21:51 - 2017-02-06 21:52 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (2).exe 2017-02-06 21:50 - 2017-02-06 21:54 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (2).exe 2017-02-06 21:29 - 2017-02-06 23:18 - 00001468 _____ C:\Users\Serwan\Desktop\ZHPCleaner.txt 2017-02-06 21:11 - 2017-02-06 21:11 - 00000832 _____ C:\Users\Serwan\Desktop\ZHPCleaner.lnk 2017-02-06 21:11 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Desktop\ZHPCleaner.exe 2017-02-06 21:10 - 2017-02-06 21:10 - 02700800 _____ C:\Users\Serwan\Downloads\ZHPCleaner.exe 2017-02-06 21:08 - 2017-02-06 21:09 - 34801784 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup (1).exe 2017-02-06 20:52 - 2017-02-07 01:02 - 00000000 ____D C:\Users\Serwan\AppData\Local\CrashDumps 2017-02-05 20:52 - 2017-02-08 17:01 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-02-05 20:43 - 2017-02-06 21:55 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-02-05 20:43 - 2017-02-06 21:55 - 00000000 ____D C:\Program Files\RogueKiller 2017-02-05 20:43 - 2017-02-05 20:51 - 00000000 ____D C:\ProgramData\RogueKiller 2017-02-05 20:42 - 2017-02-05 20:42 - 34821984 _____ (Adlice Software ) C:\Users\Serwan\Downloads\setup.exe 2017-02-05 20:40 - 2017-02-05 20:40 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043 (1).exe 2017-02-05 20:18 - 2017-02-05 20:18 - 00001542 _____ C:\Users\Serwan\Documents\AdwCleaner[S0].txt 2017-02-05 20:15 - 2017-02-09 03:07 - 00000000 ____D C:\AdwCleaner 2017-02-05 20:15 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Desktop\adwcleaner_6.043.exe 2017-02-05 20:14 - 2017-02-05 20:14 - 04015056 _____ C:\Users\Serwan\Downloads\adwcleaner_6.043.exe 2017-02-05 20:14 - 2017-02-05 20:14 - 00003568 _____ C:\Users\Serwan\Documents\Rkill.txt 2017-02-05 19:55 - 2017-02-06 23:31 - 00003468 _____ C:\Users\Serwan\Desktop\Rkill.txt 2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.exe 2017-02-05 19:55 - 2017-02-05 19:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.exe 2017-02-05 19:53 - 2017-02-05 19:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (2).com 2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill (1).com 2017-02-05 19:50 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Desktop\rkill.com 2017-02-05 19:49 - 2017-02-05 19:50 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Serwan\Downloads\rkill.com 2017-02-05 19:02 - 2017-02-05 19:02 - 00273952 _____ C:\Users\Serwan\Documents\ZHPDiag.txt 2017-02-05 19:01 - 2017-02-09 19:35 - 00269374 _____ C:\Users\Serwan\Desktop\ZHPDiag.txt 2017-02-05 18:22 - 2017-02-09 18:50 - 00000669 _____ C:\Users\Serwan\Desktop\ZHPDiag.lnk 2017-02-05 18:21 - 2017-02-09 18:57 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\ZHP 2017-02-05 18:19 - 2017-02-05 18:20 - 02660352 _____ C:\Users\Serwan\Desktop\ZHPDiag3.exe 2017-02-05 02:29 - 2017-02-05 02:29 - 00000201 _____ C:\Users\Serwan\Documents\new 1.txt 2017-02-05 02:16 - 2017-02-05 02:16 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagwrn.xml 2017-02-05 01:43 - 2017-02-05 02:12 - 00001908 _____ C:\Windows\diagerr.xml 2017-02-04 03:58 - 2017-02-04 03:58 - 01183070 _____ C:\Users\Serwan\Downloads\The LanguageLab Library - Essays for TOEFL Writing TWE.pdf 2017-02-04 03:35 - 2017-02-04 03:36 - 06070046 _____ C:\Users\Serwan\Downloads\(Lecture Notes in Earth Sciences 90) Matthias Holschneider (auth.), Prof. Dr. Roland Klees, Roger Haagmans (eds.)-Wavelets in the Geosciences-Springer-Verlag Berlin Heidelberg (2000).pdf 2017-02-04 00:08 - 2017-02-04 00:08 - 00228856 _____ C:\Users\Serwan\Documents\77.pdf 2017-02-04 00:06 - 2017-02-04 00:06 - 00237569 _____ C:\Users\Serwan\Documents\77.ps 2017-02-04 00:05 - 2017-02-04 00:05 - 00000000 _____ C:\Users\Serwan\Documents\77.ps.crdownload 2017-02-03 00:36 - 2017-02-03 00:37 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (12).pdf 2017-02-01 21:21 - 2017-02-01 21:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (11).pdf 2017-01-29 22:44 - 2017-01-29 23:59 - 14184314 _____ C:\Users\Serwan\Downloads\fwdit.zip 2017-01-29 22:43 - 2017-01-29 22:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (10).pdf 2017-01-26 18:35 - 2017-01-26 18:35 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (9).pdf 2017-01-25 22:57 - 2017-01-25 22:57 - 00010482 _____ C:\Users\Serwan\Documents\Book2.xlsx 2017-01-25 22:45 - 2017-01-25 22:45 - 00039332 _____ C:\Users\Serwan\Documents\Electronic lab 3boor.pdf 2017-01-25 20:51 - 2017-01-25 20:51 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (8).pdf 2017-01-25 00:17 - 2017-01-25 00:18 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (7).pdf 2017-01-24 20:48 - 2017-01-24 20:48 - 01141274 _____ C:\Users\Serwan\Downloads\436-444.pdf 2017-01-24 20:20 - 2017-01-24 20:21 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (6).pdf 2017-01-22 22:44 - 2017-01-22 22:44 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (5).pdf 2017-01-22 22:41 - 2017-01-22 22:41 - 00004422 _____ C:\Users\Serwan\Downloads\6B36.tmp 2017-01-21 23:14 - 2017-01-21 23:14 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (4).pdf 2017-01-21 15:36 - 2017-01-21 15:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (3).pdf 2017-01-20 19:31 - 2017-01-20 19:32 - 00017482 _____ C:\Users\Serwan\Downloads\matlab.zip 2017-01-18 01:22 - 2017-01-18 01:22 - 00215213 _____ C:\Users\Serwan\Documents\Electronics Lab Grades.pdf 2017-01-18 00:32 - 2017-01-18 01:37 - 00020705 _____ C:\Users\Serwan\Downloads\Electronics Lab Grades.xlsx 2017-01-18 00:32 - 2017-01-18 00:32 - 00032660 _____ C:\Users\Serwan\Downloads\matlabcodeandsimulinkmodelforonelevel.zip 2017-01-17 02:37 - 2017-01-17 02:37 - 03629743 _____ C:\Users\Serwan\Downloads\10.1016@j.aeue.2013.05.013.pdf 2017-01-17 00:53 - 2017-01-17 00:53 - 00056553 _____ C:\Users\Serwan\Downloads\Muraqabat Time Table S1 2016-2017.pdf 2017-01-16 01:10 - 2017-01-16 01:10 - 00002027 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk 2017-01-15 19:36 - 2017-01-15 19:36 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (2).pdf 2017-01-15 01:58 - 2017-01-15 01:58 - 01052147 _____ C:\Users\Serwan\Downloads\selection (2).pdf 2017-01-15 00:52 - 2017-01-15 00:52 - 01361442 _____ C:\Users\Serwan\Downloads\selection (1).pdf 2017-01-15 00:50 - 2017-01-15 00:50 - 01676839 _____ C:\Users\Serwan\Downloads\selection.pdf 2017-01-14 22:40 - 2017-01-14 22:40 - 00001044 _____ C:\Users\Serwan\Desktop\PDF Password Remover v3.0.lnk 2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Password Remover v3.0 2017-01-14 22:40 - 2017-01-14 22:40 - 00000000 ____D C:\Program Files (x86)\PDF Password Remover v3.0 2017-01-14 22:38 - 2017-01-14 22:38 - 23520897 _____ C:\Users\Serwan\Downloads\commu.pdf 2017-01-14 21:28 - 2017-01-14 21:33 - 23520913 _____ C:\Users\Serwan\Downloads\(Communications in Computer and Information Science 511) Guy Plantier, Tanja Schultz, Ana Fred, Hugo Gamboa (eds.)-Biomedical Engineering Systems and Technologies_ 7th International Joint Conference, .pdf 2017-01-13 16:42 - 2017-01-13 16:43 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267 (1).pdf 2017-01-13 02:03 - 2017-01-13 02:03 - 01158777 _____ C:\Users\Serwan\Downloads\FACE RECOGNITION-3267.pdf 2017-01-13 01:59 - 2017-01-13 01:59 - 06206308 _____ C:\Users\Serwan\Downloads\yalefaces.zip 2017-01-13 01:12 - 2017-01-13 01:12 - 00005754 _____ C:\Users\Serwan\Downloads\687785774KFDA.rar 2017-01-11 23:08 - 2017-01-11 23:08 - 00228855 _____ C:\Users\Serwan\Downloads\77.pdf 2017-01-11 23:07 - 2017-01-11 23:07 - 00237569 _____ C:\Users\Serwan\Downloads\77.ps 2017-01-11 18:29 - 2017-01-11 18:29 - 00742365 _____ C:\Users\Serwan\Downloads\WhatsApp Video 2017-01-11 at 6.27.42 PM.mp4 2017-01-11 02:08 - 2017-01-11 02:08 - 00425057 _____ C:\Users\Serwan\Downloads\10.1109@7.993240.pdf 2017-01-11 02:01 - 2017-01-11 02:01 - 02012237 _____ C:\Users\Serwan\Downloads\antonini1992.pdf 2017-01-11 01:52 - 2017-01-11 01:52 - 01697317 _____ C:\Users\Serwan\Downloads\guan2013.pdf 2017-01-11 01:49 - 2017-01-11 01:49 - 00991101 _____ C:\Users\Serwan\Downloads\bashir2009.pdf 2017-01-11 01:44 - 2017-01-11 01:44 - 00492634 _____ C:\Users\Serwan\Downloads\rochareis2005.pdf 2017-01-11 00:26 - 2017-01-11 00:26 - 01925158 _____ C:\Users\Serwan\Downloads\videoplayback2 (online-video-cutter.com).mp4 2017-01-10 23:12 - 2017-01-10 23:12 - 00012755 _____ C:\Users\Serwan\Downloads\final exam semeter one.xlsx 2017-01-10 22:07 - 2017-01-05 21:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-01-10 22:07 - 2017-01-05 21:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-01-10 22:07 - 2017-01-05 21:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-01-10 22:07 - 2017-01-05 21:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-01-10 22:07 - 2017-01-05 20:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-01-10 22:07 - 2017-01-05 20:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-01-10 22:07 - 2017-01-05 20:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-01-10 22:07 - 2017-01-05 20:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-01-10 22:07 - 2017-01-05 20:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-01-10 22:07 - 2017-01-05 20:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-01-10 22:07 - 2017-01-05 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-01-10 22:07 - 2017-01-05 20:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-01-10 22:07 - 2017-01-05 20:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-01-10 02:25 - 2017-01-10 02:25 - 01025961 _____ C:\Users\Serwan\Downloads\sazonov2010.pdf 2017-01-10 01:59 - 2017-01-10 01:59 - 03227981 _____ C:\Users\Serwan\Downloads\JAIDEVA ะก COSWAMI ANDREW K. CHAN-Fundamentals of Wavelets Theory, Algorithms, and Applications.djvu ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-09 20:30 - 2016-04-29 21:41 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-09 20:27 - 2016-12-12 20:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-02-09 20:27 - 2016-04-29 21:54 - 00000000 ___RD C:\Users\Serwan\Dropbox 2017-02-09 20:24 - 2016-04-29 21:40 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-09 20:18 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-09 20:11 - 2016-11-18 20:35 - 00000000 ____D C:\Program Files\CCleaner 2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-09 19:52 - 2009-07-14 07:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-09 18:50 - 2016-04-28 02:49 - 00000000 ____D C:\Users\Serwan 2017-02-09 17:15 - 2016-04-29 21:40 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-09 17:06 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2017-02-09 02:40 - 2016-05-25 01:45 - 00000000 ____D C:\Windows\Minidump 2017-02-08 01:21 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini 2017-02-08 00:49 - 2009-07-14 08:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-07 22:42 - 2009-07-14 08:13 - 00781550 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-07 20:24 - 2016-04-28 15:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-06 21:32 - 2016-12-18 21:54 - 00000000 ____D C:\Users\Serwan\Downloads\PC.Reviver.2.6.3.2 2017-02-05 03:01 - 2016-05-01 05:00 - 00000000 ____D C:\Windows\pss 2017-02-05 02:24 - 2014-08-03 01:29 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-01-29 22:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF 2017-01-29 02:44 - 2016-09-15 01:05 - 00000000 ____D C:\Users\Serwan\AppData\Local\ElevatedDiagnostics 2017-01-24 19:55 - 2016-05-11 04:15 - 00000000 ____D C:\Users\Serwan\AppData\Roaming\vlc 2017-01-18 01:37 - 2016-04-30 02:45 - 00000000 ____D C:\Users\Serwan\Documents\MATLAB 2017-01-16 01:10 - 2016-04-30 00:34 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk 2017-01-11 19:09 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2017-01-11 02:54 - 2016-04-29 04:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-01-11 02:52 - 2009-07-14 05:34 - 00000478 _____ C:\Windows\win.ini 2017-01-11 02:50 - 2016-05-07 16:46 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 02:45 - 2016-04-28 02:46 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2016-04-29 19:43 - 2016-04-29 19:43 - 0007641 _____ () C:\Users\Serwan\AppData\Local\Resmon.ResmonCfg 2016-12-18 22:50 - 2016-12-18 22:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\Serwan\ZHPDiag3.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-03 00:55 ==================== End of FRST.txt ============================