Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2017 Ran by Mr Amine (administrator) on MRAMINE-PC (03-06-2017 21:00:56) Running from C:\Users\Mr Amine\Downloads Loaded Profiles: Mr Amine (Available Profiles: Mr Amine & DefaultAppPool) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe ( ) C:\Windows\System32\lxcrcoms.exe (TechSmith Corporation) C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTF8BC.tmp (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Lamantine Software a.s.) C:\Program Files\Sticky Password\spNMHost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software) HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-03-27] (Performix LLC) HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [64000 2016-11-25] (Lamantine Software a.s.) HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\Run: [uTorrent] => C:\Users\Mr Amine\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-23] (BitTorrent Inc.) HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {4de08a00-c39f-11e6-8219-e811328ef8d5} - E:\AutoRun.exe HKU\S-1-5-21-2541504113-2086445549-289826373-1000\...\MountPoints2: {f8278714-10ac-11e7-b1ba-e811328ef8d5} - F:\AutoRun.exe Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-09] (AVAST Software) GroupPolicy: Restriction ? <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{79317865-86EA-4C74-990C-BCBA96792131}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{929D2DA8-0F07-492A-86B7-551B29C5EE65}: [DhcpNameServer] 192.168.1.1 ManualProxies: Internet Explorer: ================== HKU\S-1-5-21-2541504113-2086445549-289826373-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-eg/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-05-17] (Intel Security) Toolbar: HKU\S-1-5-21-2541504113-2086445549-289826373-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default [2017-06-03] CHR Extension: (Google Slides) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-09] CHR Extension: (Google Docs) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-09] CHR Extension: (Google Drive) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-09] CHR Extension: (YouTube) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-09] CHR Extension: (Google Sheets) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-09] CHR Extension: (Google Docs Offline) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-13] CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaafoaobjaplofpihlhbcbcjhmgnjplf [2017-02-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12] CHR Extension: (Gmail) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-09] CHR Extension: (Chrome Media Router) - C:\Users\Mr Amine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-03-27] (Performix LLC) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-09] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software) R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( ) R2 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [998832 2017-05-10] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [17208 2017-05-10] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [73880 2017-05-10] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X] S4 MBAMScheduler; "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe" [X] S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [59760 2017-03-22] () R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2017-02-04] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2017-02-04] (Advanced Micro Devices) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-09] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-09] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-09] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-09] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-09] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-13] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-09] (AVAST Software) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [327472 2017-02-04] (ELAN Microelectronics Corp.) S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X] S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-03 20:59 - 2017-06-03 20:59 - 00027013 _____ C:\Users\Mr Amine\Downloads\Addition.txt 2017-06-03 20:58 - 2017-06-03 21:00 - 00010909 _____ C:\Users\Mr Amine\Downloads\FRST.txt 2017-06-03 20:58 - 2017-06-03 21:00 - 00000000 ____D C:\FRST 2017-06-03 20:55 - 2017-06-03 20:56 - 01774080 _____ (Farbar) C:\Users\Mr Amine\Downloads\FRST.exe 2017-06-03 19:11 - 2017-06-03 19:13 - 00048413 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.txt 2017-06-03 18:52 - 2017-06-03 19:13 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\ZHP 2017-06-03 18:52 - 2017-06-03 18:52 - 00000795 _____ C:\Users\Mr Amine\Desktop\ZHPCleaner.lnk 2017-06-03 18:52 - 2017-06-03 18:52 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\ZHP 2017-06-03 18:51 - 2017-06-03 18:51 - 02778112 _____ C:\Users\Mr Amine\Downloads\ZHPCleaner.exe 2017-06-03 18:42 - 2017-06-03 18:42 - 00005037 _____ C:\Users\Mr Amine\Desktop\JRT.txt 2017-06-03 18:35 - 2017-06-03 18:35 - 01663672 _____ (Malwarebytes) C:\Users\Mr Amine\Downloads\JRT.exe 2017-06-03 18:35 - 2017-06-03 18:35 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-06-03 18:09 - 2017-06-03 18:27 - 00000000 ____D C:\AdwCleaner 2017-06-03 18:09 - 2017-06-03 18:09 - 04110280 _____ C:\Users\Mr Amine\Downloads\adwcleaner_6.047.exe 2017-06-03 15:40 - 2017-06-03 15:40 - 00117312 _____ (Gibson Research Corp.) C:\Users\Mr Amine\Downloads\securable.exe 2017-06-03 15:26 - 2017-06-03 15:26 - 00016040 _____ C:\Users\Mr Amine\Desktop\تقرير.txt 2017-06-03 14:01 - 2017-06-03 14:01 - 00000000 ____D C:\Users\Mr Amine\Documents\Adobe 2017-06-03 13:59 - 2017-06-03 13:59 - 00000000 ____D C:\ProgramData\FLEXnet 2017-06-03 13:38 - 2017-06-03 13:38 - 00001277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk 2017-06-03 13:34 - 2017-06-03 13:34 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk 2017-06-03 13:31 - 2017-06-03 13:31 - 00001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk 2017-06-03 13:27 - 2017-06-03 13:27 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2017-06-03 13:11 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Desktop\Adobe CS4 2017-06-03 13:09 - 2017-06-03 13:11 - 00000000 ____D C:\Users\Mr Amine\Downloads\A-F-S-4 2017-06-03 12:30 - 2017-06-03 13:07 - 888155714 _____ C:\Users\Mr Amine\Downloads\A-F-S-4.zip 2017-06-03 12:16 - 2017-06-03 12:16 - 02870984 _____ (ESET) C:\Users\Mr Amine\Downloads\esetsmartinstaller_fra.exe 2017-06-03 12:16 - 2017-06-03 12:16 - 00000000 ____D C:\Program Files\ESET 2017-06-03 12:09 - 2017-06-03 12:19 - 282983526 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part3.rar 2017-06-03 11:49 - 2017-06-03 12:06 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part2.rar 2017-06-03 11:33 - 2017-06-03 11:47 - 367001600 _____ C:\Users\Mr Amine\Downloads\A-After effects CC 215.part1.rar 2017-06-03 02:04 - 2017-05-17 18:49 - 00000000 ____D C:\Users\Mr Amine\Desktop\انترو اهلا رمضان+ الموسيقي - خالد ميجا 2017-06-03 01:46 - 2017-06-03 01:52 - 95589014 _____ C:\Users\Mr Amine\Downloads\انترو اهلا رمضان+ الموسيقي - خالد ميجا.rar 2017-06-03 01:39 - 2017-06-03 01:44 - 48754999 _____ C:\Users\Mr Amine\Downloads\Unconfirmed 308268.crdownload 2017-05-27 17:33 - 2017-06-03 14:04 - 02789577 _____ C:\Users\Mr Amine\Downloads\انترو رمضان.mp4 2017-05-27 17:33 - 2017-05-27 17:33 - 02023558 _____ C:\Users\Mr Amine\Downloads\__www_download_gg___إنترو_رمضان_مجاني.mp4 2017-05-24 23:22 - 2017-05-25 00:10 - 38089563 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4 2017-05-24 22:52 - 2017-05-24 23:22 - 293908568 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats.mbtree 2017-05-24 22:52 - 2017-05-24 23:22 - 03488439 _____ C:\Users\Mr Amine\Desktop\تعلم اللغة الإنجليزية من الصفر للمبتدئين - plurals of nouns -.mp4.stats 2017-05-24 22:33 - 2017-05-24 22:33 - 470125086 _____ C:\Users\Mr Amine\Desktop\VideoJoiner170524220700.mp4 2017-05-24 18:38 - 2017-05-24 21:44 - 00013684 _____ C:\Users\Mr Amine\Desktop\1.camproj 2017-05-24 18:35 - 2017-05-24 22:03 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural of nouns - camtasia 2017-05-24 13:47 - 2017-05-24 18:22 - 00000000 ____D C:\Users\Mr Amine\Desktop\resize - plural of nouns 2017-05-24 13:25 - 2017-05-24 13:47 - 00000000 ____D C:\Users\Mr Amine\Desktop\plural forms of nouns 2017-05-18 03:20 - 2017-05-18 03:20 - 29750607 _____ C:\Users\Mr Amine\Desktop\intro 2.mp4 2017-05-18 03:06 - 2017-05-18 03:07 - 14722657 _____ C:\Users\Mr Amine\Downloads\blue particles project.rar 2017-05-18 02:01 - 2017-05-18 02:01 - 00054559 _____ C:\Users\Mr Amine\Downloads\blue.camproj 2017-05-18 01:52 - 2017-05-18 01:52 - 01317728 _____ C:\Users\Mr Amine\Downloads\6.rar 2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\4Media 2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Media 2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\ProgramData\4Media 2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Program Files\4Media 2017-05-17 17:36 - 2017-05-17 17:38 - 24171128 _____ C:\Users\Mr Amine\Downloads\m-video-cutter2.exe 2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Cutter 2017-05-17 17:18 - 2017-05-17 17:18 - 00000000 ____D C:\Program Files\FreeVideoCutter.exe 2017-05-17 17:17 - 2017-05-17 17:17 - 06420430 _____ (FreeVideoCutter.com ) C:\Users\Mr Amine\Downloads\freevideocutter_setup.exe 2017-05-17 15:09 - 2017-05-17 17:03 - 1020429347 _____ C:\Users\Mr Amine\Downloads\Film Marocain Youm ou Lila complet HD 2017الفيلم المغربي يوم و ليلة.mp4 2017-05-17 12:21 - 2017-06-03 18:37 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk 2017-05-10 22:02 - 2017-05-10 22:02 - 00000000 ____D C:\Users\Mr Amine\Documents\FormatFactory 2017-05-09 12:43 - 2017-05-09 12:42 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-05-07 15:39 - 2017-06-03 18:31 - 00000000 ____D C:\Users\Mr Amine\AppData\LocalLow\uTorrent 2017-05-07 14:39 - 2017-05-11 02:12 - 00000000 ____D C:\Users\Mr Amine\Documents\Euro Truck Simulator 2 2017-05-07 12:57 - 2017-05-07 14:12 - 1814758024 _____ (SCS Software ) C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe 2017-05-07 12:57 - 2017-05-07 12:57 - 00000000 ____D C:\Users\Mr Amine\Downloads\OF2007ARBASEMELHLAWANY_201405 2017-05-07 12:56 - 2017-05-07 12:57 - 00138863 _____ C:\Users\Mr Amine\Downloads\EuroTruckSimulator2_1_27_1_6_setup.exe.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-03 21:01 - 2017-02-21 12:55 - 00000000 ____D C:\ProgramData\Adguard 2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-06-03 18:38 - 2009-07-14 05:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-06-03 18:37 - 2017-03-11 15:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2017-06-03 18:37 - 2017-03-11 15:04 - 00000000 ____D C:\Program Files\TrueKey 2017-06-03 18:36 - 2017-01-31 19:01 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\uTorrent 2017-06-03 18:35 - 2017-03-13 13:44 - 00000000 ____D C:\Program Files\McAfee 2017-06-03 18:30 - 2017-02-21 12:54 - 00000000 ____D C:\Program Files\Adguard 2017-06-03 18:29 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-03 18:29 - 2009-07-14 05:33 - 02533624 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-03 18:27 - 2016-10-09 17:06 - 00001256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-06-03 18:27 - 2016-10-09 17:06 - 00001244 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-06-03 18:27 - 2016-10-09 14:40 - 00001148 _____ C:\Users\Mr Amine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-06-03 15:36 - 2017-02-03 21:11 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\avidemux 2017-06-03 14:02 - 2017-03-11 14:54 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\Adobe 2017-06-03 14:01 - 2016-10-24 16:43 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\Adobe 2017-06-03 13:59 - 2016-10-09 15:23 - 00219192 _____ C:\Users\Mr Amine\AppData\Local\GDIPFONTCACHEV1.DAT 2017-06-03 13:38 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-06-03 13:38 - 2017-03-11 15:00 - 00000000 ____D C:\ProgramData\Adobe 2017-06-03 13:37 - 2017-03-11 15:01 - 00000000 ____D C:\Program Files\Adobe 2017-05-17 18:01 - 2017-01-21 16:35 - 00000000 ____D C:\Users\Mr Amine\AppData\Roaming\vlc 2017-05-14 02:31 - 2016-11-22 19:40 - 00000000 ____D C:\ProgramData\McAfee 2017-05-13 14:54 - 2017-03-13 21:05 - 00000000 ____D C:\Users\Mr Amine\Documents\images 2017-05-13 14:54 - 2017-03-13 21:00 - 00000000 ____D C:\Users\Mr Amine\Documents\files 2017-05-13 14:53 - 2017-03-11 15:28 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\tkdata 2017-05-13 14:50 - 2017-02-07 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft 2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\ProgramData\Xilisoft 2017-05-13 14:50 - 2017-02-07 20:29 - 00000000 ____D C:\Program Files\Xilisoft 2017-05-13 14:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF 2017-05-13 01:31 - 2016-10-12 13:16 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2017-05-11 02:12 - 2017-01-22 15:16 - 00000000 ____D C:\Users\Mr Amine\AppData\Local\CrashDumps 2017-05-10 02:29 - 2016-10-22 19:02 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-05-10 02:29 - 2016-10-22 19:02 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-05-10 02:29 - 2016-10-22 15:45 - 00000000 ____D C:\Windows\system32\Macromed 2017-05-09 12:43 - 2016-10-12 13:16 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-05-09 12:43 - 2016-10-12 13:16 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-05-09 12:43 - 2016-10-12 13:16 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-05-09 12:43 - 2016-10-12 13:16 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-05-09 12:43 - 2016-10-12 13:16 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-05-09 12:43 - 2016-10-12 13:16 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-05-09 12:42 - 2017-03-15 22:02 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys 2017-05-09 12:42 - 2017-03-15 22:02 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys 2017-05-09 12:42 - 2017-03-15 22:02 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys 2017-05-09 12:42 - 2017-03-15 22:02 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys 2017-05-09 12:42 - 2016-10-12 13:16 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys ==================== Files in the root of some directories ======= 2013-02-17 04:27 - 2013-02-17 04:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2017-01-24 17:35 - 2017-01-24 17:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2017-02-21 12:55 - 2017-02-21 12:55 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed