kms-r@1n i can not get rid of it help please

Thank you for your kindly reply. and excuse me if i did not followed the instruction as i am new to the site.
what i unterstood from this that i must post the logs , is that right ?
thats frst log and additions log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Datav90 (administrator) on DATAV90-PC (04-01-2017 19:05:40)
Running from C:\Users\Datav90\Desktop
Loaded Profiles: Datav90 (Available Profiles: Datav90)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\Upwork\upwork.exe
(Trend Media Corporation Limited) C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
() C:\Program Files\Upwork\upwork.exe
(Facebook) C:\Users\Datav90\AppData\Local\Facebook\Games\Face bookGameroom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Face book Gameroom Browser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\Upwork\upwork.exe
(AVAST Software) E:\Downloads\software\aswmbr.exe
Failed to access process → FRST.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKLM...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] ()
HKLM...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis)
HKLM...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [2218792 2016-12-13] ()
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3083712 2012-01-09] (Trend Media Corporation Limited)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\MountPoints2: H - “H:\setup.EXE” /AUTORUN
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - “I:\iStudio.exe”
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\SCRNSAVE.EXE →
ShellIconOverlayIdentifiers: [AcronisSyncError] → {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] → {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] → {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-11-29]
ShortcutTarget: Facebook Gameroom.lnk → C:\Users\Datav90\AppData\Local\Facebook\Games\Face bookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{6baf1436-5a7e-4bd8-ae41-6fb725d46c8f}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Internet Explorer:[/HEADING]
BHO: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-01-02] (Microsoft Corporation)
BHO: FlashGetBHO → {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} → C:\Users\Datav90\AppData\Roaming\FlashGetBHO\Flash GetBHO.dll [2012-01-06] (Trend Media Group)
BHO: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_ 186.dll [2016-12-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-02] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-02] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll [2015-08-06] (Adobe Systems)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-08-16]
CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoean epjfkf [2016-09-19]
CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndg ebpfkf [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-08-16]
CHR Extension: (Intelligence Search) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfggodcibdmflidbceoaanad clgomm [2016-11-25]
CHR Extension: (Group Invite All) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeajicmampllnpkmfimkhefbnd kfeloo [2016-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpin pmmpil [2016-08-17]
CHR Extension: (Google Sheets) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-08-16]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfo abpcke [2016-12-16]
CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapen ijdcho [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
U2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-01-29] (Acronis)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1776216 2015-08-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [253776 2014-10-20] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2016-12-14] ()
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-01-29] (Acronis International GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [153024 2017-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [87496 2017-01-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [73152 2017-01-04] (Malwarebytes)
R1 MpKsl8c0b2b96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{D3B6B230-168A-44DE-B8A2-1FD6ADF19850}\MpKsl8c0b2b96.sys [39168 2017-01-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 NPF; C:\Users\Datav90\Downloads\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-01-29] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-01-29] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-01-29] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-01-29] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed]
U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:06 - 2017-01-04 19:06 - 00002218 _____ C:\Users\Datav90\Desktop\aswMBR.txt
2017-01-04 19:06 - 2017-01-04 19:06 - 00000512 _____ C:\Users\Datav90\Desktop\MBR.dat
2017-01-04 19:04 - 2017-01-04 19:05 - 00016709 _____ C:\Users\Datav90\Desktop\FRST.txt
2017-01-04 16:57 - 2017-01-04 16:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2017-01-04 15:34 - 2017-01-04 15:34 - 00153024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00087496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00073152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 15:33 - 2017-01-04 15:33 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\CCleaner
2017-01-04 15:33 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-01-04 15:32 - 2017-01-04 16:21 - 00000000 ____D C:\AdwCleaner
2017-01-04 06:46 - 2017-01-04 06:47 - 02665984 _____ C:\Users\Datav90\Downloads\ZHPCleaner.exe
2017-01-04 05:48 - 2017-01-04 19:04 - 00000000 ____D C:\FRST
2017-01-04 05:47 - 2017-01-04 05:34 - 01760256 _____ (Farbar) C:\Users\Datav90\Desktop\FRST.exe
2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe
2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload
2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp
2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe
2017-01-04 03:09 - 2017-01-04 19:03 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-04 01:14 - 2017-01-04 01:19 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-02 12:14 - 2017-01-02 12:14 - 00000000 ____D C:\Users\Datav90\AppData\Local\mpress
2017-01-02 12:04 - 2017-01-02 12:04 - 00003621 _____ C:\Users\Public\Desktop\R@1n.txt
2017-01-02 12:03 - 2017-01-02 12:03 - 00023040 _____ C:\WINDOWS\KMS-R@1n111.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00004608 _____ C:\WINDOWS\KMS-R@1nHoo111k.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00003584 _____ C:\WINDOWS\KMS-R@1nHook111.dll
2017-01-02 11:59 - 2017-01-02 11:59 - 00000000 ____D C:\Users\Datav90\Desktop\BASEM ELHLAWANYY-ACT-WOROF
2017-01-02 11:57 - 2017-01-02 11:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-02 11:53 - 2017-01-02 11:53 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-02 11:51 - 2017-01-04 18:51 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
2017-01-02 11:48 - 2017-01-02 11:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-02 02:22 - 2017-01-04 15:30 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\BITS
2017-01-02 02:22 - 2017-01-02 02:22 - 00001282 _____ C:\Users\Datav90\Desktop\FlashGet3.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00001257 _____ C:\Users\Datav90\Desktop\FlashGet downloads.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00000025 _____ C:\WINDOWS\libem.INI
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\FlashGet3.7
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashgetSetup
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGetBHO
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGet
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Program Files\FlashGet Network
2017-01-02 02:17 - 2017-01-02 02:21 - 08041792 _____ (Trend Media Corporation Limited.) C:\Users\Datav90\Downloads\flashget3.7.0.1195en.ex e
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Users\Datav90\AppData\Local\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Program Files\Upwork
2016-12-31 11:02 - 2016-12-31 11:11 - 27615024 _____ (Upwork, Inc ) C:\Users\Datav90\Downloads\UpworkSetup.exe
2016-12-31 10:34 - 2016-12-31 10:34 - 00009975 _____ C:\Users\Datav90\Downloads\photo 2.jpg
2016-12-31 08:19 - 2016-12-31 08:20 - 00172803 _____ C:\Users\Datav90\Downloads\coachesforscraping.csv
2016-12-31 02:13 - 2016-12-31 02:15 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (2).zip
2016-12-31 02:05 - 2016-12-31 02:11 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package.zip
2016-12-31 02:05 - 2016-12-31 02:09 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (1).zip
2016-12-30 01:37 - 2016-12-30 01:37 - 00017143 _____ C:\Users\Datav90\Downloads\esh8.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00065728 _____ C:\Users\Datav90\Downloads\esh4.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00018597 _____ C:\Users\Datav90\Downloads\esh7.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00017003 _____ C:\Users\Datav90\Downloads\esh6.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00016866 _____ C:\Users\Datav90\Downloads\esh5.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00021585 _____ C:\Users\Datav90\Downloads\esh1.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00016557 _____ C:\Users\Datav90\Downloads\esh2.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00014625 _____ C:\Users\Datav90\Downloads\esh3.jpg
2016-12-30 01:30 - 2016-12-30 01:30 - 00054646 _____ C:\Users\Datav90\Downloads\15727125_17914334044516 78_2871036148880099708_n.jpg
2016-12-30 01:29 - 2016-12-30 01:29 - 00010587 _____ C:\Users\Datav90\Downloads\15747854_17914331911183 66_2791255909819819944_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00011882 _____ C:\Users\Datav90\Downloads\15698046_17914305677852 95_5891954741419882554_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00010206 _____ C:\Users\Datav90\Downloads\15747595_17914306144519 57_402886003749102938_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00008387 _____ C:\Users\Datav90\Downloads\15726425_17914304577853 06_1590105582682755411_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00014437 _____ C:\Users\Datav90\Downloads\15697321_17914303044519 88_1599783654902432698_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00011214 _____ C:\Users\Datav90\Downloads\15727013_17914303377853 18_2260776694555007145_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010907 _____ C:\Users\Datav90\Downloads\15726941_17914302844519 90_7468235468847233939_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010367 _____ C:\Users\Datav90\Downloads\15741205_17914302311186 62_7424300965506925307_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00009080 _____ C:\Users\Datav90\Downloads\15697663_17914300811186 77_685444044530583677_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008701 _____ C:\Users\Datav90\Downloads\15697744_17914302144519 97_599277962521379313_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008412 _____ C:\Users\Datav90\Downloads\15697195_17914304311186 42_688240443350783932_n.jpg
2016-12-30 00:54 - 2016-12-30 00:54 - 00065582 _____ C:\Users\Datav90\Downloads\عبد-الرحمن.jpg
2016-12-30 00:52 - 2016-12-30 00:52 - 00078379 _____ C:\Users\Datav90\Downloads\15749660_18108459192029 74_1551856833_n.jpg
2016-12-30 00:50 - 2016-12-30 00:50 - 00063452 _____ C:\Users\Datav90\Downloads\sara.jpg
2016-12-30 00:47 - 2016-12-30 00:47 - 00055315 _____ C:\Users\Datav90\Downloads\15781826_18399110662870 65_1397427542_n.jpg
2016-12-29 22:32 - 2016-12-29 22:32 - 00023404 _____ C:\Users\Datav90\Downloads\15747732_35981971105875 8_286862103335593206_n.jpg
2016-12-29 08:55 - 2016-09-19 02:58 - 00295997 _____ C:\Users\Datav90\Documents\SAM_1553.JPG
2016-12-29 08:39 - 2016-12-29 11:31 - 00000722 _____ C:\Users\Datav90\Documents\New Text Document.txt
2016-12-29 07:01 - 2016-12-29 07:01 - 00016789 _____ C:\Users\Datav90\Downloads\06 Upwork Translation_sanitized.docx
2016-12-29 04:32 - 2016-12-29 04:32 - 00096897 _____ C:\Users\Datav90\Downloads\15781656_13746114859173 71_7121881180046883649_n.jpg
2016-12-29 04:32 - 2016-12-29 04:32 - 00013311 _____ C:\Users\Datav90\Downloads\15621685_13746114759173 72_7113708655159179370_n.jpg
2016-12-29 04:25 - 2016-12-29 04:25 - 00031592 _____ C:\Users\Datav90\Downloads\15697646_10202602289255 587_128805314885165344_n.jpg
2016-12-29 04:23 - 2016-12-29 04:23 - 00080473 _____ C:\Users\Datav90\Downloads\946.jpg
2016-12-29 03:22 - 2016-12-29 03:22 - 01122704 _____ C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip
2016-12-29 03:15 - 2016-12-29 03:15 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft Help
2016-12-29 02:32 - 2016-12-29 02:32 - 00016371 _____ C:\Users\Datav90\Downloads\هل تعلم.docx
2016-12-29 02:16 - 2016-12-29 02:16 - 00074754 _____ C:\Users\Datav90\Downloads\attia.jpg
2016-12-29 02:15 - 2016-12-29 02:15 - 00006241 _____ C:\Users\Datav90\Downloads\15780759_10548039213325 10_2962458877819057543_n.jpg
2016-12-29 00:47 - 2016-12-29 00:47 - 00028019 _____ C:\Users\Datav90\Downloads\15726378_10154868032978 953_4135433702900079780_n.jpg
2016-12-29 00:18 - 2016-12-29 00:18 - 00017978 _____ C:\Users\Datav90\Downloads\mohdy.jpg
2016-12-29 00:17 - 2016-12-29 00:17 - 00040656 _____ C:\Users\Datav90\Downloads\15749450_12190362981875 50_10451665_n.jpg
2016-12-28 01:10 - 2016-12-28 01:10 - 00016383 _____ C:\Users\Datav90\Downloads\10897759_15578990277890 09_1715249256927502265_n.jpg
2016-12-27 16:32 - 2016-12-27 16:32 - 00000054 _____ C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA. txt
2016-12-27 15:18 - 2016-12-27 15:18 - 00155354 _____ C:\Users\Datav90\Downloads\736.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00146439 _____ C:\Users\Datav90\Downloads\730.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141902 _____ C:\Users\Datav90\Downloads\729.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141256 _____ C:\Users\Datav90\Downloads\735.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00135838 _____ C:\Users\Datav90\Downloads\738.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00133531 _____ C:\Users\Datav90\Downloads\734.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00121913 _____ C:\Users\Datav90\Downloads\733.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00106221 _____ C:\Users\Datav90\Downloads\731.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00104750 _____ C:\Users\Datav90\Downloads\737.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00103829 _____ C:\Users\Datav90\Downloads\732.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00094266 _____ C:\Users\Datav90\Downloads\728.jpg
2016-12-27 02:31 - 2016-12-27 02:31 - 00000000 ____D C:\WINDOWS\Panther
2016-12-27 02:28 - 2016-12-27 02:28 - 00079482 _____ C:\Users\Datav90\Documents\tmp.reg
2016-12-27 01:31 - 2016-12-27 01:31 - 00000000 ____D C:\Users\Datav90\Downloads\FixWin10
2016-12-27 01:29 - 2017-01-03 15:04 - 00000000 ____D C:\Users\Datav90\AppData\Local\CrashDumps
2016-12-27 01:28 - 2016-12-27 01:28 - 00106816 _____ C:\Users\Datav90\Downloads\FixWin10.zip
2016-12-27 01:16 - 2016-12-27 01:16 - 00522710 _____ C:\Users\Datav90\Downloads\AppsDiagnostic.diagcab
2016-12-27 01:08 - 2016-12-27 01:08 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10 (1).diagcab
2016-12-27 00:52 - 2016-12-27 00:52 - 01225688 _____ (SafeBytes Software Inc.) C:\Users\Datav90\Downloads\TotalSystemCare_Install er.exe
2016-12-26 21:12 - 2016-12-26 21:12 - 00035300 _____ C:\Users\Datav90\Downloads\15683510_22107426834578 7_1626056584_n.jpg
2016-12-26 21:02 - 2016-12-26 21:02 - 00087736 _____ C:\Users\Datav90\Downloads\mostafa.jpg
2016-12-26 14:29 - 2016-12-26 14:29 - 00014750 _____ C:\Users\Datav90\Downloads\15726513_78104651536947 4_2567044352822146249_n.jpg
2016-12-26 09:44 - 2016-12-26 09:44 - 00011265 _____ C:\Users\Datav90\Downloads\Vision - final -Ali- Dec 22.docx
2016-12-26 09:26 - 2016-12-26 09:26 - 00330534 _____ C:\Users\Datav90\Downloads\15749024_11928796508020 48_1648479191_o.png
2016-12-26 08:32 - 2016-12-26 08:32 - 00055486 _____ C:\Users\Datav90\Downloads\15683315_16137998989294 10_1185965794_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00040846 _____ C:\Users\Datav90\Downloads\15722638_16137999022627 43_259658064_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00038638 _____ C:\Users\Datav90\Downloads\15722662_16137999355960 73_607550824_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00031420 _____ C:\Users\Datav90\Downloads\15723939_16137999322627 40_907010488_n.jpg
2016-12-26 07:10 - 2016-12-26 07:10 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10.diagca b
2016-12-26 04:45 - 2016-12-27 02:53 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Ipswitch
2016-12-26 04:44 - 2016-12-26 04:44 - 00000000 ____D C:\ProgramData\Ipswitch
2016-12-26 04:11 - 2016-12-26 04:12 - 00001455 _____ C:\Users\Datav90\Downloads\defines.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00001037 _____ C:\Users\Datav90\Downloads\inj.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00000417 _____ C:\Users\Datav90\Downloads\error_log
2016-12-26 04:10 - 2016-12-26 04:10 - 00000000 _____ C:\Users\Datav90\Downloads\bbfb06033226583ab80003e 0c7586890
2016-12-26 03:59 - 2016-12-26 03:59 - 00000861 _____ C:\Users\Datav90\Downloads\badrash (1).coreftp
2016-12-26 03:58 - 2016-12-26 04:13 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\CoreFTP
2016-12-26 03:57 - 2016-12-26 03:57 - 00001018 _____ C:\Users\Datav90\Desktop\Core FTP LE.lnk
2016-12-26 03:57 - 2016-12-26 03:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Core FTP
2016-12-26 03:56 - 2016-12-26 03:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-12-26 03:53 - 2016-12-26 03:56 - 04974659 _____ C:\Users\Datav90\Downloads\coreftplite.exe
2016-12-26 03:53 - 2016-12-26 03:53 - 00000861 _____ C:\Users\Datav90\Downloads\badrash.coreftp
2016-12-26 03:53 - 2016-12-26 03:53 - 00000838 _____ C:\Users\Datav90\Downloads\Secure Ftp badrash.xml
2016-12-26 03:47 - 2016-12-26 03:47 - 00000853 _____ C:\Users\Datav90\Downloads\Ftp datav90@badrashein.com.xml
2016-12-26 03:44 - 2016-12-26 03:44 - 00000838 _____ C:\Users\Datav90\Downloads\Ftp badrash.xml
2016-12-26 03:12 - 2016-12-29 02:07 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla
2016-12-26 03:12 - 2016-12-27 16:32 - 00000000 ____D C:\Users\Datav90\AppData\Local\FileZilla
2016-12-26 03:12 - 2016-12-26 03:12 - 00002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-12-26 03:12 - 2016-12-26 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-12-26 03:11 - 2016-12-26 03:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-12-26 03:10 - 2016-12-26 03:14 - 27522128 _____ C:\Users\Datav90\Downloads\wsftp12.5.1_English_SN4 K2142ADXXF3N8I8I61AA5R.exe
2016-12-26 03:09 - 2016-12-26 03:11 - 06668016 _____ (Tim Kosse) C:\Users\Datav90\Downloads\FileZilla_3.23.0.2_win3 2-setup_bundled2.exe
2016-12-26 02:57 - 2016-12-26 02:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla Server
2016-12-26 02:54 - 2016-12-26 02:55 - 02238848 _____ (FileZilla Project) C:\Users\Datav90\Downloads\FileZilla_Server-0_9_59.exe
2016-12-26 02:36 - 2016-12-26 02:36 - 00000000 ____D C:\Users\Datav90\AppData\Local\Bazwise
2016-12-26 01:36 - 2016-12-26 01:36 - 00000000 ____D C:\ProgramData\Folder Size Explorer
2016-12-26 01:34 - 2016-12-26 01:35 - 01370420 _____ C:\Users\Datav90\Downloads\FolderSizeExplorer-23-OCT-2016-V171.zip
2016-12-25 20:31 - 2016-12-25 20:31 - 00133123 _____ C:\Users\Datav90\Downloads\15697737_12172072250254 14_6715923463248477997_n.jpg
2016-12-24 01:10 - 2016-12-24 01:10 - 00048327 _____ C:\Users\Datav90\Downloads\15622181_69046171113472 6_8011711944848311533_n.jpg
2016-12-24 01:07 - 2016-12-24 01:07 - 00064540 _____ C:\Users\Datav90\Downloads\15590048_18000350335816 31_7954651434522340218_n.jpg
2016-12-23 23:20 - 2016-12-23 23:20 - 00020703 _____ C:\Users\Datav90\Downloads\رخص.jpg
2016-12-23 23:19 - 2016-12-23 23:19 - 00041999 _____ C:\Users\Datav90\Downloads\15713180_38041730230176 9_1628446829_n.jpg
2016-12-23 22:21 - 2016-12-23 22:21 - 00041900 _____ C:\Users\Datav90\Downloads\البان.jpg
2016-12-23 03:09 - 2016-12-23 03:09 - 00024501 _____ C:\Users\Datav90\Downloads\diego-eduardo.jpg
2016-12-23 01:48 - 2016-12-23 01:48 - 00047850 _____ C:\Users\Datav90\Downloads\2016-636180235792457418-245.jpg
2016-12-23 01:22 - 2016-12-23 01:22 - 00088340 _____ C:\Users\Datav90\Downloads\tahlil.jpg
2016-12-23 01:12 - 2016-12-23 01:12 - 00083900 _____ C:\Users\Datav90\Downloads\15390705_13697385678822 7_8369061297559094453_n.jpg
2016-12-22 02:52 - 2016-12-22 02:52 - 00100920 _____ C:\Users\Datav90\Downloads\1 (1).jpg
2016-12-21 18:46 - 2016-12-21 18:46 - 02914369 _____ C:\Users\Datav90\Downloads\12444005_46358771384612 5_104851160_n.mp4
2016-12-21 18:33 - 2016-12-21 18:33 - 00021943 _____ C:\Users\Datav90\Downloads\15666222_70486137634443 6_664292759_n.jpg
2016-12-21 18:33 - 2016-12-21 18:33 - 00012630 _____ C:\Users\Datav90\Downloads\15683065_70437369972653 7_989221303_n.jpg
2016-12-21 14:36 - 2016-12-21 14:36 - 00234988 _____ C:\Users\Datav90\Downloads\pic_2.jpg
2016-12-21 00:49 - 2016-12-21 00:49 - 00094246 _____ C:\Users\Datav90\Downloads\15645143_93576460988706 9_1649562990_n.jpg
2016-12-20 20:45 - 2016-12-20 20:45 - 00027127 _____ C:\Users\Datav90\Downloads\13920610_15448478498276 2_8648536994615444379_n.jpg
2016-12-20 20:41 - 2016-12-20 20:41 - 00013787 _____ C:\Users\Datav90\Downloads\15578741_12558750011395 11_5517789743120233867_n.jpg
2016-12-20 17:03 - 2016-12-20 17:03 - 00013717 _____ C:\Users\Datav90\Downloads\15621704_18846968550939 11_7324338711842225629_n.jpg
2016-12-20 15:51 - 2016-12-20 15:51 - 00018208 _____ C:\Users\Datav90\Downloads\15578910_16536095482699 65_5172276978296957487_n.jpg
2016-12-20 15:11 - 2016-12-20 15:11 - 00074971 _____ C:\Users\Datav90\Downloads\ayat5.jpg
2016-12-20 15:10 - 2016-12-20 15:11 - 00078268 _____ C:\Users\Datav90\Downloads\ayat4.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00089275 _____ C:\Users\Datav90\Downloads\ayat3.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00070887 _____ C:\Users\Datav90\Downloads\ayat2.jpg
2016-12-20 15:09 - 2016-12-20 15:09 - 00075240 _____ C:\Users\Datav90\Downloads\ayat1.jpg
2016-12-20 15:01 - 2016-12-20 15:01 - 00078520 _____ C:\Users\Datav90\Downloads\15673394_24110310632523 8_546416552_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00094139 _____ C:\Users\Datav90\Downloads\15673220_24110274299194 1_582186434_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00081513 _____ C:\Users\Datav90\Downloads\15666123_24110296632525 2_1776948586_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00079345 _____ C:\Users\Datav90\Downloads\15666260_24110305632524 3_1635308780_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00073337 _____ C:\Users\Datav90\Downloads\15644580_24110307299190 8_1532055082_n.jpg
2016-12-20 06:04 - 2016-12-20 06:04 - 00036499 _____ C:\Users\Datav90\Downloads\الدالي.jpg
2016-12-19 21:19 - 2016-12-19 21:20 - 01162272 _____ C:\Users\Datav90\Downloads\15569479_11056963228904 77_1778779393041104896_n.mp4
2016-12-19 04:32 - 2016-12-09 11:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-19 04:32 - 2016-12-09 11:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-19 04:32 - 2016-12-09 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-19 04:32 - 2016-12-09 11:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-19 04:32 - 2016-12-09 11:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-19 04:31 - 2016-12-09 12:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-19 04:31 - 2016-12-09 12:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-19 04:31 - 2016-12-09 12:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-19 04:31 - 2016-12-09 12:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-19 04:31 - 2016-12-09 12:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-19 04:31 - 2016-12-09 12:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-19 04:31 - 2016-12-09 11:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-19 04:31 - 2016-12-09 11:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-19 04:31 - 2016-12-09 11:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-19 04:31 - 2016-12-09 11:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-19 04:31 - 2016-12-09 11:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2016-12-19 04:31 - 2016-12-09 11:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-19 04:31 - 2016-12-09 11:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-19 04:31 - 2016-12-09 11:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-19 04:31 - 2016-12-09 11:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-19 04:31 - 2016-12-09 11:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-19 04:31 - 2016-12-09 11:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-19 04:31 - 2016-12-09 11:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-19 04:31 - 2016-12-09 11:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-19 04:31 - 2016-09-15 18:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-19 04:14 - 2016-12-19 04:22 - 44392789 _____ C:\Users\Datav90\Downloads\rt_audacity_v1.0.rar
2016-12-19 01:42 - 2016-12-19 01:42 - 00019967 _____ C:\Users\Datav90\Downloads\15666039_20090706093198 28_423034705_n.jpg
2016-12-19 01:42 - 2016-12-19 01:42 - 00016780 _____ C:\Users\Datav90\Downloads\15644496_20090705493198 34_21459477_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00044153 _____ C:\Users\Datav90\Downloads\15541487_12867076747284 06_4917506916978523842_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00026916 _____ C:\Users\Datav90\Downloads\15590522_12867076247284 11_2224882288721743826_n.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00091360 _____ C:\Users\Datav90\Downloads\tam1.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00089395 _____ C:\Users\Datav90\Downloads\tam2.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00065088 _____ C:\Users\Datav90\Downloads\tam3.jpg
2016-12-18 15:14 - 2016-12-19 04:19 - 00294538 _____ C:\Users\Datav90\Downloads\SAM_1637.JPG
2016-12-18 15:14 - 2016-12-19 04:19 - 00286455 _____ C:\Users\Datav90\Downloads\SAM_1636.JPG
2016-12-18 15:14 - 2016-12-18 15:15 - 00294565 _____ C:\Users\Datav90\Downloads\SAM_1635.JPG
2016-12-18 15:11 - 2016-12-18 14:50 - 02982119 ____N C:\Users\Datav90\Downloads\IMG_20161217_235957.jpg
2016-12-18 15:11 - 2016-12-18 14:49 - 02907811 ____N C:\Users\Datav90\Downloads\IMG_20161217_235942.jpg
2016-12-18 15:11 - 2016-12-18 14:48 - 02812110 ____N C:\Users\Datav90\Downloads\IMG_20161217_235920.jpg
2016-12-18 01:28 - 2016-12-18 01:28 - 00057668 _____ C:\Users\Datav90\Downloads\15622294_18900813212216 46_2240084992261860022_n.jpg
2016-12-17 22:07 - 2016-12-17 22:07 - 00069793 _____ C:\Users\Datav90\Downloads\15134567_12726648961107 66_5587432740763612292_n.jpg
2016-12-17 01:20 - 2016-12-17 01:20 - 00008464 _____ C:\Users\Datav90\Downloads\15541993_18332584202905 22_2335822066002946516_n.jpg
2016-12-16 16:07 - 2016-12-16 16:07 - 00046484 _____ C:\Users\Datav90\Downloads\nesma.jpg
2016-12-16 16:06 - 2016-12-16 16:06 - 00011678 _____ C:\Users\Datav90\Downloads\15591797_17137101156109 17_1314929607_n.jpg
2016-12-16 16:04 - 2016-12-16 16:04 - 00046292 _____ C:\Users\Datav90\Downloads\583.jpg
2016-12-16 03:50 - 2016-12-16 03:51 - 00024080 _____ C:\Users\Datav90\Downloads\15589581_73986708617157 3_7978030631832322959_n.jpg
2016-12-16 01:10 - 2016-12-16 01:10 - 00158891 _____ C:\Users\Datav90\Downloads\nema.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00035606 _____ C:\Users\Datav90\Downloads\15541205_13808169552710 73_9036191817213009882_n.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00029679 _____ C:\Users\Datav90\Downloads\15492429_13808168886044 13_7589306743660200241_n.jpg
2016-12-15 20:54 - 2016-12-15 20:54 - 00024009 _____ C:\Users\Datav90\Downloads\99807.jpg
2016-12-15 20:43 - 2016-12-15 20:43 - 00040927 _____ C:\Users\Datav90\Downloads_92981501_c4ccafe2-f1d8-40e9-b58b-002e9df5cbe6.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00037506 _____ C:\Users\Datav90\Downloads\15442365_12811641585729 99_5708725606552780280_n.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00015346 _____ C:\Users\Datav90\Downloads\15578570_12811640152396 80_3565590128071369348_n.jpg
2016-12-14 12:06 - 2016-12-14 12:07 - 00045500 _____ C:\Users\Datav90\Downloads\347.jpg
2016-12-14 00:32 - 2016-12-14 00:32 - 00070777 _____ C:\Users\Datav90\Downloads\15380309_17098438126630 36_4409407772544437826_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00079879 _____ C:\Users\Datav90\Downloads\15541525_24365856606569 8_6342690252898199417_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00071750 _____ C:\Users\Datav90\Downloads\15390736_24365851939903 6_2659207842868567611_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00061178 _____ C:\Users\Datav90\Downloads\15420847_24365844606571 0_5921352442998396276_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00038138 _____ C:\Users\Datav90\Downloads\15391158_24365854273236 7_6813489041534924004_n.jpg
2016-12-13 00:47 - 2016-12-13 00:47 - 00055165 _____ C:\Users\Datav90\Downloads\15542021_12694333898138 07_1235259025878969592_n.jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505 (1).jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00033654 _____ C:\Users\Datav90\Downloads\34809-693abab1-fe1e-4144-91e0-2bdfdc36328a.jpg
2016-12-12 15:05 - 2016-12-12 15:05 - 00076984 _____ C:\Users\Datav90\Downloads\86442-a125f272-96bd-4c41-adab-ed0f04f27161.jpg
2016-12-12 15:03 - 2016-12-12 15:03 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505.jpg
2016-12-12 14:50 - 2016-12-12 14:50 - 00065187 _____ C:\Users\Datav90\Downloads\لشششش.jpg
2016-12-12 00:16 - 2016-12-12 00:16 - 00177932 _____ C:\Users\Datav90\Downloads\15398885_73562050326922 6_410214808_o.jpg
2016-12-10 21:09 - 2016-12-10 21:09 - 00052138 _____ C:\Users\Datav90\Downloads\15356080_17232501146572 20_1959023838_n.jpg
2016-12-10 20:59 - 2016-12-10 20:59 - 00049816 _____ C:\Users\Datav90\Downloads\38c9604f31b08735863ba67 6d7f09c8a.jpg
2016-12-10 07:19 - 2016-11-11 10:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utiliti es.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 07:19 - 2016-11-11 10:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 07:19 - 2016-11-11 09:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 07:19 - 2016-11-11 09:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationDat a.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 07:19 - 2016-11-11 09:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 07:19 - 2016-11-11 09:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 07:19 - 2016-11-11 09:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-10 07:19 - 2016-11-11 09:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 07:19 - 2016-11-11 09:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 07:19 - 2016-11-11 09:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 07:19 - 2016-11-11 09:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 07:19 - 2016-11-11 09:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 07:19 - 2016-11-11 09:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 07:19 - 2016-11-11 09:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 07:19 - 2016-11-11 09:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 07:19 - 2016-11-11 09:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 07:19 - 2016-11-11 09:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient. dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 07:19 - 2016-11-11 09:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundT ransfer.BackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 07:19 - 2016-11-11 09:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 07:19 - 2016-11-11 09:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense. dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dl l
2016-12-10 07:19 - 2016-11-11 09:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 07:19 - 2016-11-11 09:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 07:19 - 2016-11-11 09:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 07:19 - 2016-11-11 09:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2016-12-10 07:19 - 2016-11-11 09:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .TestingFramework.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 07:19 - 2016-11-11 09:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 07:19 - 2016-11-11 09:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 07:19 - 2016-11-11 09:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 07:19 - 2016-11-11 09:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-08 16:51 - 2016-12-08 16:53 - 02383507 _____ C:\Users\Datav90\Downloads\15445175_18186897650755 74_2785128382688395264_n.mp4
2016-12-08 16:49 - 2016-12-08 16:50 - 00156876 _____ C:\Users\Datav90\Documents\15424527_11645114236042 57_1633711776_n.jpg
2016-12-08 16:43 - 2016-12-08 16:43 - 00071776 _____ C:\Users\Datav90\Documents\15326441_11393324094827 88_8224781207746921100_n.jpg
2016-12-08 11:40 - 2016-12-08 11:41 - 03073529 _____ C:\Users\Datav90\Downloads\15315941_18330147169521 29_1369930048701726720_n.mp4
2016-12-08 11:26 - 2016-12-08 11:26 - 00090427 _____ C:\Users\Datav90\Documents\15435874_83026652378178 6_253559807_n.jpg
2016-12-08 08:49 - 2016-12-08 08:49 - 00015880 _____ C:\Users\Datav90\Documents\15337578_11104987857366 48_5770530851665041560_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00047128 _____ C:\Users\Datav90\Downloads\15327457_10210279915327 965_5751880802827965275_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00014232 _____ C:\Users\Datav90\Downloads\15267583_17980386904719 73_6303314785682517112_n.jpg
2016-12-06 22:10 - 2016-12-06 22:10 - 00050665 _____ C:\Users\Datav90\Downloads\15409962_78636750484382 0_881457125_o.jpg
2016-12-06 22:04 - 2016-12-06 22:04 - 00081627 _____ C:\Users\Datav90\Downloads\15368766_78636869484370 1_1803954973_o.jpg
2016-12-06 15:47 - 2016-12-06 15:47 - 00084835 _____ C:\Users\Datav90\Downloads\15397719_12704657430090 32_1864833973_o.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:02 - 2016-08-14 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-04 19:01 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90
2017-01-04 19:01 - 2016-07-16 04:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-04 18:54 - 2016-01-29 17:07 - 00273232 _____ C:\WINDOWS\ntbtlog.txt
2017-01-04 11:18 - 2016-08-14 16:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 03:23 - 2016-08-16 01:48 - 00000000 ____D C:\Users\Datav90\AppData\Local\Adobe
2017-01-04 00:17 - 2016-04-24 04:04 - 00000000 ____D C:\PlantsVsZombies Game Of The Year
2017-01-03 09:49 - 2016-08-16 01:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-03 05:24 - 2016-09-14 06:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-03 01:33 - 2016-08-22 00:45 - 00001456 _____ C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-02 12:06 - 2016-08-14 19:50 - 00000000 ____D C:\Users\Datav90\AppData\Local\Packages
2017-01-02 11:58 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-02 11:57 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-31 21:22 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-31 21:15 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000002.regt rans-ms
2016-12-31 21:15 - 2016-08-14 16:41 - 00065536 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TM.blf
2016-12-29 08:55 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Documents
2016-12-29 07:01 - 2016-08-14 16:41 - 00000000 ___SD C:\Users\Datav90\AppData\Roaming\Microsoft
2016-12-28 03:26 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-27 03:19 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-27 02:53 - 2016-08-29 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-27 01:47 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-26 17:09 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\Logs
2016-12-26 07:13 - 2016-09-22 20:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\ElevatedDiagnostics
2016-12-26 06:00 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-26 03:21 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 03:16 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft
2016-12-25 20:47 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-19 18:05 - 2016-07-16 04:22 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-19 18:04 - 2016-08-14 16:38 - 03775136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-19 18:03 - 2016-08-14 16:38 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TMContainer00000000000000000001.regt rans-ms
2016-12-19 18:03 - 2016-08-14 16:38 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TM.blf
2016-12-19 18:02 - 2016-07-16 10:30 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\apppatch
2016-12-19 18:02 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-17 12:01 - 2016-08-14 19:53 - 00002369 _____ C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\OneDrive.lnk
2016-12-17 12:01 - 2016-08-14 19:53 - 00000000 ___RD C:\Users\Datav90\OneDrive
2016-12-16 04:48 - 2016-08-16 01:30 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 04:48 - 2016-08-16 01:30 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:29 - 2016-08-16 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:27 - 2016-08-16 00:16 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-11 00:15 - 2016-08-14 16:50 - 01103134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 00:15 - 2016-07-16 10:31 - 00844762 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-11 00:15 - 2016-07-16 10:31 - 00243552 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-11 00:11 - 2016-08-14 19:50 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\desktop.ini
2016-12-11 00:11 - 2016-08-14 19:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000436 ___SH C:\Users\Datav90\Desktop\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000402 ___SH C:\Users\Datav90\Documents\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000282 ___SH C:\Users\Datav90\Downloads\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Videos
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Searches
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Saved Games
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Pictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Music
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Links
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Favorites
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Contacts
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Administrative Tools
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 00:07 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000001.regt rans-ms
2016-12-08 20:49 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\Datav90\AppData\Local\Temp\gtapi_signed.d ll
C:\Users\Datav90\AppData\Local\Temp\libeay32.dll
C:\Users\Datav90\AppData\Local\Temp\msvcr120.dll
C:\Users\Datav90\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-14 16:38

==================== End of FRST.txt ============================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Datav90 (04-01-2017 19:07:58)
Running from C:\Users\Datav90\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-08-14 17:49:47)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3546961264-2073685745-768210978-500 - Administrator - Disabled)
Datav90 (S-1-5-21-3546961264-2073685745-768210978-1000 - Administrator - Enabled) => C:\Users\Datav90
DefaultAccount (S-1-5-21-3546961264-2073685745-768210978-503 - Limited - Disabled)
Guest (S-1-5-21-3546961264-2073685745-768210978-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acronis True Image 2016 (HKLM...{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 24 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM...{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM...{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM...{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM...\CCleaner) (Version: 5.25 - Piriform)
Core FTP LE (HKLM...\CoreFTP) (Version: - )
CyberLink PowerDirector 14 (HKLM...{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dell System Detect (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Facebook Gameroom 1.1.3.1 (HKLM...{A3C248A7-BF21-4C3A-9C10-2D56F59460CD}) (Version: 1.1.3.1 - Facebook)
FileZilla Client 3.23.0.2 (HKLM...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
FlashGet3.7 (HKLM...\FlashGet3.7) (Version: 3.7.0.1195 - hxxp://www.FlashGet.com)
Free YouTube Downloader 4.1.540 (HKLM...{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Games Manager (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\GamesManager) (Version: 2.6.0.496 - iWin Inc.)
Google Chrome (HKLM...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM...{61D7B517-5914-41D4-BD27-927163631227}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM...{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
K-Lite Codec Pack 12.3.5 Full (HKLM...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes version 3.0.5.1299 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM...{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Titler Pro for Windows (HKLM...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Plants Vs Zombies: Game of the Year Edition (HKLM...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - iWin.com)
Plants vs. Zombies™ (remove only) (HKLM...\Plants vs. Zombies™) (Version: - )
PowerISO (HKLM...\PowerISO) (Version: 6.4 - Power Software Ltd)
proDAD Adorage 3.0 (HKLM...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
QuickTime (HKLM...{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SmartSound Quicktracks 5 (HKLM...\InstallShield{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SpyHunter 4 (HKLM...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
Upwork version 4.2.115.0 (HKLM...{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.115.0 - Upwork, Inc)
XAMPP (HKLM...\xampp) (Version: 5.6.23-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B461EBD-C226-4401-9A07-12B5137E9B0D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FB6CA67-932F-4EAF-B9F7-A86FB36DCCB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {14294684-59FB-41C7-8B08-0B88265FB627} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_ 0_0_186_pepper.exe [2016-12-31] (Adobe Systems Incorporated)
Task: {1DF6D448-EBBE-4D91-9CDE-B302DA73D7E1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {290FF108-8F3D-4FFA-8AB7-DE2E8B30B2C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F226882-BEFA-445E-B4F6-70B816585FD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-01-02] (Microsoft Corporation)
Task: {32E3CCFB-4C77-4AB1-9668-7CA21C62DDB4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {343AC552-F025-46F6-BCAB-200AC94519F8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B624D98-7F84-437E-AEDD-757A3F439CA1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID=“d450596f-894d-49e0-966a-fd39ed4c4c64”) call Activate]
Task: {493F6142-0BBD-48C6-A70F-B41D846DA5C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AD09A9-2485-4CBB-BE0F-EF00C081D02D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4AC606DA-DD00-43FC-BFA6-2F7F9F821376} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E61AD6C-95DD-4A84-94C5-7BF4FF66A0D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54A6A44F-DAF5-4CD5-A802-223E89713020} - System32\Tasks\AdobeAAMUpdater-1.0-Datav90-PC-Datav90 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2015-08-05] (Adobe Systems Incorporated)
Task: {5ED585F6-A35F-49CC-935D-EFD304C03877} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads
Task: {73A17262-5276-4506-A544-D2A306CDC29C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {73F7F7EA-AF61-4BA2-82E7-02CB32597A23} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {747FF417-6FC5-406C-9BDE-3C33E1C19A33} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8053BBCD-8C18-4681-96D5-8B9D0ADD0193} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {805A3EE6-168C-4470-8AC7-B96143F0861C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {821A7999-BC63-4A15-927B-EBAA0ABCFAFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E3E431-8D7C-4B5D-8C80-C668806471C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {88C3EB22-F607-4649-A7FE-A4E17E635C6B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8998F47B-843F-4BEC-9F26-1C2BDC7821DE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {8C2778AA-EC2C-4959-BD78-A815CFB54C36} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {97D949BA-F7BD-4B40-91AB-783926AE19FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-01-02] (Microsoft Corporation)
Task: {9AC75CCF-9B5B-44DC-8935-CB01887D85FA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7BEDC40-A604-4005-B51F-2ECCF136D24E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {A80FA2EC-E6EA-46D2-B992-E49ADB79E8F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B9D7CB82-CA93-4A42-8D1B-CC23DDB8A104} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA9D357-3D0F-4C63-BC8E-016DCA939BBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {ED6CFF1B-234C-4200-B182-7BF232F1F161} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EE78825D-7154-4C27-A287-320734E95AC5} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {F1AD2998-CAC6-4631-AA1B-020630068E65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_ 0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk → C:\Users\Datav90\AppData\Local\GamesManager\GamesM anager.exe (iWin Inc) → -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-02 11:47 - 2015-08-15 23:55 - 00135232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\core_workers_shared_c ontext.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\sqlite3.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 12:00 - 2016-12-17 12:00 - 01244376 _____ () C:\Users\Datav90\AppData\Local\Microsoft\OneDrive\ 17.3.6720.1207\ClientTelemetry.dll
2017-01-02 11:52 - 2017-01-02 11:52 - 08903232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:48 - 2016-11-02 12:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-09-21 02:39 - 2016-08-06 05:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:48 - 2016-11-02 12:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2016-12-22 08:20 - 2016-12-22 08:22 - 30768640 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_ x86__8wekyb3d8bbwe\XboxApp.dll
2016-11-11 11:45 - 2016-11-11 11:47 - 00678400 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_ x86__8wekyb3d8bbwe\sqlite3.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 19:31 - 2016-12-14 19:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\roottools.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 07211112 _____ () C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-11-26 10:43 - 2015-11-26 10:43 - 00056752 _____ () C:\Program Files\Common Files\Acronis\Home\rpc_client.dll
2016-08-12 11:35 - 2016-08-12 11:35 - 40523480 _____ () C:\Program Files\Common Files\Adobe\AdobeGCClient\libcef.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-12-31 11:11 - 2016-12-13 18:35 - 02218792 _____ () C:\Program Files\Upwork\upwork.exe
2016-12-31 11:11 - 2016-12-07 08:01 - 52043776 _____ () C:\Program Files\Upwork\libcef.dll
2012-01-06 09:53 - 2012-01-06 09:53 - 00249856 _____ () C:\Program Files\FlashGet Network\FlashGet 3\BugReport.dll
2012-01-06 13:20 - 2012-01-06 13:20 - 00059016 _____ () C:\Program Files\FlashGet Network\FlashGet 3\zlib.dll
2012-01-06 09:53 - 2012-01-06 09:53 - 00262144 _____ () C:\Program Files\FlashGet Network\FlashGet 3\ckcore.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01179136 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefS harp.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 52839936 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libc ef.dll
2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00802816 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefS harp.BrowserSubprocess.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01796608 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libg lesv2.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00078848 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libe gl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\dell.com → dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-08-16 06:56 - 00001132 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\Wallpaper → c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C4CC154E-919B-41C6-B776-FAE0AF1D6B71}] => C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{C6A19585-0C56-4C40-A082-CB9DAB47F52B}] => C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{ADF06669-93BC-4DBF-8433-4329AD584931}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8B956982-0979-4C29-B142-FD05BD457D96}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{22E5FFE6-3E10-410B-B007-804FE0D72594}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{C6EC10C5-54BB-43B8-ADFF-5988760217D5}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C3D9825D-97AE-4F3C-91A0-713388F20C62}] => C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{5A1B1DFE-C2FE-4000-BDC6-1ABE43B140C5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A423CDB-BB7F-498C-9C22-4F51A401F5C4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D95E8E1-C539-48F2-B735-F3A68D4ECAE4}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{549FEAF5-51B3-44BD-87DC-BE672DEC7479}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [UDP Query User{7C26711B-D3C3-4064-B8C2-724474B1A6BD}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [TCP Query User{F3B2373A-D233-4168-B1CA-A42AE4898C96}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{2425C900-D598-4655-BAEC-A3491A4CD887}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{CC722752-78F7-4EBB-B9A7-25FAF59B5C0A}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{8BC99953-22F6-4E45-861F-35D5F15BE93B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{40B66D3A-7CFA-42DD-9F8B-D6D20F7F071B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [UDP Query User{08B14589-8EE9-4212-B558-50D012C45F8B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [{8C849EDE-8146-441E-9A82-5DF35B56AEF0}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B1227832-7956-4BBE-97CE-6DCEDF9A660E}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C352655A-1625-4246-979B-2C12CB2FDBE6}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3AC3D3AF-2B94-48D0-9486-D73C9258B86E}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EB72103F-8E23-4C66-BFA2-8F80226FFFA4}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3331868B-6C5E-4D47-A2FA-1A29AA1F7456}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{F0AB04F9-A0E0-4921-8523-2D0A52AB44F1}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{BE316145-D544-414E-A7C7-DDAAF7F79D6C}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{D6058749-4878-4FD1-ADFA-0E2577BEA099}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{44164034-5116-4E1F-8326-DE6FBE660214}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (01/04/2017 05:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe! microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:24:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyew y!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\librar ies\Adobe_Helperx64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\librar ies\Adobe_Helperx64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files\cyberlink\powerdirector14\muitransfer\MUISta rtMenuX64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:05:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyew y!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:01:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e90

Start Time: 01d2668e66efcb5a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 17101f66-d286-11e6-a1cd-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 03:59:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app ZeptoLabUKLimited.KingofThieves_sq9zxnwrk84pj!game failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 03:46:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
[HEADING=1]System errors:[/HEADING]
Error: (01/04/2017 07:03:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:03:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2017 07:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TheFreeWeatherService service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/04/2017 07:02:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:01:31 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/04/2017 07:01:13 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/04/2017 07:01:09 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-01-04 19:06:59.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-04 19:06:59.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-03 05:20:14.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-03 05:20:14.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 11:40:17.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 11:40:17.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3547.61 MB
Available physical RAM: 1524.97 MB
Total Virtual: 7131.61 MB
Available Virtual: 4819.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:1.35 GB) NTFS
Drive d: () (Fixed) (Total:56.33 GB) (Free:0.21 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (E) (Fixed) (Total:191.95 GB) (Free:109.35 GB) FAT32
Drive f: (F) (Fixed) (Total:188.09 GB) (Free:91.35 GB) FAT32
Drive g: (SAN_ANDREAS) (CDROM) (Total:4.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 63C463C4)
Partition 1: (Active) - (Size=56.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=409.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-04 19:04:31[/HEADING]
19:04:31.945 OS Version: Windows 6.2.9200
19:04:31.945 Number of processors: 2 586 0x170A
19:04:31.945 ComputerName: DATAV90-PC UserName: Datav90
19:04:41.223 Initialize success
19:04:42.225 VM: initialized successfully
19:04:42.227 VM: Intel CPU BiosDisabled
19:05:11.847 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-4
19:05:11.850 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476938MB BusType: 3
19:05:12.014 Disk 0 MBR read successfully
19:05:12.016 Disk 0 MBR scan
19:05:12.018 Disk 0 Windows 7 default MBR code
19:05:12.026 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 57694 MB offset 63
19:05:12.028 Disk 0 Partition - 00 0F Extended LBA 419243 MB offset 118158075
19:05:12.042 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 29996 MB offset 118158138
19:05:12.045 Disk 0 Partition - 00 05 Extended 196600 MB offset 179590635
19:05:12.066 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 196600 MB offset 179590698
19:05:12.069 Disk 0 Partition - 00 05 Extended 192646 MB offset 643660290
19:05:12.129 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 192646 MB offset 582227793
19:05:12.161 Disk 0 scanning sectors +976768065
19:05:12.248 Disk 0 scanning C:\WINDOWS\system32\drivers
19:05:31.237 Service scanning
19:05:46.424 Modules scanning
19:05:46.424 Disk 0 trace - called modules:
19:05:46.439 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
19:05:46.455 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8aa7b638]
19:05:46.455 3 CLASSPNP.SYS[86fc423a] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-4[0x85893288]
19:05:46.455 Disk 0 statistics 100704/0/0 @ 3.86 MB/s
19:05:46.455 Scan finished successfully
19:06:11.675 Disk 0 MBR has been saved successfully to “C:\Users\Datav90\Desktop\MBR.dat”
19:06:11.769 The log file has been saved successfully to “C:\Users\Datav90\Desktop\aswMBR.txt”

Hello datav90 and welcome to the forum, please allow me some time to review your logs and once I have d9ne so I will instruct you on your next move.

Reading through your logs I see a way forward… but before we embark on the removal process I require you to uninstall the cracked Office 2016 that you have on your machine and post a new set of FRST logs.

Thank you Sir
i uninstalled office as you asked and thats the new log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Datav90 (administrator) on DATAV90-PC (04-01-2017 23:49:26)
Running from C:\Users\Datav90\Desktop
Loaded Profiles: Datav90 (Available Profiles: Datav90)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\Upwork\upwork.exe
() C:\Program Files\Upwork\upwork.exe
(Facebook) C:\Users\Datav90\AppData\Local\Facebook\Games\Face bookGameroom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Face book Gameroom Browser.exe
() C:\Program Files\Upwork\upwork.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.7714.42037.0_x86__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsa pps_17.7714.42037.0_x86__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.100 1.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.102 21.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Face book Gameroom Browser.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Face book Gameroom Browser.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Face book Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Temp\ose00000.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKLM...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] ()
HKLM...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis)
HKLM...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [2218792 2016-12-13] ()
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3083712 2012-01-09] (Trend Media Corporation Limited)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\MountPoints2: H - “H:\setup.EXE” /AUTORUN
HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - “I:\iStudio.exe”
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\SCRNSAVE.EXE →
ShellIconOverlayIdentifiers: [AcronisSyncError] → {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] → {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] → {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-11-29]
ShortcutTarget: Facebook Gameroom.lnk → C:\Users\Datav90\AppData\Local\Facebook\Games\Face bookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{6baf1436-5a7e-4bd8-ae41-6fb725d46c8f}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Internet Explorer:[/HEADING]
BHO: FlashGetBHO → {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} → C:\Users\Datav90\AppData\Roaming\FlashGetBHO\Flash GetBHO.dll [2012-01-06] (Trend Media Group)
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @adobe.com/FlashPlayer → C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_ 186.dll [2016-12-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 → C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll [2015-08-06] (Adobe Systems)
[HEADING=1]Chrome:[/HEADING]
CHR Profile: C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-08-16]
CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoean epjfkf [2016-09-19]
CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndg ebpfkf [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-08-16]
CHR Extension: (Intelligence Search) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfggodcibdmflidbceoaanad clgomm [2016-11-25]
CHR Extension: (Group Invite All) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeajicmampllnpkmfimkhefbnd kfeloo [2016-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpin pmmpil [2016-08-17]
CHR Extension: (Google Sheets) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-08-16]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfo abpcke [2016-12-16]
CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapen ijdcho [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-01-29] (Acronis)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [253776 2014-10-20] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2016-12-14] ()
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-01-29] (Acronis International GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [153024 2017-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [87496 2017-01-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [73152 2017-01-04] (Malwarebytes)
R1 MpKsl5a6c220d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys [39168 2017-01-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 NPF; C:\Users\Datav90\Downloads\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-01-29] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-01-29] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-01-29] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-01-29] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed]
U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:06 - 2017-01-04 19:06 - 00002218 _____ C:\Users\Datav90\Desktop\aswMBR.txt
2017-01-04 19:06 - 2017-01-04 19:06 - 00000512 _____ C:\Users\Datav90\Desktop\MBR.dat
2017-01-04 19:04 - 2017-01-04 23:50 - 00016864 _____ C:\Users\Datav90\Desktop\FRST.txt
2017-01-04 16:57 - 2017-01-04 16:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2017-01-04 15:34 - 2017-01-04 15:34 - 00153024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-04 15:33 - 2017-01-04 22:04 - 00073152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00087496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 15:33 - 2017-01-04 15:33 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\CCleaner
2017-01-04 15:33 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-01-04 15:32 - 2017-01-04 16:21 - 00000000 ____D C:\AdwCleaner
2017-01-04 06:46 - 2017-01-04 06:47 - 02665984 _____ C:\Users\Datav90\Downloads\ZHPCleaner.exe
2017-01-04 05:48 - 2017-01-04 23:49 - 00000000 ____D C:\FRST
2017-01-04 05:47 - 2017-01-04 05:34 - 01760256 _____ (Farbar) C:\Users\Datav90\Desktop\FRST.exe
2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe
2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload
2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp
2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe
2017-01-04 03:09 - 2017-01-04 19:11 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-04 01:14 - 2017-01-04 01:19 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-02 12:14 - 2017-01-02 12:14 - 00000000 ____D C:\Users\Datav90\AppData\Local\mpress
2017-01-02 12:04 - 2017-01-02 12:04 - 00003621 _____ C:\Users\Public\Desktop\R@1n.txt
2017-01-02 12:03 - 2017-01-02 12:03 - 00023040 _____ C:\WINDOWS\KMS-R@1n111.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00004608 _____ C:\WINDOWS\KMS-R@1nHoo111k.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00003584 _____ C:\WINDOWS\KMS-R@1nHook111.dll
2017-01-02 11:59 - 2017-01-02 11:59 - 00000000 ____D C:\Users\Datav90\Desktop\BASEM ELHLAWANYY-ACT-WOROF
2017-01-02 11:51 - 2017-01-04 18:51 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
2017-01-02 02:22 - 2017-01-04 19:08 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\BITS
2017-01-02 02:22 - 2017-01-02 02:22 - 00001282 _____ C:\Users\Datav90\Desktop\FlashGet3.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00001257 _____ C:\Users\Datav90\Desktop\FlashGet downloads.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00000025 _____ C:\WINDOWS\libem.INI
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\FlashGet3.7
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashgetSetup
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGetBHO
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGet
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Program Files\FlashGet Network
2017-01-02 02:17 - 2017-01-02 02:21 - 08041792 _____ (Trend Media Corporation Limited.) C:\Users\Datav90\Downloads\flashget3.7.0.1195en.ex e
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Users\Datav90\AppData\Local\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Program Files\Upwork
2016-12-31 11:02 - 2016-12-31 11:11 - 27615024 _____ (Upwork, Inc ) C:\Users\Datav90\Downloads\UpworkSetup.exe
2016-12-31 10:34 - 2016-12-31 10:34 - 00009975 _____ C:\Users\Datav90\Downloads\photo 2.jpg
2016-12-31 08:19 - 2016-12-31 08:20 - 00172803 _____ C:\Users\Datav90\Downloads\coachesforscraping.csv
2016-12-31 02:13 - 2016-12-31 02:15 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (2).zip
2016-12-31 02:05 - 2016-12-31 02:11 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package.zip
2016-12-31 02:05 - 2016-12-31 02:09 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (1).zip
2016-12-30 01:37 - 2016-12-30 01:37 - 00017143 _____ C:\Users\Datav90\Downloads\esh8.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00065728 _____ C:\Users\Datav90\Downloads\esh4.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00018597 _____ C:\Users\Datav90\Downloads\esh7.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00017003 _____ C:\Users\Datav90\Downloads\esh6.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00016866 _____ C:\Users\Datav90\Downloads\esh5.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00021585 _____ C:\Users\Datav90\Downloads\esh1.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00016557 _____ C:\Users\Datav90\Downloads\esh2.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00014625 _____ C:\Users\Datav90\Downloads\esh3.jpg
2016-12-30 01:30 - 2016-12-30 01:30 - 00054646 _____ C:\Users\Datav90\Downloads\15727125_17914334044516 78_2871036148880099708_n.jpg
2016-12-30 01:29 - 2016-12-30 01:29 - 00010587 _____ C:\Users\Datav90\Downloads\15747854_17914331911183 66_2791255909819819944_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00011882 _____ C:\Users\Datav90\Downloads\15698046_17914305677852 95_5891954741419882554_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00010206 _____ C:\Users\Datav90\Downloads\15747595_17914306144519 57_402886003749102938_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00008387 _____ C:\Users\Datav90\Downloads\15726425_17914304577853 06_1590105582682755411_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00014437 _____ C:\Users\Datav90\Downloads\15697321_17914303044519 88_1599783654902432698_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00011214 _____ C:\Users\Datav90\Downloads\15727013_17914303377853 18_2260776694555007145_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010907 _____ C:\Users\Datav90\Downloads\15726941_17914302844519 90_7468235468847233939_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010367 _____ C:\Users\Datav90\Downloads\15741205_17914302311186 62_7424300965506925307_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00009080 _____ C:\Users\Datav90\Downloads\15697663_17914300811186 77_685444044530583677_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008701 _____ C:\Users\Datav90\Downloads\15697744_17914302144519 97_599277962521379313_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008412 _____ C:\Users\Datav90\Downloads\15697195_17914304311186 42_688240443350783932_n.jpg
2016-12-30 00:54 - 2016-12-30 00:54 - 00065582 _____ C:\Users\Datav90\Downloads\عبد-الرحمن.jpg
2016-12-30 00:52 - 2016-12-30 00:52 - 00078379 _____ C:\Users\Datav90\Downloads\15749660_18108459192029 74_1551856833_n.jpg
2016-12-30 00:50 - 2016-12-30 00:50 - 00063452 _____ C:\Users\Datav90\Downloads\sara.jpg
2016-12-30 00:47 - 2016-12-30 00:47 - 00055315 _____ C:\Users\Datav90\Downloads\15781826_18399110662870 65_1397427542_n.jpg
2016-12-29 22:32 - 2016-12-29 22:32 - 00023404 _____ C:\Users\Datav90\Downloads\15747732_35981971105875 8_286862103335593206_n.jpg
2016-12-29 08:55 - 2016-09-19 02:58 - 00295997 _____ C:\Users\Datav90\Documents\SAM_1553.JPG
2016-12-29 08:39 - 2016-12-29 11:31 - 00000722 _____ C:\Users\Datav90\Documents\New Text Document.txt
2016-12-29 07:01 - 2016-12-29 07:01 - 00016789 _____ C:\Users\Datav90\Downloads\06 Upwork Translation_sanitized.docx
2016-12-29 04:32 - 2016-12-29 04:32 - 00096897 _____ C:\Users\Datav90\Downloads\15781656_13746114859173 71_7121881180046883649_n.jpg
2016-12-29 04:32 - 2016-12-29 04:32 - 00013311 _____ C:\Users\Datav90\Downloads\15621685_13746114759173 72_7113708655159179370_n.jpg
2016-12-29 04:25 - 2016-12-29 04:25 - 00031592 _____ C:\Users\Datav90\Downloads\15697646_10202602289255 587_128805314885165344_n.jpg
2016-12-29 04:23 - 2016-12-29 04:23 - 00080473 _____ C:\Users\Datav90\Downloads\946.jpg
2016-12-29 03:22 - 2016-12-29 03:22 - 01122704 _____ C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip
2016-12-29 03:15 - 2016-12-29 03:15 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft Help
2016-12-29 02:32 - 2016-12-29 02:32 - 00016371 _____ C:\Users\Datav90\Downloads\هل تعلم.docx
2016-12-29 02:16 - 2016-12-29 02:16 - 00074754 _____ C:\Users\Datav90\Downloads\attia.jpg
2016-12-29 02:15 - 2016-12-29 02:15 - 00006241 _____ C:\Users\Datav90\Downloads\15780759_10548039213325 10_2962458877819057543_n.jpg
2016-12-29 00:47 - 2016-12-29 00:47 - 00028019 _____ C:\Users\Datav90\Downloads\15726378_10154868032978 953_4135433702900079780_n.jpg
2016-12-29 00:18 - 2016-12-29 00:18 - 00017978 _____ C:\Users\Datav90\Downloads\mohdy.jpg
2016-12-29 00:17 - 2016-12-29 00:17 - 00040656 _____ C:\Users\Datav90\Downloads\15749450_12190362981875 50_10451665_n.jpg
2016-12-28 01:10 - 2016-12-28 01:10 - 00016383 _____ C:\Users\Datav90\Downloads\10897759_15578990277890 09_1715249256927502265_n.jpg
2016-12-27 16:32 - 2016-12-27 16:32 - 00000054 _____ C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA. txt
2016-12-27 15:18 - 2016-12-27 15:18 - 00155354 _____ C:\Users\Datav90\Downloads\736.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00146439 _____ C:\Users\Datav90\Downloads\730.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141902 _____ C:\Users\Datav90\Downloads\729.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141256 _____ C:\Users\Datav90\Downloads\735.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00135838 _____ C:\Users\Datav90\Downloads\738.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00133531 _____ C:\Users\Datav90\Downloads\734.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00121913 _____ C:\Users\Datav90\Downloads\733.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00106221 _____ C:\Users\Datav90\Downloads\731.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00104750 _____ C:\Users\Datav90\Downloads\737.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00103829 _____ C:\Users\Datav90\Downloads\732.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00094266 _____ C:\Users\Datav90\Downloads\728.jpg
2016-12-27 02:28 - 2016-12-27 02:28 - 00079482 _____ C:\Users\Datav90\Documents\tmp.reg
2016-12-27 01:31 - 2016-12-27 01:31 - 00000000 ____D C:\Users\Datav90\Downloads\FixWin10
2016-12-27 01:29 - 2017-01-03 15:04 - 00000000 ____D C:\Users\Datav90\AppData\Local\CrashDumps
2016-12-27 01:28 - 2016-12-27 01:28 - 00106816 _____ C:\Users\Datav90\Downloads\FixWin10.zip
2016-12-27 01:16 - 2016-12-27 01:16 - 00522710 _____ C:\Users\Datav90\Downloads\AppsDiagnostic.diagcab
2016-12-27 01:08 - 2016-12-27 01:08 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10 (1).diagcab
2016-12-27 00:52 - 2016-12-27 00:52 - 01225688 _____ (SafeBytes Software Inc.) C:\Users\Datav90\Downloads\TotalSystemCare_Install er.exe
2016-12-26 21:12 - 2016-12-26 21:12 - 00035300 _____ C:\Users\Datav90\Downloads\15683510_22107426834578 7_1626056584_n.jpg
2016-12-26 21:02 - 2016-12-26 21:02 - 00087736 _____ C:\Users\Datav90\Downloads\mostafa.jpg
2016-12-26 14:29 - 2016-12-26 14:29 - 00014750 _____ C:\Users\Datav90\Downloads\15726513_78104651536947 4_2567044352822146249_n.jpg
2016-12-26 09:44 - 2016-12-26 09:44 - 00011265 _____ C:\Users\Datav90\Downloads\Vision - final -Ali- Dec 22.docx
2016-12-26 09:26 - 2016-12-26 09:26 - 00330534 _____ C:\Users\Datav90\Downloads\15749024_11928796508020 48_1648479191_o.png
2016-12-26 08:32 - 2016-12-26 08:32 - 00055486 _____ C:\Users\Datav90\Downloads\15683315_16137998989294 10_1185965794_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00040846 _____ C:\Users\Datav90\Downloads\15722638_16137999022627 43_259658064_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00038638 _____ C:\Users\Datav90\Downloads\15722662_16137999355960 73_607550824_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00031420 _____ C:\Users\Datav90\Downloads\15723939_16137999322627 40_907010488_n.jpg
2016-12-26 07:10 - 2016-12-26 07:10 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10.diagca b
2016-12-26 04:45 - 2016-12-27 02:53 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Ipswitch
2016-12-26 04:44 - 2016-12-26 04:44 - 00000000 ____D C:\ProgramData\Ipswitch
2016-12-26 04:11 - 2016-12-26 04:12 - 00001455 _____ C:\Users\Datav90\Downloads\defines.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00001037 _____ C:\Users\Datav90\Downloads\inj.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00000417 _____ C:\Users\Datav90\Downloads\error_log
2016-12-26 04:10 - 2016-12-26 04:10 - 00000000 _____ C:\Users\Datav90\Downloads\bbfb06033226583ab80003e 0c7586890
2016-12-26 03:59 - 2016-12-26 03:59 - 00000861 _____ C:\Users\Datav90\Downloads\badrash (1).coreftp
2016-12-26 03:58 - 2016-12-26 04:13 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\CoreFTP
2016-12-26 03:57 - 2016-12-26 03:57 - 00001018 _____ C:\Users\Datav90\Desktop\Core FTP LE.lnk
2016-12-26 03:57 - 2016-12-26 03:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Core FTP
2016-12-26 03:56 - 2016-12-26 03:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-12-26 03:53 - 2016-12-26 03:56 - 04974659 _____ C:\Users\Datav90\Downloads\coreftplite.exe
2016-12-26 03:53 - 2016-12-26 03:53 - 00000861 _____ C:\Users\Datav90\Downloads\badrash.coreftp
2016-12-26 03:53 - 2016-12-26 03:53 - 00000838 _____ C:\Users\Datav90\Downloads\Secure Ftp badrash.xml
2016-12-26 03:47 - 2016-12-26 03:47 - 00000853 _____ C:\Users\Datav90\Downloads\Ftp datav90@badrashein.com.xml
2016-12-26 03:44 - 2016-12-26 03:44 - 00000838 _____ C:\Users\Datav90\Downloads\Ftp badrash.xml
2016-12-26 03:12 - 2016-12-29 02:07 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla
2016-12-26 03:12 - 2016-12-27 16:32 - 00000000 ____D C:\Users\Datav90\AppData\Local\FileZilla
2016-12-26 03:12 - 2016-12-26 03:12 - 00002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-12-26 03:12 - 2016-12-26 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-12-26 03:11 - 2016-12-26 03:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-12-26 03:10 - 2016-12-26 03:14 - 27522128 _____ C:\Users\Datav90\Downloads\wsftp12.5.1_English_SN4 K2142ADXXF3N8I8I61AA5R.exe
2016-12-26 03:09 - 2016-12-26 03:11 - 06668016 _____ (Tim Kosse) C:\Users\Datav90\Downloads\FileZilla_3.23.0.2_win3 2-setup_bundled2.exe
2016-12-26 02:57 - 2016-12-26 02:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla Server
2016-12-26 02:54 - 2016-12-26 02:55 - 02238848 _____ (FileZilla Project) C:\Users\Datav90\Downloads\FileZilla_Server-0_9_59.exe
2016-12-26 02:36 - 2016-12-26 02:36 - 00000000 ____D C:\Users\Datav90\AppData\Local\Bazwise
2016-12-26 01:36 - 2016-12-26 01:36 - 00000000 ____D C:\ProgramData\Folder Size Explorer
2016-12-26 01:34 - 2016-12-26 01:35 - 01370420 _____ C:\Users\Datav90\Downloads\FolderSizeExplorer-23-OCT-2016-V171.zip
2016-12-25 20:31 - 2016-12-25 20:31 - 00133123 _____ C:\Users\Datav90\Downloads\15697737_12172072250254 14_6715923463248477997_n.jpg
2016-12-24 01:10 - 2016-12-24 01:10 - 00048327 _____ C:\Users\Datav90\Downloads\15622181_69046171113472 6_8011711944848311533_n.jpg
2016-12-24 01:07 - 2016-12-24 01:07 - 00064540 _____ C:\Users\Datav90\Downloads\15590048_18000350335816 31_7954651434522340218_n.jpg
2016-12-23 23:20 - 2016-12-23 23:20 - 00020703 _____ C:\Users\Datav90\Downloads\رخص.jpg
2016-12-23 23:19 - 2016-12-23 23:19 - 00041999 _____ C:\Users\Datav90\Downloads\15713180_38041730230176 9_1628446829_n.jpg
2016-12-23 22:21 - 2016-12-23 22:21 - 00041900 _____ C:\Users\Datav90\Downloads\البان.jpg
2016-12-23 03:09 - 2016-12-23 03:09 - 00024501 _____ C:\Users\Datav90\Downloads\diego-eduardo.jpg
2016-12-23 01:48 - 2016-12-23 01:48 - 00047850 _____ C:\Users\Datav90\Downloads\2016-636180235792457418-245.jpg
2016-12-23 01:22 - 2016-12-23 01:22 - 00088340 _____ C:\Users\Datav90\Downloads\tahlil.jpg
2016-12-23 01:12 - 2016-12-23 01:12 - 00083900 _____ C:\Users\Datav90\Downloads\15390705_13697385678822 7_8369061297559094453_n.jpg
2016-12-22 02:52 - 2016-12-22 02:52 - 00100920 _____ C:\Users\Datav90\Downloads\1 (1).jpg
2016-12-21 18:46 - 2016-12-21 18:46 - 02914369 _____ C:\Users\Datav90\Downloads\12444005_46358771384612 5_104851160_n.mp4
2016-12-21 18:33 - 2016-12-21 18:33 - 00021943 _____ C:\Users\Datav90\Downloads\15666222_70486137634443 6_664292759_n.jpg
2016-12-21 18:33 - 2016-12-21 18:33 - 00012630 _____ C:\Users\Datav90\Downloads\15683065_70437369972653 7_989221303_n.jpg
2016-12-21 14:36 - 2016-12-21 14:36 - 00234988 _____ C:\Users\Datav90\Downloads\pic_2.jpg
2016-12-21 00:49 - 2016-12-21 00:49 - 00094246 _____ C:\Users\Datav90\Downloads\15645143_93576460988706 9_1649562990_n.jpg
2016-12-20 20:45 - 2016-12-20 20:45 - 00027127 _____ C:\Users\Datav90\Downloads\13920610_15448478498276 2_8648536994615444379_n.jpg
2016-12-20 20:41 - 2016-12-20 20:41 - 00013787 _____ C:\Users\Datav90\Downloads\15578741_12558750011395 11_5517789743120233867_n.jpg
2016-12-20 17:03 - 2016-12-20 17:03 - 00013717 _____ C:\Users\Datav90\Downloads\15621704_18846968550939 11_7324338711842225629_n.jpg
2016-12-20 15:51 - 2016-12-20 15:51 - 00018208 _____ C:\Users\Datav90\Downloads\15578910_16536095482699 65_5172276978296957487_n.jpg
2016-12-20 15:11 - 2016-12-20 15:11 - 00074971 _____ C:\Users\Datav90\Downloads\ayat5.jpg
2016-12-20 15:10 - 2016-12-20 15:11 - 00078268 _____ C:\Users\Datav90\Downloads\ayat4.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00089275 _____ C:\Users\Datav90\Downloads\ayat3.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00070887 _____ C:\Users\Datav90\Downloads\ayat2.jpg
2016-12-20 15:09 - 2016-12-20 15:09 - 00075240 _____ C:\Users\Datav90\Downloads\ayat1.jpg
2016-12-20 15:01 - 2016-12-20 15:01 - 00078520 _____ C:\Users\Datav90\Downloads\15673394_24110310632523 8_546416552_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00094139 _____ C:\Users\Datav90\Downloads\15673220_24110274299194 1_582186434_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00081513 _____ C:\Users\Datav90\Downloads\15666123_24110296632525 2_1776948586_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00079345 _____ C:\Users\Datav90\Downloads\15666260_24110305632524 3_1635308780_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00073337 _____ C:\Users\Datav90\Downloads\15644580_24110307299190 8_1532055082_n.jpg
2016-12-20 06:04 - 2016-12-20 06:04 - 00036499 _____ C:\Users\Datav90\Downloads\الدالي.jpg
2016-12-19 21:19 - 2016-12-19 21:20 - 01162272 _____ C:\Users\Datav90\Downloads\15569479_11056963228904 77_1778779393041104896_n.mp4
2016-12-19 04:32 - 2016-12-09 11:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-19 04:32 - 2016-12-09 11:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-19 04:32 - 2016-12-09 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-19 04:32 - 2016-12-09 11:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-19 04:32 - 2016-12-09 11:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-19 04:31 - 2016-12-09 12:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-19 04:31 - 2016-12-09 12:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-19 04:31 - 2016-12-09 12:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-19 04:31 - 2016-12-09 12:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-19 04:31 - 2016-12-09 12:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-19 04:31 - 2016-12-09 12:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-19 04:31 - 2016-12-09 11:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-19 04:31 - 2016-12-09 11:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-19 04:31 - 2016-12-09 11:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-19 04:31 - 2016-12-09 11:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-19 04:31 - 2016-12-09 11:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2016-12-19 04:31 - 2016-12-09 11:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-19 04:31 - 2016-12-09 11:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-19 04:31 - 2016-12-09 11:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-19 04:31 - 2016-12-09 11:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-19 04:31 - 2016-12-09 11:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-19 04:31 - 2016-12-09 11:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-19 04:31 - 2016-12-09 11:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-19 04:31 - 2016-12-09 11:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-19 04:31 - 2016-09-15 18:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-19 04:14 - 2016-12-19 04:22 - 44392789 _____ C:\Users\Datav90\Downloads\rt_audacity_v1.0.rar
2016-12-19 01:42 - 2016-12-19 01:42 - 00019967 _____ C:\Users\Datav90\Downloads\15666039_20090706093198 28_423034705_n.jpg
2016-12-19 01:42 - 2016-12-19 01:42 - 00016780 _____ C:\Users\Datav90\Downloads\15644496_20090705493198 34_21459477_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00044153 _____ C:\Users\Datav90\Downloads\15541487_12867076747284 06_4917506916978523842_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00026916 _____ C:\Users\Datav90\Downloads\15590522_12867076247284 11_2224882288721743826_n.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00091360 _____ C:\Users\Datav90\Downloads\tam1.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00089395 _____ C:\Users\Datav90\Downloads\tam2.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00065088 _____ C:\Users\Datav90\Downloads\tam3.jpg
2016-12-18 15:14 - 2016-12-19 04:19 - 00294538 _____ C:\Users\Datav90\Downloads\SAM_1637.JPG
2016-12-18 15:14 - 2016-12-19 04:19 - 00286455 _____ C:\Users\Datav90\Downloads\SAM_1636.JPG
2016-12-18 15:14 - 2016-12-18 15:15 - 00294565 _____ C:\Users\Datav90\Downloads\SAM_1635.JPG
2016-12-18 15:11 - 2016-12-18 14:50 - 02982119 ____N C:\Users\Datav90\Downloads\IMG_20161217_235957.jpg
2016-12-18 15:11 - 2016-12-18 14:49 - 02907811 ____N C:\Users\Datav90\Downloads\IMG_20161217_235942.jpg
2016-12-18 15:11 - 2016-12-18 14:48 - 02812110 ____N C:\Users\Datav90\Downloads\IMG_20161217_235920.jpg
2016-12-18 01:28 - 2016-12-18 01:28 - 00057668 _____ C:\Users\Datav90\Downloads\15622294_18900813212216 46_2240084992261860022_n.jpg
2016-12-17 22:07 - 2016-12-17 22:07 - 00069793 _____ C:\Users\Datav90\Downloads\15134567_12726648961107 66_5587432740763612292_n.jpg
2016-12-17 01:20 - 2016-12-17 01:20 - 00008464 _____ C:\Users\Datav90\Downloads\15541993_18332584202905 22_2335822066002946516_n.jpg
2016-12-16 16:07 - 2016-12-16 16:07 - 00046484 _____ C:\Users\Datav90\Downloads\nesma.jpg
2016-12-16 16:06 - 2016-12-16 16:06 - 00011678 _____ C:\Users\Datav90\Downloads\15591797_17137101156109 17_1314929607_n.jpg
2016-12-16 16:04 - 2016-12-16 16:04 - 00046292 _____ C:\Users\Datav90\Downloads\583.jpg
2016-12-16 03:50 - 2016-12-16 03:51 - 00024080 _____ C:\Users\Datav90\Downloads\15589581_73986708617157 3_7978030631832322959_n.jpg
2016-12-16 01:10 - 2016-12-16 01:10 - 00158891 _____ C:\Users\Datav90\Downloads\nema.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00035606 _____ C:\Users\Datav90\Downloads\15541205_13808169552710 73_9036191817213009882_n.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00029679 _____ C:\Users\Datav90\Downloads\15492429_13808168886044 13_7589306743660200241_n.jpg
2016-12-15 20:54 - 2016-12-15 20:54 - 00024009 _____ C:\Users\Datav90\Downloads\99807.jpg
2016-12-15 20:43 - 2016-12-15 20:43 - 00040927 _____ C:\Users\Datav90\Downloads_92981501_c4ccafe2-f1d8-40e9-b58b-002e9df5cbe6.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00037506 _____ C:\Users\Datav90\Downloads\15442365_12811641585729 99_5708725606552780280_n.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00015346 _____ C:\Users\Datav90\Downloads\15578570_12811640152396 80_3565590128071369348_n.jpg
2016-12-14 12:06 - 2016-12-14 12:07 - 00045500 _____ C:\Users\Datav90\Downloads\347.jpg
2016-12-14 00:32 - 2016-12-14 00:32 - 00070777 _____ C:\Users\Datav90\Downloads\15380309_17098438126630 36_4409407772544437826_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00079879 _____ C:\Users\Datav90\Downloads\15541525_24365856606569 8_6342690252898199417_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00071750 _____ C:\Users\Datav90\Downloads\15390736_24365851939903 6_2659207842868567611_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00061178 _____ C:\Users\Datav90\Downloads\15420847_24365844606571 0_5921352442998396276_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00038138 _____ C:\Users\Datav90\Downloads\15391158_24365854273236 7_6813489041534924004_n.jpg
2016-12-13 00:47 - 2016-12-13 00:47 - 00055165 _____ C:\Users\Datav90\Downloads\15542021_12694333898138 07_1235259025878969592_n.jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505 (1).jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00033654 _____ C:\Users\Datav90\Downloads\34809-693abab1-fe1e-4144-91e0-2bdfdc36328a.jpg
2016-12-12 15:05 - 2016-12-12 15:05 - 00076984 _____ C:\Users\Datav90\Downloads\86442-a125f272-96bd-4c41-adab-ed0f04f27161.jpg
2016-12-12 15:03 - 2016-12-12 15:03 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505.jpg
2016-12-12 14:50 - 2016-12-12 14:50 - 00065187 _____ C:\Users\Datav90\Downloads\لشششش.jpg
2016-12-12 00:16 - 2016-12-12 00:16 - 00177932 _____ C:\Users\Datav90\Downloads\15398885_73562050326922 6_410214808_o.jpg
2016-12-10 21:09 - 2016-12-10 21:09 - 00052138 _____ C:\Users\Datav90\Downloads\15356080_17232501146572 20_1959023838_n.jpg
2016-12-10 20:59 - 2016-12-10 20:59 - 00049816 _____ C:\Users\Datav90\Downloads\38c9604f31b08735863ba67 6d7f09c8a.jpg
2016-12-10 07:19 - 2016-11-11 10:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utiliti es.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 07:19 - 2016-11-11 10:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 07:19 - 2016-11-11 09:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 07:19 - 2016-11-11 09:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationDat a.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 07:19 - 2016-11-11 09:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 07:19 - 2016-11-11 09:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 07:19 - 2016-11-11 09:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-10 07:19 - 2016-11-11 09:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 07:19 - 2016-11-11 09:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 07:19 - 2016-11-11 09:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 07:19 - 2016-11-11 09:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 07:19 - 2016-11-11 09:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 07:19 - 2016-11-11 09:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 07:19 - 2016-11-11 09:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 07:19 - 2016-11-11 09:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 07:19 - 2016-11-11 09:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 07:19 - 2016-11-11 09:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient. dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 07:19 - 2016-11-11 09:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundT ransfer.BackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 07:19 - 2016-11-11 09:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 07:19 - 2016-11-11 09:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense. dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dl l
2016-12-10 07:19 - 2016-11-11 09:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 07:19 - 2016-11-11 09:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 07:19 - 2016-11-11 09:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 07:19 - 2016-11-11 09:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2016-12-10 07:19 - 2016-11-11 09:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .TestingFramework.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 07:19 - 2016-11-11 09:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 07:19 - 2016-11-11 09:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 07:19 - 2016-11-11 09:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 07:19 - 2016-11-11 09:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-08 16:51 - 2016-12-08 16:53 - 02383507 _____ C:\Users\Datav90\Downloads\15445175_18186897650755 74_2785128382688395264_n.mp4
2016-12-08 16:49 - 2016-12-08 16:50 - 00156876 _____ C:\Users\Datav90\Documents\15424527_11645114236042 57_1633711776_n.jpg
2016-12-08 16:43 - 2016-12-08 16:43 - 00071776 _____ C:\Users\Datav90\Documents\15326441_11393324094827 88_8224781207746921100_n.jpg
2016-12-08 11:40 - 2016-12-08 11:41 - 03073529 _____ C:\Users\Datav90\Downloads\15315941_18330147169521 29_1369930048701726720_n.mp4
2016-12-08 11:26 - 2016-12-08 11:26 - 00090427 _____ C:\Users\Datav90\Documents\15435874_83026652378178 6_253559807_n.jpg
2016-12-08 08:49 - 2016-12-08 08:49 - 00015880 _____ C:\Users\Datav90\Documents\15337578_11104987857366 48_5770530851665041560_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00047128 _____ C:\Users\Datav90\Downloads\15327457_10210279915327 965_5751880802827965275_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00014232 _____ C:\Users\Datav90\Downloads\15267583_17980386904719 73_6303314785682517112_n.jpg
2016-12-06 22:10 - 2016-12-06 22:10 - 00050665 _____ C:\Users\Datav90\Downloads\15409962_78636750484382 0_881457125_o.jpg
2016-12-06 22:04 - 2016-12-06 22:04 - 00081627 _____ C:\Users\Datav90\Downloads\15368766_78636869484370 1_1803954973_o.jpg
2016-12-06 15:47 - 2016-12-06 15:47 - 00084835 _____ C:\Users\Datav90\Downloads\15397719_12704657430090 32_1864833973_o.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 23:48 - 2016-09-14 06:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-04 23:48 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-04 23:48 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-04 22:25 - 2016-08-14 16:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 20:45 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90
2017-01-04 19:02 - 2016-08-14 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-04 19:01 - 2016-07-16 04:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-04 18:54 - 2016-01-29 17:07 - 00273232 _____ C:\WINDOWS\ntbtlog.txt
2017-01-04 03:23 - 2016-08-16 01:48 - 00000000 ____D C:\Users\Datav90\AppData\Local\Adobe
2017-01-04 00:17 - 2016-04-24 04:04 - 00000000 ____D C:\PlantsVsZombies Game Of The Year
2017-01-03 09:49 - 2016-08-16 01:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-03 01:33 - 2016-08-22 00:45 - 00001456 _____ C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-02 12:06 - 2016-08-14 19:50 - 00000000 ____D C:\Users\Datav90\AppData\Local\Packages
2016-12-31 21:22 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-31 21:15 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000002.regt rans-ms
2016-12-31 21:15 - 2016-08-14 16:41 - 00065536 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TM.blf
2016-12-29 08:55 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Documents
2016-12-29 07:01 - 2016-08-14 16:41 - 00000000 ___SD C:\Users\Datav90\AppData\Roaming\Microsoft
2016-12-28 03:26 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-27 03:19 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-27 02:53 - 2016-08-29 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-27 01:47 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-26 17:09 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\Logs
2016-12-26 07:13 - 2016-09-22 20:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\ElevatedDiagnostics
2016-12-26 06:00 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-26 03:21 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 03:16 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft
2016-12-25 20:47 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-19 18:05 - 2016-07-16 04:22 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-19 18:04 - 2016-08-14 16:38 - 03775136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-19 18:03 - 2016-08-14 16:38 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TMContainer00000000000000000001.regt rans-ms
2016-12-19 18:03 - 2016-08-14 16:38 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TM.blf
2016-12-19 18:02 - 2016-07-16 10:30 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\apppatch
2016-12-19 18:02 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-17 12:01 - 2016-08-14 19:53 - 00002369 _____ C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\OneDrive.lnk
2016-12-17 12:01 - 2016-08-14 19:53 - 00000000 ___RD C:\Users\Datav90\OneDrive
2016-12-16 04:48 - 2016-08-16 01:30 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 04:48 - 2016-08-16 01:30 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:29 - 2016-08-16 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:27 - 2016-08-16 00:16 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-11 00:15 - 2016-08-14 16:50 - 01103134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 00:15 - 2016-07-16 10:31 - 00844762 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-11 00:15 - 2016-07-16 10:31 - 00243552 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-11 00:11 - 2016-08-14 19:50 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\desktop.ini
2016-12-11 00:11 - 2016-08-14 19:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000436 ___SH C:\Users\Datav90\Desktop\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000402 ___SH C:\Users\Datav90\Documents\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000282 ___SH C:\Users\Datav90\Downloads\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Videos
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Searches
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Saved Games
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Pictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Music
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Links
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Favorites
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Contacts
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Administrative Tools
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 00:07 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000001.regt rans-ms
2016-12-08 20:49 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg
[HEADING=1]Some files in TEMP:[/HEADING]
C:\Users\Datav90\AppData\Local\Temp\gtapi_signed.d ll
C:\Users\Datav90\AppData\Local\Temp\libeay32.dll
C:\Users\Datav90\AppData\Local\Temp\msvcr120.dll
C:\Users\Datav90\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-14 16:38

==================== End of FRST.txt ============================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Datav90 (04-01-2017 23:53:02)
Running from C:\Users\Datav90\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-08-14 17:49:47)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-3546961264-2073685745-768210978-500 - Administrator - Disabled)
Datav90 (S-1-5-21-3546961264-2073685745-768210978-1000 - Administrator - Enabled) => C:\Users\Datav90
DefaultAccount (S-1-5-21-3546961264-2073685745-768210978-503 - Limited - Disabled)
Guest (S-1-5-21-3546961264-2073685745-768210978-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acronis True Image 2016 (HKLM...{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 24 NPAPI (HKLM...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM...{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM...{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM...{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM...{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM...\CCleaner) (Version: 5.25 - Piriform)
Core FTP LE (HKLM...\CoreFTP) (Version: - )
CyberLink PowerDirector 14 (HKLM...{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dell System Detect (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Facebook Gameroom 1.1.3.1 (HKLM...{A3C248A7-BF21-4C3A-9C10-2D56F59460CD}) (Version: 1.1.3.1 - Facebook)
FileZilla Client 3.23.0.2 (HKLM...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
FlashGet3.7 (HKLM...\FlashGet3.7) (Version: 3.7.0.1195 - hxxp://www.FlashGet.com)
Free YouTube Downloader 4.1.540 (HKLM...{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Games Manager (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\GamesManager) (Version: 2.6.0.496 - iWin Inc.)
Google Chrome (HKLM...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM...{61D7B517-5914-41D4-BD27-927163631227}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM...{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
K-Lite Codec Pack 12.3.5 Full (HKLM...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes version 3.0.5.1299 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM...{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Titler Pro for Windows (HKLM...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Plants Vs Zombies: Game of the Year Edition (HKLM...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - iWin.com)
Plants vs. Zombies™ (remove only) (HKLM...\Plants vs. Zombies™) (Version: - )
PowerISO (HKLM...\PowerISO) (Version: 6.4 - Power Software Ltd)
proDAD Adorage 3.0 (HKLM...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
QuickTime (HKLM...{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SmartSound Quicktracks 5 (HKLM...\InstallShield{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SpyHunter 4 (HKLM...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
Upwork version 4.2.115.0 (HKLM...{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.115.0 - Upwork, Inc)
XAMPP (HKLM...\xampp) (Version: 5.6.23-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B461EBD-C226-4401-9A07-12B5137E9B0D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FB6CA67-932F-4EAF-B9F7-A86FB36DCCB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {14294684-59FB-41C7-8B08-0B88265FB627} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_ 0_0_186_pepper.exe [2016-12-31] (Adobe Systems Incorporated)
Task: {1DF6D448-EBBE-4D91-9CDE-B302DA73D7E1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {290FF108-8F3D-4FFA-8AB7-DE2E8B30B2C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32E3CCFB-4C77-4AB1-9668-7CA21C62DDB4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {343AC552-F025-46F6-BCAB-200AC94519F8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B624D98-7F84-437E-AEDD-757A3F439CA1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID=“d450596f-894d-49e0-966a-fd39ed4c4c64”) call Activate]
Task: {493F6142-0BBD-48C6-A70F-B41D846DA5C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AD09A9-2485-4CBB-BE0F-EF00C081D02D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4AC606DA-DD00-43FC-BFA6-2F7F9F821376} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E61AD6C-95DD-4A84-94C5-7BF4FF66A0D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54A6A44F-DAF5-4CD5-A802-223E89713020} - System32\Tasks\AdobeAAMUpdater-1.0-Datav90-PC-Datav90 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2015-08-05] (Adobe Systems Incorporated)
Task: {5ED585F6-A35F-49CC-935D-EFD304C03877} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads
Task: {73A17262-5276-4506-A544-D2A306CDC29C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {73F7F7EA-AF61-4BA2-82E7-02CB32597A23} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {747FF417-6FC5-406C-9BDE-3C33E1C19A33} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8053BBCD-8C18-4681-96D5-8B9D0ADD0193} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {805A3EE6-168C-4470-8AC7-B96143F0861C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {821A7999-BC63-4A15-927B-EBAA0ABCFAFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E3E431-8D7C-4B5D-8C80-C668806471C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {88C3EB22-F607-4649-A7FE-A4E17E635C6B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9AC75CCF-9B5B-44DC-8935-CB01887D85FA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7BEDC40-A604-4005-B51F-2ECCF136D24E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {A80FA2EC-E6EA-46D2-B992-E49ADB79E8F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B9D7CB82-CA93-4A42-8D1B-CC23DDB8A104} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA9D357-3D0F-4C63-BC8E-016DCA939BBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {ED6CFF1B-234C-4200-B182-7BF232F1F161} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EE78825D-7154-4C27-A287-320734E95AC5} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {F1AD2998-CAC6-4631-AA1B-020630068E65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_ 0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk → C:\Users\Datav90\AppData\Local\GamesManager\GamesM anager.exe (iWin Inc) → -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\core_workers_shared_c ontext.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\sqlite3.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 12:00 - 2016-12-17 12:00 - 01244376 _____ () C:\Users\Datav90\AppData\Local\Microsoft\OneDrive\ 17.3.6720.1207\ClientTelemetry.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:48 - 2016-11-02 12:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-09-21 02:39 - 2016-08-06 05:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:48 - 2016-11-02 12:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 19:31 - 2016-12-14 19:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x 86__kzf8qxf38zg5c\roottools.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 07211112 _____ () C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-11-26 10:43 - 2015-11-26 10:43 - 00056752 _____ () C:\Program Files\Common Files\Acronis\Home\rpc_client.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-12-31 11:11 - 2016-12-13 18:35 - 02218792 _____ () C:\Program Files\Upwork\upwork.exe
2016-12-31 11:11 - 2016-12-07 08:01 - 52043776 _____ () C:\Program Files\Upwork\libcef.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01179136 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefS harp.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 52839936 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libc ef.dll
2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00802816 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefS harp.BrowserSubprocess.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01796608 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libg lesv2.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00078848 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libe gl.dll
2016-11-23 09:18 - 2016-11-23 09:21 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 09:18 - 2016-11-23 09:21 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-15 07:22 - 2016-08-15 07:25 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.d ll
2016-11-23 09:18 - 2016-11-23 09:21 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 09:18 - 2016-11-23 09:21 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 12:21 - 2016-07-16 12:21 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118 .10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.d ll
2016-12-16 04:48 - 2016-12-08 09:29 - 01829208 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libgl esv2.dll
2016-12-16 04:48 - 2016-12-08 09:29 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libeg l.dll
2016-12-31 21:22 - 2016-12-31 21:22 - 17833560 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer3 2_24_0_0_186.dll
2016-12-14 00:50 - 2016-12-14 00:50 - 17832368 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\plug ins\fenix24.0.0.186.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3546961264-2073685745-768210978-1000...\dell.com → dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-08-16 06:56 - 00001132 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\Wallpaper → c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C4CC154E-919B-41C6-B776-FAE0AF1D6B71}] => C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{C6A19585-0C56-4C40-A082-CB9DAB47F52B}] => C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{ADF06669-93BC-4DBF-8433-4329AD584931}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8B956982-0979-4C29-B142-FD05BD457D96}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{22E5FFE6-3E10-410B-B007-804FE0D72594}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{C6EC10C5-54BB-43B8-ADFF-5988760217D5}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C3D9825D-97AE-4F3C-91A0-713388F20C62}] => C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{5A1B1DFE-C2FE-4000-BDC6-1ABE43B140C5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A423CDB-BB7F-498C-9C22-4F51A401F5C4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D95E8E1-C539-48F2-B735-F3A68D4ECAE4}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{549FEAF5-51B3-44BD-87DC-BE672DEC7479}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [UDP Query User{7C26711B-D3C3-4064-B8C2-724474B1A6BD}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [TCP Query User{F3B2373A-D233-4168-B1CA-A42AE4898C96}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{2425C900-D598-4655-BAEC-A3491A4CD887}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{CC722752-78F7-4EBB-B9A7-25FAF59B5C0A}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{8BC99953-22F6-4E45-861F-35D5F15BE93B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{40B66D3A-7CFA-42DD-9F8B-D6D20F7F071B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [UDP Query User{08B14589-8EE9-4212-B558-50D012C45F8B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [{8C849EDE-8146-441E-9A82-5DF35B56AEF0}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C352655A-1625-4246-979B-2C12CB2FDBE6}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EB72103F-8E23-4C66-BFA2-8F80226FFFA4}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{F0AB04F9-A0E0-4921-8523-2D0A52AB44F1}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{BE316145-D544-414E-A7C7-DDAAF7F79D6C}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{D6058749-4878-4FD1-ADFA-0E2577BEA099}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{44164034-5116-4E1F-8326-DE6FBE660214}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (01/04/2017 07:12:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 1.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1a10

Start Time: 01d266ac83303352

Termination Time: 4294967295

Application Path: C:\Users\Datav90\Desktop\FRST.exe

Report Id: ee892b80-d29f-11e6-a1d0-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 05:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe! microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:24:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2tx yewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyew y!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\librar ies\Adobe_Helperx64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\librar ies\Adobe_Helperx64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for “c:\program files\cyberlink\powerdirector14\muitransfer\MUISta rtMenuX64.exe”.
Dependent Assembly Microsoft.Windows.Common-Controls,language=“*”,processorArchitecture=“amd64 ”,publicKeyToken=“6595b64144ccf1df”,type=“win32”,v ersion=“6.0.0.0” could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:05:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyew y!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:01:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e90

Start Time: 01d2668e66efcb5a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 17101f66-d286-11e6-a1cd-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 03:59:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app ZeptoLabUKLimited.KingofThieves_sq9zxnwrk84pj!game failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
[HEADING=1]System errors:[/HEADING]
Error: (01/04/2017 07:03:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:03:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2017 07:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TheFreeWeatherService service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/04/2017 07:02:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:01:31 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service ShellHWDetection with arguments “Unavailable” in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/04/2017 07:01:13 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/04/2017 07:01:09 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error “1084” attempting to start the service WSearch with arguments “Unavailable” in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-01-04 19:06:59.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-04 19:06:59.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-03 05:20:14.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-03 05:20:14.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 11:40:17.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 11:40:17.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 82%
Total physical RAM: 3547.61 MB
Available physical RAM: 630.8 MB
Total Virtual: 7131.61 MB
Available Virtual: 2634.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:3.97 GB) NTFS
Drive d: () (Fixed) (Total:56.33 GB) (Free:0.21 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (E) (Fixed) (Total:191.95 GB) (Free:109.35 GB) FAT32
Drive f: (F) (Fixed) (Total:188.09 GB) (Free:91.35 GB) FAT32
Drive g: (SAN_ANDREAS) (CDROM) (Total:4.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 63C463C4)
Partition 1: (Active) - (Size=56.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=409.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Hi please accept my apologies for my not responding sooner, my pc has hardware issues and I am having to review your logs on the 5 inch screen of my phone. It’s taking my longer than I had anticipated but rest assured I will post back soon.

Step One Uninstall Programs.

I suggest that you remove the programs listed below, these programs are redundant and may cause more harm than good on your machine.

Facebook Gameroom 1.1.3.1
Free YouTube Downloader 4.1.540
SpyHunter 4

Step Two FRST fix:

[ul]
[li]Open notepad[/li][li]Please copy the entire contents of the code box below into Notepad.[/li](To do this highlight the contents of the box from start to end, right click on it and select copy. Right-click in the open notepad and select Paste).
[li]Save it to your desktop as fixlist.txt.[/li][/ul]

[ICODE] Start CreateRestorePoint: Closeprocesses: Emptytemp: HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: H - "H:\setup.EXE" /AUTORUN HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - "I:\iStudio.exe" Hosts: BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Datav90\AppData\Roaming\FlashGetBHO\Flash GetBHO.dll [2012-01-06] (Trend Media Group) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoean epjfkf [2016-09-19] CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndg ebpfkf [2016-12-06] CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpin pmmpil [2016-08-17] CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapen ijdcho [2016-09-29] S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe [X] R1 MpKsl5a6c220d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys [39168 2017-01-04] (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed] U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] () U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys 2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe 2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload 2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp 2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe C:\WINDOWS\KMS-R@1nHook111.dll C:\WINDOWS\KMS-R@1nHoo111k.exe C:\WINDOWS\KMS-R@1n111.exe C:\Users\Public\Desktop\R@1n.txt C:\WINDOWS\system32\secushr.dat C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA. txt C:\Users\Datav90\Downloads\bbfb06033226583ab80003e 0c7586890 2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate] ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk -> C:\Users\Datav90\AppData\Local\GamesManager\GamesM anager.exe (iWin Inc) -> -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks\{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads RemoveProxy: CMD: ipconfig /flushdns End [/ICODE]

[ul]
[li]NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system[/li][li]Right Click FRST and Run as Admin. and press the Fix button just once and wait.[/li][li]The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.[/li][/ul]

Step Three Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
[ul]
[li]Install the program and once the installation is complete it will start automatically.[/li][li]Without changing any options, press Scan to begin.[/li][li]After the short scan is finished, if threats are detected press Next to remove them.[/li][/ul]
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn’t required, please restart your computer manually.
[ul]
[li]Open Zemana AntiMalware again.[/li][li]Click on http://i63.tinypic.com/4zu6vb.jpg icon and double click the latest report.[/li][li]Now click File > Save As and choose your Desktop before pressing Save.[/li][li]The only left thing is to attach saved report in your next message.[/li][/ul]
Step Four Clear Downloads Folder.

I noticed a lot of oddly named pictures and setup files for Pup programs and otherwise useless programs. Navigate to the following path. C:\Users\Datav90\Downloads then make sure there is nothing important in there to you and delete the content of this folder.

Step Five Fresh FRST & Addition.txt logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

Things I will need in your next reply.

[ul]
[li]FRST fixlog.[/li][li]Zemana scan results.[/li][li]Fresh FRST & Addition.txt logs.[/li][li]Tell me what issues remain on your computer, and tell me how it is running.[/li][/ul]

Hello @datav90 how are you moving along with the instructions? Have you got an update for us?

Hello @datav90 how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will closed. You can however have it re=opened at any time, by sending a private message to a staff member.