• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Closed/Inactive kms-r@1n i can not get rid of it help please

Status
Not open for further replies.
D

datav90

PCHF Member
Jan 4, 2017
6
0
43
#1
Hi all
i am using windows 10 and before 2 days i downloaded an activator for office 2016 and that was the beginning of suffering!!
too long to boot
system crashes when opening chrome or edge for about 10 minutes
when openeing any app it crashes for while
performance is too slow
connections to alot of sites dead or very slow
i run malwarebytes ccleaner and nothing reported any problems
i searched for files kms-r@1n and renamed any files related to it created in the same time i run this activator but the problem still
i have another xp operating system on the sam pc and it works fine
also the windows 10 works good in the safe mode status
please help
 
#2
Thank you for your kindly reply. and excuse me if i did not followed the instruction as i am new to the site.
what i unterstood from this that i must post the logs , is that right ?
thats frst log and additions log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Datav90 (administrator) on DATAV90-PC (04-01-2017 19:05:40)
Running from C:\Users\Datav90\Desktop
Loaded Profiles: Datav90 (Available Profiles: Datav90)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\Upwork\upwork.exe
(Trend Media Corporation Limited) C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
() C:\Program Files\Upwork\upwork.exe
(Facebook) C:\Users\Datav90\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\Upwork\upwork.exe
(AVAST Software) E:\Downloads\software\aswmbr.exe
Failed to access process -> FRST.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [2218792 2016-12-13] ()
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3083712 2012-01-09] (Trend Media Corporation Limited)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: H - "H:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - "I:\iStudio.exe"
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-11-29]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Datav90\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6baf1436-5a7e-4bd8-ae41-6fb725d46c8f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-01-02] (Microsoft Corporation)
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Datav90\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-01-06] (Trend Media Group)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-02] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-02] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-16]
CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-09-19]
CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-16]
CHR Extension: (Intelligence Search) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfggodcibdmflidbceoaanadclgomm [2016-11-25]
CHR Extension: (Group Invite All) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeajicmampllnpkmfimkhefbndkfeloo [2016-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-17]
CHR Extension: (Google Sheets) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2016-12-16]
CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
U2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-01-29] (Acronis)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1776216 2015-08-15] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [253776 2014-10-20] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2016-12-14] ()
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-01-29] (Acronis International GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [153024 2017-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [87496 2017-01-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [73152 2017-01-04] (Malwarebytes)
R1 MpKsl8c0b2b96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3B6B230-168A-44DE-B8A2-1FD6ADF19850}\MpKsl8c0b2b96.sys [39168 2017-01-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 NPF; C:\Users\Datav90\Downloads\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-01-29] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-01-29] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-01-29] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-01-29] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed]
U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:06 - 2017-01-04 19:06 - 00002218 _____ C:\Users\Datav90\Desktop\aswMBR.txt
2017-01-04 19:06 - 2017-01-04 19:06 - 00000512 _____ C:\Users\Datav90\Desktop\MBR.dat
2017-01-04 19:04 - 2017-01-04 19:05 - 00016709 _____ C:\Users\Datav90\Desktop\FRST.txt
2017-01-04 16:57 - 2017-01-04 16:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-04 15:34 - 2017-01-04 15:34 - 00153024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00087496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00073152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 15:33 - 2017-01-04 15:33 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\CCleaner
2017-01-04 15:33 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-01-04 15:32 - 2017-01-04 16:21 - 00000000 ____D C:\AdwCleaner
2017-01-04 06:46 - 2017-01-04 06:47 - 02665984 _____ C:\Users\Datav90\Downloads\ZHPCleaner.exe
2017-01-04 05:48 - 2017-01-04 19:04 - 00000000 ____D C:\FRST
2017-01-04 05:47 - 2017-01-04 05:34 - 01760256 _____ (Farbar) C:\Users\Datav90\Desktop\FRST.exe
2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe
2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload
2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp
2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe
2017-01-04 03:09 - 2017-01-04 19:03 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-04 01:14 - 2017-01-04 01:19 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-02 12:14 - 2017-01-02 12:14 - 00000000 ____D C:\Users\Datav90\AppData\Local\mpress
2017-01-02 12:04 - 2017-01-02 12:04 - 00003621 _____ C:\Users\Public\Desktop\R@1n.txt
2017-01-02 12:03 - 2017-01-02 12:03 - 00023040 _____ C:\WINDOWS\KMS-R@1n111.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00004608 _____ C:\WINDOWS\KMS-R@1nHoo111k.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00003584 _____ C:\WINDOWS\KMS-R@1nHook111.dll
2017-01-02 11:59 - 2017-01-02 11:59 - 00000000 ____D C:\Users\Datav90\Desktop\BASEM ELHLAWANYY-ACT-WOROF
2017-01-02 11:57 - 2017-01-02 11:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-02 11:53 - 2017-01-02 11:53 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-02 11:53 - 2017-01-02 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-02 11:51 - 2017-01-04 18:51 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
2017-01-02 11:48 - 2017-01-02 11:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-02 02:22 - 2017-01-04 15:30 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\BITS
2017-01-02 02:22 - 2017-01-02 02:22 - 00001282 _____ C:\Users\Datav90\Desktop\FlashGet3.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00001257 _____ C:\Users\Datav90\Desktop\FlashGet downloads.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00000025 _____ C:\WINDOWS\libem.INI
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashgetSetup
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGetBHO
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGet
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Program Files\FlashGet Network
2017-01-02 02:17 - 2017-01-02 02:21 - 08041792 _____ (Trend Media Corporation Limited.) C:\Users\Datav90\Downloads\flashget3.7.0.1195en.exe
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Users\Datav90\AppData\Local\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Program Files\Upwork
2016-12-31 11:02 - 2016-12-31 11:11 - 27615024 _____ (Upwork, Inc ) C:\Users\Datav90\Downloads\UpworkSetup.exe
2016-12-31 10:34 - 2016-12-31 10:34 - 00009975 _____ C:\Users\Datav90\Downloads\photo 2.jpg
2016-12-31 08:19 - 2016-12-31 08:20 - 00172803 _____ C:\Users\Datav90\Downloads\coachesforscraping.csv
2016-12-31 02:13 - 2016-12-31 02:15 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (2).zip
2016-12-31 02:05 - 2016-12-31 02:11 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package.zip
2016-12-31 02:05 - 2016-12-31 02:09 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (1).zip
2016-12-30 01:37 - 2016-12-30 01:37 - 00017143 _____ C:\Users\Datav90\Downloads\esh8.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00065728 _____ C:\Users\Datav90\Downloads\esh4.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00018597 _____ C:\Users\Datav90\Downloads\esh7.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00017003 _____ C:\Users\Datav90\Downloads\esh6.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00016866 _____ C:\Users\Datav90\Downloads\esh5.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00021585 _____ C:\Users\Datav90\Downloads\esh1.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00016557 _____ C:\Users\Datav90\Downloads\esh2.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00014625 _____ C:\Users\Datav90\Downloads\esh3.jpg
2016-12-30 01:30 - 2016-12-30 01:30 - 00054646 _____ C:\Users\Datav90\Downloads\15727125_1791433404451678_2871036148880099708_n.jpg
2016-12-30 01:29 - 2016-12-30 01:29 - 00010587 _____ C:\Users\Datav90\Downloads\15747854_1791433191118366_2791255909819819944_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00011882 _____ C:\Users\Datav90\Downloads\15698046_1791430567785295_5891954741419882554_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00010206 _____ C:\Users\Datav90\Downloads\15747595_1791430614451957_402886003749102938_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00008387 _____ C:\Users\Datav90\Downloads\15726425_1791430457785306_1590105582682755411_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00014437 _____ C:\Users\Datav90\Downloads\15697321_1791430304451988_1599783654902432698_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00011214 _____ C:\Users\Datav90\Downloads\15727013_1791430337785318_2260776694555007145_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010907 _____ C:\Users\Datav90\Downloads\15726941_1791430284451990_7468235468847233939_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010367 _____ C:\Users\Datav90\Downloads\15741205_1791430231118662_7424300965506925307_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00009080 _____ C:\Users\Datav90\Downloads\15697663_1791430081118677_685444044530583677_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008701 _____ C:\Users\Datav90\Downloads\15697744_1791430214451997_599277962521379313_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008412 _____ C:\Users\Datav90\Downloads\15697195_1791430431118642_688240443350783932_n.jpg
2016-12-30 00:54 - 2016-12-30 00:54 - 00065582 _____ C:\Users\Datav90\Downloads\عبد-الرحمن.jpg
2016-12-30 00:52 - 2016-12-30 00:52 - 00078379 _____ C:\Users\Datav90\Downloads\15749660_1810845919202974_1551856833_n.jpg
2016-12-30 00:50 - 2016-12-30 00:50 - 00063452 _____ C:\Users\Datav90\Downloads\sara.jpg
2016-12-30 00:47 - 2016-12-30 00:47 - 00055315 _____ C:\Users\Datav90\Downloads\15781826_1839911066287065_1397427542_n.jpg
2016-12-29 22:32 - 2016-12-29 22:32 - 00023404 _____ C:\Users\Datav90\Downloads\15747732_359819711058758_286862103335593206_n.jpg
2016-12-29 08:55 - 2016-09-19 02:58 - 00295997 _____ C:\Users\Datav90\Documents\SAM_1553.JPG
2016-12-29 08:39 - 2016-12-29 11:31 - 00000722 _____ C:\Users\Datav90\Documents\New Text Document.txt
2016-12-29 07:01 - 2016-12-29 07:01 - 00016789 _____ C:\Users\Datav90\Downloads\06 Upwork Translation_sanitized.docx
2016-12-29 04:32 - 2016-12-29 04:32 - 00096897 _____ C:\Users\Datav90\Downloads\15781656_1374611485917371_7121881180046883649_n.jpg
2016-12-29 04:32 - 2016-12-29 04:32 - 00013311 _____ C:\Users\Datav90\Downloads\15621685_1374611475917372_7113708655159179370_n.jpg
2016-12-29 04:25 - 2016-12-29 04:25 - 00031592 _____ C:\Users\Datav90\Downloads\15697646_10202602289255587_128805314885165344_n.jpg
2016-12-29 04:23 - 2016-12-29 04:23 - 00080473 _____ C:\Users\Datav90\Downloads\946.jpg
2016-12-29 03:22 - 2016-12-29 03:22 - 01122704 _____ C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip
2016-12-29 03:15 - 2016-12-29 03:15 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft Help
2016-12-29 02:32 - 2016-12-29 02:32 - 00016371 _____ C:\Users\Datav90\Downloads\هل تعلم.docx
2016-12-29 02:16 - 2016-12-29 02:16 - 00074754 _____ C:\Users\Datav90\Downloads\attia.jpg
2016-12-29 02:15 - 2016-12-29 02:15 - 00006241 _____ C:\Users\Datav90\Downloads\15780759_1054803921332510_2962458877819057543_n.jpg
2016-12-29 00:47 - 2016-12-29 00:47 - 00028019 _____ C:\Users\Datav90\Downloads\15726378_10154868032978953_4135433702900079780_n.jpg
2016-12-29 00:18 - 2016-12-29 00:18 - 00017978 _____ C:\Users\Datav90\Downloads\mohdy.jpg
2016-12-29 00:17 - 2016-12-29 00:17 - 00040656 _____ C:\Users\Datav90\Downloads\15749450_1219036298187550_10451665_n.jpg
2016-12-28 01:10 - 2016-12-28 01:10 - 00016383 _____ C:\Users\Datav90\Downloads\10897759_1557899027789009_1715249256927502265_n.jpg
2016-12-27 16:32 - 2016-12-27 16:32 - 00000054 _____ C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA.txt
2016-12-27 15:18 - 2016-12-27 15:18 - 00155354 _____ C:\Users\Datav90\Downloads\736.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00146439 _____ C:\Users\Datav90\Downloads\730.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141902 _____ C:\Users\Datav90\Downloads\729.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141256 _____ C:\Users\Datav90\Downloads\735.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00135838 _____ C:\Users\Datav90\Downloads\738.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00133531 _____ C:\Users\Datav90\Downloads\734.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00121913 _____ C:\Users\Datav90\Downloads\733.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00106221 _____ C:\Users\Datav90\Downloads\731.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00104750 _____ C:\Users\Datav90\Downloads\737.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00103829 _____ C:\Users\Datav90\Downloads\732.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00094266 _____ C:\Users\Datav90\Downloads\728.jpg
2016-12-27 02:31 - 2016-12-27 02:31 - 00000000 ____D C:\WINDOWS\Panther
2016-12-27 02:28 - 2016-12-27 02:28 - 00079482 _____ C:\Users\Datav90\Documents\tmp.reg
2016-12-27 01:31 - 2016-12-27 01:31 - 00000000 ____D C:\Users\Datav90\Downloads\FixWin10
2016-12-27 01:29 - 2017-01-03 15:04 - 00000000 ____D C:\Users\Datav90\AppData\Local\CrashDumps
2016-12-27 01:28 - 2016-12-27 01:28 - 00106816 _____ C:\Users\Datav90\Downloads\FixWin10.zip
2016-12-27 01:16 - 2016-12-27 01:16 - 00522710 _____ C:\Users\Datav90\Downloads\AppsDiagnostic.diagcab
2016-12-27 01:08 - 2016-12-27 01:08 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10 (1).diagcab
2016-12-27 00:52 - 2016-12-27 00:52 - 01225688 _____ (SafeBytes Software Inc.) C:\Users\Datav90\Downloads\TotalSystemCare_Installer.exe
2016-12-26 21:12 - 2016-12-26 21:12 - 00035300 _____ C:\Users\Datav90\Downloads\15683510_221074268345787_1626056584_n.jpg
2016-12-26 21:02 - 2016-12-26 21:02 - 00087736 _____ C:\Users\Datav90\Downloads\mostafa.jpg
2016-12-26 14:29 - 2016-12-26 14:29 - 00014750 _____ C:\Users\Datav90\Downloads\15726513_781046515369474_2567044352822146249_n.jpg
2016-12-26 09:44 - 2016-12-26 09:44 - 00011265 _____ C:\Users\Datav90\Downloads\Vision - final -Ali- Dec 22.docx
2016-12-26 09:26 - 2016-12-26 09:26 - 00330534 _____ C:\Users\Datav90\Downloads\15749024_1192879650802048_1648479191_o.png
2016-12-26 08:32 - 2016-12-26 08:32 - 00055486 _____ C:\Users\Datav90\Downloads\15683315_1613799898929410_1185965794_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00040846 _____ C:\Users\Datav90\Downloads\15722638_1613799902262743_259658064_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00038638 _____ C:\Users\Datav90\Downloads\15722662_1613799935596073_607550824_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00031420 _____ C:\Users\Datav90\Downloads\15723939_1613799932262740_907010488_n.jpg
2016-12-26 07:10 - 2016-12-26 07:10 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10.diagcab
2016-12-26 04:45 - 2016-12-27 02:53 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Ipswitch
2016-12-26 04:44 - 2016-12-26 04:44 - 00000000 ____D C:\ProgramData\Ipswitch
2016-12-26 04:11 - 2016-12-26 04:12 - 00001455 _____ C:\Users\Datav90\Downloads\defines.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00001037 _____ C:\Users\Datav90\Downloads\inj.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00000417 _____ C:\Users\Datav90\Downloads\error_log
2016-12-26 04:10 - 2016-12-26 04:10 - 00000000 _____ C:\Users\Datav90\Downloads\bbfb06033226583ab80003e0c7586890
2016-12-26 03:59 - 2016-12-26 03:59 - 00000861 _____ C:\Users\Datav90\Downloads\badrash (1).coreftp
2016-12-26 03:58 - 2016-12-26 04:13 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\CoreFTP
2016-12-26 03:57 - 2016-12-26 03:57 - 00001018 _____ C:\Users\Datav90\Desktop\Core FTP LE.lnk
2016-12-26 03:57 - 2016-12-26 03:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
2016-12-26 03:56 - 2016-12-26 03:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-12-26 03:53 - 2016-12-26 03:56 - 04974659 _____ C:\Users\Datav90\Downloads\coreftplite.exe
2016-12-26 03:53 - 2016-12-26 03:53 - 00000861 _____ C:\Users\Datav90\Downloads\badrash.coreftp
2016-12-26 03:53 - 2016-12-26 03:53 - 00000838 _____ C:\Users\Datav90\Downloads\Secure Ftp badrash.xml
2016-12-26 03:47 - 2016-12-26 03:47 - 00000853 _____ C:\Users\Datav90\Downloads\Ftp datav90@badrashein.com.xml
2016-12-26 03:44 - 2016-12-26 03:44 - 00000838 _____ C:\Users\Datav90\Downloads\Ftp badrash.xml
2016-12-26 03:12 - 2016-12-29 02:07 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla
2016-12-26 03:12 - 2016-12-27 16:32 - 00000000 ____D C:\Users\Datav90\AppData\Local\FileZilla
2016-12-26 03:12 - 2016-12-26 03:12 - 00002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-12-26 03:12 - 2016-12-26 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-12-26 03:11 - 2016-12-26 03:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-12-26 03:10 - 2016-12-26 03:14 - 27522128 _____ C:\Users\Datav90\Downloads\wsftp12.5.1_English_SN4K2142ADXXF3N8I8I61AA5R.exe
2016-12-26 03:09 - 2016-12-26 03:11 - 06668016 _____ (Tim Kosse) C:\Users\Datav90\Downloads\FileZilla_3.23.0.2_win32-setup_bundled2.exe
2016-12-26 02:57 - 2016-12-26 02:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla Server
2016-12-26 02:54 - 2016-12-26 02:55 - 02238848 _____ (FileZilla Project) C:\Users\Datav90\Downloads\FileZilla_Server-0_9_59.exe
2016-12-26 02:36 - 2016-12-26 02:36 - 00000000 ____D C:\Users\Datav90\AppData\Local\Bazwise
2016-12-26 01:36 - 2016-12-26 01:36 - 00000000 ____D C:\ProgramData\Folder Size Explorer
2016-12-26 01:34 - 2016-12-26 01:35 - 01370420 _____ C:\Users\Datav90\Downloads\FolderSizeExplorer-23-OCT-2016-V171.zip
2016-12-25 20:31 - 2016-12-25 20:31 - 00133123 _____ C:\Users\Datav90\Downloads\15697737_1217207225025414_6715923463248477997_n.jpg
2016-12-24 01:10 - 2016-12-24 01:10 - 00048327 _____ C:\Users\Datav90\Downloads\15622181_690461711134726_8011711944848311533_n.jpg
2016-12-24 01:07 - 2016-12-24 01:07 - 00064540 _____ C:\Users\Datav90\Downloads\15590048_1800035033581631_7954651434522340218_n.jpg
2016-12-23 23:20 - 2016-12-23 23:20 - 00020703 _____ C:\Users\Datav90\Downloads\رخص.jpg
2016-12-23 23:19 - 2016-12-23 23:19 - 00041999 _____ C:\Users\Datav90\Downloads\15713180_380417302301769_1628446829_n.jpg
2016-12-23 22:21 - 2016-12-23 22:21 - 00041900 _____ C:\Users\Datav90\Downloads\البان.jpg
2016-12-23 03:09 - 2016-12-23 03:09 - 00024501 _____ C:\Users\Datav90\Downloads\diego-eduardo.jpg
2016-12-23 01:48 - 2016-12-23 01:48 - 00047850 _____ C:\Users\Datav90\Downloads\2016-636180235792457418-245.jpg
2016-12-23 01:22 - 2016-12-23 01:22 - 00088340 _____ C:\Users\Datav90\Downloads\tahlil.jpg
2016-12-23 01:12 - 2016-12-23 01:12 - 00083900 _____ C:\Users\Datav90\Downloads\15390705_136973856788227_8369061297559094453_n.jpg
2016-12-22 02:52 - 2016-12-22 02:52 - 00100920 _____ C:\Users\Datav90\Downloads\1 (1).jpg
2016-12-21 18:46 - 2016-12-21 18:46 - 02914369 _____ C:\Users\Datav90\Downloads\12444005_463587713846125_104851160_n.mp4
2016-12-21 18:33 - 2016-12-21 18:33 - 00021943 _____ C:\Users\Datav90\Downloads\15666222_704861376344436_664292759_n.jpg
2016-12-21 18:33 - 2016-12-21 18:33 - 00012630 _____ C:\Users\Datav90\Downloads\15683065_704373699726537_989221303_n.jpg
2016-12-21 14:36 - 2016-12-21 14:36 - 00234988 _____ C:\Users\Datav90\Downloads\pic_2.jpg
2016-12-21 00:49 - 2016-12-21 00:49 - 00094246 _____ C:\Users\Datav90\Downloads\15645143_935764609887069_1649562990_n.jpg
2016-12-20 20:45 - 2016-12-20 20:45 - 00027127 _____ C:\Users\Datav90\Downloads\13920610_154484784982762_8648536994615444379_n.jpg
2016-12-20 20:41 - 2016-12-20 20:41 - 00013787 _____ C:\Users\Datav90\Downloads\15578741_1255875001139511_5517789743120233867_n.jpg
2016-12-20 17:03 - 2016-12-20 17:03 - 00013717 _____ C:\Users\Datav90\Downloads\15621704_1884696855093911_7324338711842225629_n.jpg
2016-12-20 15:51 - 2016-12-20 15:51 - 00018208 _____ C:\Users\Datav90\Downloads\15578910_1653609548269965_5172276978296957487_n.jpg
2016-12-20 15:11 - 2016-12-20 15:11 - 00074971 _____ C:\Users\Datav90\Downloads\ayat5.jpg
2016-12-20 15:10 - 2016-12-20 15:11 - 00078268 _____ C:\Users\Datav90\Downloads\ayat4.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00089275 _____ C:\Users\Datav90\Downloads\ayat3.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00070887 _____ C:\Users\Datav90\Downloads\ayat2.jpg
2016-12-20 15:09 - 2016-12-20 15:09 - 00075240 _____ C:\Users\Datav90\Downloads\ayat1.jpg
2016-12-20 15:01 - 2016-12-20 15:01 - 00078520 _____ C:\Users\Datav90\Downloads\15673394_241103106325238_546416552_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00094139 _____ C:\Users\Datav90\Downloads\15673220_241102742991941_582186434_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00081513 _____ C:\Users\Datav90\Downloads\15666123_241102966325252_1776948586_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00079345 _____ C:\Users\Datav90\Downloads\15666260_241103056325243_1635308780_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00073337 _____ C:\Users\Datav90\Downloads\15644580_241103072991908_1532055082_n.jpg
2016-12-20 06:04 - 2016-12-20 06:04 - 00036499 _____ C:\Users\Datav90\Downloads\الدالي.jpg
2016-12-19 21:19 - 2016-12-19 21:20 - 01162272 _____ C:\Users\Datav90\Downloads\15569479_1105696322890477_1778779393041104896_n.mp4
2016-12-19 04:32 - 2016-12-09 11:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-19 04:32 - 2016-12-09 11:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-19 04:32 - 2016-12-09 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-19 04:32 - 2016-12-09 11:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-19 04:32 - 2016-12-09 11:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-19 04:31 - 2016-12-09 12:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-19 04:31 - 2016-12-09 12:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-19 04:31 - 2016-12-09 12:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-19 04:31 - 2016-12-09 12:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-19 04:31 - 2016-12-09 12:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-19 04:31 - 2016-12-09 12:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-19 04:31 - 2016-12-09 11:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-19 04:31 - 2016-12-09 11:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-19 04:31 - 2016-12-09 11:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-19 04:31 - 2016-12-09 11:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-19 04:31 - 2016-12-09 11:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-19 04:31 - 2016-12-09 11:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-19 04:31 - 2016-12-09 11:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-19 04:31 - 2016-12-09 11:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-19 04:31 - 2016-12-09 11:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-19 04:31 - 2016-12-09 11:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-19 04:31 - 2016-12-09 11:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-19 04:31 - 2016-12-09 11:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-19 04:31 - 2016-12-09 11:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-19 04:31 - 2016-09-15 18:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-19 04:14 - 2016-12-19 04:22 - 44392789 _____ C:\Users\Datav90\Downloads\rt_audacity_v1.0.rar
2016-12-19 01:42 - 2016-12-19 01:42 - 00019967 _____ C:\Users\Datav90\Downloads\15666039_2009070609319828_423034705_n.jpg
2016-12-19 01:42 - 2016-12-19 01:42 - 00016780 _____ C:\Users\Datav90\Downloads\15644496_2009070549319834_21459477_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00044153 _____ C:\Users\Datav90\Downloads\15541487_1286707674728406_4917506916978523842_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00026916 _____ C:\Users\Datav90\Downloads\15590522_1286707624728411_2224882288721743826_n.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00091360 _____ C:\Users\Datav90\Downloads\tam1.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00089395 _____ C:\Users\Datav90\Downloads\tam2.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00065088 _____ C:\Users\Datav90\Downloads\tam3.jpg
2016-12-18 15:14 - 2016-12-19 04:19 - 00294538 _____ C:\Users\Datav90\Downloads\SAM_1637.JPG
2016-12-18 15:14 - 2016-12-19 04:19 - 00286455 _____ C:\Users\Datav90\Downloads\SAM_1636.JPG
2016-12-18 15:14 - 2016-12-18 15:15 - 00294565 _____ C:\Users\Datav90\Downloads\SAM_1635.JPG
2016-12-18 15:11 - 2016-12-18 14:50 - 02982119 ____N C:\Users\Datav90\Downloads\IMG_20161217_235957.jpg
2016-12-18 15:11 - 2016-12-18 14:49 - 02907811 ____N C:\Users\Datav90\Downloads\IMG_20161217_235942.jpg
2016-12-18 15:11 - 2016-12-18 14:48 - 02812110 ____N C:\Users\Datav90\Downloads\IMG_20161217_235920.jpg
2016-12-18 01:28 - 2016-12-18 01:28 - 00057668 _____ C:\Users\Datav90\Downloads\15622294_1890081321221646_2240084992261860022_n.jpg
2016-12-17 22:07 - 2016-12-17 22:07 - 00069793 _____ C:\Users\Datav90\Downloads\15134567_1272664896110766_5587432740763612292_n.jpg
2016-12-17 01:20 - 2016-12-17 01:20 - 00008464 _____ C:\Users\Datav90\Downloads\15541993_1833258420290522_2335822066002946516_n.jpg
2016-12-16 16:07 - 2016-12-16 16:07 - 00046484 _____ C:\Users\Datav90\Downloads\nesma.jpg
2016-12-16 16:06 - 2016-12-16 16:06 - 00011678 _____ C:\Users\Datav90\Downloads\15591797_1713710115610917_1314929607_n.jpg
2016-12-16 16:04 - 2016-12-16 16:04 - 00046292 _____ C:\Users\Datav90\Downloads\583.jpg
2016-12-16 03:50 - 2016-12-16 03:51 - 00024080 _____ C:\Users\Datav90\Downloads\15589581_739867086171573_7978030631832322959_n.jpg
2016-12-16 01:10 - 2016-12-16 01:10 - 00158891 _____ C:\Users\Datav90\Downloads\nema.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00035606 _____ C:\Users\Datav90\Downloads\15541205_1380816955271073_9036191817213009882_n.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00029679 _____ C:\Users\Datav90\Downloads\15492429_1380816888604413_7589306743660200241_n.jpg
2016-12-15 20:54 - 2016-12-15 20:54 - 00024009 _____ C:\Users\Datav90\Downloads\99807.jpg
2016-12-15 20:43 - 2016-12-15 20:43 - 00040927 _____ C:\Users\Datav90\Downloads\_92981501_c4ccafe2-f1d8-40e9-b58b-002e9df5cbe6.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00037506 _____ C:\Users\Datav90\Downloads\15442365_1281164158572999_5708725606552780280_n.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00015346 _____ C:\Users\Datav90\Downloads\15578570_1281164015239680_3565590128071369348_n.jpg
2016-12-14 12:06 - 2016-12-14 12:07 - 00045500 _____ C:\Users\Datav90\Downloads\347.jpg
2016-12-14 00:32 - 2016-12-14 00:32 - 00070777 _____ C:\Users\Datav90\Downloads\15380309_1709843812663036_4409407772544437826_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00079879 _____ C:\Users\Datav90\Downloads\15541525_243658566065698_6342690252898199417_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00071750 _____ C:\Users\Datav90\Downloads\15390736_243658519399036_2659207842868567611_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00061178 _____ C:\Users\Datav90\Downloads\15420847_243658446065710_5921352442998396276_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00038138 _____ C:\Users\Datav90\Downloads\15391158_243658542732367_6813489041534924004_n.jpg
2016-12-13 00:47 - 2016-12-13 00:47 - 00055165 _____ C:\Users\Datav90\Downloads\15542021_1269433389813807_1235259025878969592_n.jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505 (1).jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00033654 _____ C:\Users\Datav90\Downloads\34809-693abab1-fe1e-4144-91e0-2bdfdc36328a.jpg
2016-12-12 15:05 - 2016-12-12 15:05 - 00076984 _____ C:\Users\Datav90\Downloads\86442-a125f272-96bd-4c41-adab-ed0f04f27161.jpg
2016-12-12 15:03 - 2016-12-12 15:03 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505.jpg
2016-12-12 14:50 - 2016-12-12 14:50 - 00065187 _____ C:\Users\Datav90\Downloads\لشششش.jpg
2016-12-12 00:16 - 2016-12-12 00:16 - 00177932 _____ C:\Users\Datav90\Downloads\15398885_735620503269226_410214808_o.jpg
2016-12-10 21:09 - 2016-12-10 21:09 - 00052138 _____ C:\Users\Datav90\Downloads\15356080_1723250114657220_1959023838_n.jpg
2016-12-10 20:59 - 2016-12-10 20:59 - 00049816 _____ C:\Users\Datav90\Downloads\38c9604f31b08735863ba676d7f09c8a.jpg
2016-12-10 07:19 - 2016-11-11 10:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 07:19 - 2016-11-11 10:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 07:19 - 2016-11-11 09:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 07:19 - 2016-11-11 09:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 07:19 - 2016-11-11 09:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 07:19 - 2016-11-11 09:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 07:19 - 2016-11-11 09:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-10 07:19 - 2016-11-11 09:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 07:19 - 2016-11-11 09:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 07:19 - 2016-11-11 09:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 07:19 - 2016-11-11 09:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 07:19 - 2016-11-11 09:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 07:19 - 2016-11-11 09:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 07:19 - 2016-11-11 09:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 07:19 - 2016-11-11 09:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 07:19 - 2016-11-11 09:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 07:19 - 2016-11-11 09:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 07:19 - 2016-11-11 09:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 07:19 - 2016-11-11 09:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 07:19 - 2016-11-11 09:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 07:19 - 2016-11-11 09:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 07:19 - 2016-11-11 09:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 07:19 - 2016-11-11 09:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-10 07:19 - 2016-11-11 09:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 07:19 - 2016-11-11 09:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 07:19 - 2016-11-11 09:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 07:19 - 2016-11-11 09:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 07:19 - 2016-11-11 09:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-08 16:51 - 2016-12-08 16:53 - 02383507 _____ C:\Users\Datav90\Downloads\15445175_1818689765075574_2785128382688395264_n.mp4
2016-12-08 16:49 - 2016-12-08 16:50 - 00156876 _____ C:\Users\Datav90\Documents\15424527_1164511423604257_1633711776_n.jpg
2016-12-08 16:43 - 2016-12-08 16:43 - 00071776 _____ C:\Users\Datav90\Documents\15326441_1139332409482788_8224781207746921100_n.jpg
2016-12-08 11:40 - 2016-12-08 11:41 - 03073529 _____ C:\Users\Datav90\Downloads\15315941_1833014716952129_1369930048701726720_n.mp4
2016-12-08 11:26 - 2016-12-08 11:26 - 00090427 _____ C:\Users\Datav90\Documents\15435874_830266523781786_253559807_n.jpg
2016-12-08 08:49 - 2016-12-08 08:49 - 00015880 _____ C:\Users\Datav90\Documents\15337578_1110498785736648_5770530851665041560_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00047128 _____ C:\Users\Datav90\Downloads\15327457_10210279915327965_5751880802827965275_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00014232 _____ C:\Users\Datav90\Downloads\15267583_1798038690471973_6303314785682517112_n.jpg
2016-12-06 22:10 - 2016-12-06 22:10 - 00050665 _____ C:\Users\Datav90\Downloads\15409962_786367504843820_881457125_o.jpg
2016-12-06 22:04 - 2016-12-06 22:04 - 00081627 _____ C:\Users\Datav90\Downloads\15368766_786368694843701_1803954973_o.jpg
2016-12-06 15:47 - 2016-12-06 15:47 - 00084835 _____ C:\Users\Datav90\Downloads\15397719_1270465743009032_1864833973_o.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:02 - 2016-08-14 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-04 19:01 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90
2017-01-04 19:01 - 2016-07-16 04:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-04 18:54 - 2016-01-29 17:07 - 00273232 _____ C:\WINDOWS\ntbtlog.txt
2017-01-04 11:18 - 2016-08-14 16:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 03:23 - 2016-08-16 01:48 - 00000000 ____D C:\Users\Datav90\AppData\Local\Adobe
2017-01-04 00:17 - 2016-04-24 04:04 - 00000000 ____D C:\PlantsVsZombies Game Of The Year
2017-01-03 09:49 - 2016-08-16 01:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-03 05:24 - 2016-09-14 06:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-03 01:33 - 2016-08-22 00:45 - 00001456 _____ C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-02 12:06 - 2016-08-14 19:50 - 00000000 ____D C:\Users\Datav90\AppData\Local\Packages
2017-01-02 11:58 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-02 11:57 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-31 21:22 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-31 21:15 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 21:15 - 2016-08-14 16:41 - 00065536 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TM.blf
2016-12-29 08:55 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Documents
2016-12-29 07:01 - 2016-08-14 16:41 - 00000000 ___SD C:\Users\Datav90\AppData\Roaming\Microsoft
2016-12-28 03:26 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-27 03:19 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-27 02:53 - 2016-08-29 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-27 01:47 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-26 17:09 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\Logs
2016-12-26 07:13 - 2016-09-22 20:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\ElevatedDiagnostics
2016-12-26 06:00 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-26 03:21 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 03:16 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft
2016-12-25 20:47 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-19 18:05 - 2016-07-16 04:22 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-19 18:04 - 2016-08-14 16:38 - 03775136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-19 18:03 - 2016-08-14 16:38 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 18:03 - 2016-08-14 16:38 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TM.blf
2016-12-19 18:02 - 2016-07-16 10:30 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\apppatch
2016-12-19 18:02 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-17 12:01 - 2016-08-14 19:53 - 00002369 _____ C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-17 12:01 - 2016-08-14 19:53 - 00000000 ___RD C:\Users\Datav90\OneDrive
2016-12-16 04:48 - 2016-08-16 01:30 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 04:48 - 2016-08-16 01:30 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:29 - 2016-08-16 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:27 - 2016-08-16 00:16 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-11 00:15 - 2016-08-14 16:50 - 01103134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 00:15 - 2016-07-16 10:31 - 00844762 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-11 00:15 - 2016-07-16 10:31 - 00243552 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-11 00:11 - 2016-08-14 19:50 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-11 00:11 - 2016-08-14 19:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000436 ___SH C:\Users\Datav90\Desktop\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000402 ___SH C:\Users\Datav90\Documents\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000282 ___SH C:\Users\Datav90\Downloads\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Videos
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Searches
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Saved Games
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Pictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Music
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Links
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Favorites
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Contacts
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 00:07 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000001.regtrans-ms
2016-12-08 20:49 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Datav90\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Datav90\AppData\Local\Temp\libeay32.dll
C:\Users\Datav90\AppData\Local\Temp\msvcr120.dll
C:\Users\Datav90\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-14 16:38

==================== End of FRST.txt ============================
 
#3
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Datav90 (04-01-2017 19:07:58)
Running from C:\Users\Datav90\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-08-14 17:49:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3546961264-2073685745-768210978-500 - Administrator - Disabled)
Datav90 (S-1-5-21-3546961264-2073685745-768210978-1000 - Administrator - Enabled) => C:\Users\Datav90
DefaultAccount (S-1-5-21-3546961264-2073685745-768210978-503 - Limited - Disabled)
Guest (S-1-5-21-3546961264-2073685745-768210978-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acronis True Image 2016 (HKLM\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
CyberLink PowerDirector 14 (HKLM\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dell System Detect (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Facebook Gameroom 1.1.3.1 (HKLM\...\{A3C248A7-BF21-4C3A-9C10-2D56F59460CD}) (Version: 1.1.3.1 - Facebook)
FileZilla Client 3.23.0.2 (HKLM\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
FlashGet3.7 (HKLM\...\FlashGet3.7) (Version: 3.7.0.1195 - hxxp://www.FlashGet.com)
Free YouTube Downloader 4.1.540 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Games Manager (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\GamesManager) (Version: 2.6.0.496 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{61D7B517-5914-41D4-BD27-927163631227}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM\...\{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
K-Lite Codec Pack 12.3.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Titler Pro for Windows (HKLM\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Plants Vs Zombies: Game of the Year Edition (HKLM\...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - iWin.com)
Plants vs. Zombies(TM) (remove only) (HKLM\...\Plants vs. Zombies(TM)) (Version: - )
PowerISO (HKLM\...\PowerISO) (Version: 6.4 - Power Software Ltd)
proDAD Adorage 3.0 (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
Upwork version 4.2.115.0 (HKLM\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.115.0 - Upwork, Inc)
XAMPP (HKLM\...\xampp) (Version: 5.6.23-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B461EBD-C226-4401-9A07-12B5137E9B0D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FB6CA67-932F-4EAF-B9F7-A86FB36DCCB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {14294684-59FB-41C7-8B08-0B88265FB627} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-31] (Adobe Systems Incorporated)
Task: {1DF6D448-EBBE-4D91-9CDE-B302DA73D7E1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {290FF108-8F3D-4FFA-8AB7-DE2E8B30B2C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F226882-BEFA-445E-B4F6-70B816585FD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-01-02] (Microsoft Corporation)
Task: {32E3CCFB-4C77-4AB1-9668-7CA21C62DDB4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {343AC552-F025-46F6-BCAB-200AC94519F8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B624D98-7F84-437E-AEDD-757A3F439CA1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {493F6142-0BBD-48C6-A70F-B41D846DA5C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AD09A9-2485-4CBB-BE0F-EF00C081D02D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4AC606DA-DD00-43FC-BFA6-2F7F9F821376} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E61AD6C-95DD-4A84-94C5-7BF4FF66A0D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54A6A44F-DAF5-4CD5-A802-223E89713020} - System32\Tasks\AdobeAAMUpdater-1.0-Datav90-PC-Datav90 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {5ED585F6-A35F-49CC-935D-EFD304C03877} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks\{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads
Task: {73A17262-5276-4506-A544-D2A306CDC29C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {73F7F7EA-AF61-4BA2-82E7-02CB32597A23} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {747FF417-6FC5-406C-9BDE-3C33E1C19A33} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8053BBCD-8C18-4681-96D5-8B9D0ADD0193} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {805A3EE6-168C-4470-8AC7-B96143F0861C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {821A7999-BC63-4A15-927B-EBAA0ABCFAFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E3E431-8D7C-4B5D-8C80-C668806471C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {88C3EB22-F607-4649-A7FE-A4E17E635C6B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {8998F47B-843F-4BEC-9F26-1C2BDC7821DE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {8C2778AA-EC2C-4959-BD78-A815CFB54C36} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-15] (Microsoft Corporation)
Task: {97D949BA-F7BD-4B40-91AB-783926AE19FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-01-02] (Microsoft Corporation)
Task: {9AC75CCF-9B5B-44DC-8935-CB01887D85FA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7BEDC40-A604-4005-B51F-2ECCF136D24E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {A80FA2EC-E6EA-46D2-B992-E49ADB79E8F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B9D7CB82-CA93-4A42-8D1B-CC23DDB8A104} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA9D357-3D0F-4C63-BC8E-016DCA939BBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {ED6CFF1B-234C-4200-B182-7BF232F1F161} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EE78825D-7154-4C27-A287-320734E95AC5} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {F1AD2998-CAC6-4631-AA1B-020630068E65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk -> C:\Users\Datav90\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-02 11:47 - 2015-08-15 23:55 - 00135232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\sqlite3.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 12:00 - 2016-12-17 12:00 - 01244376 _____ () C:\Users\Datav90\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2017-01-02 11:52 - 2017-01-02 11:52 - 08903232 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:48 - 2016-11-02 12:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-21 02:39 - 2016-08-06 05:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:48 - 2016-11-02 12:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-22 08:20 - 2016-12-22 08:22 - 30768640 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x86__8wekyb3d8bbwe\XboxApp.dll
2016-11-11 11:45 - 2016-11-11 11:47 - 00678400 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x86__8wekyb3d8bbwe\sqlite3.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 19:31 - 2016-12-14 19:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 07211112 _____ () C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-11-26 10:43 - 2015-11-26 10:43 - 00056752 _____ () C:\Program Files\Common Files\Acronis\Home\rpc_client.dll
2016-08-12 11:35 - 2016-08-12 11:35 - 40523480 _____ () C:\Program Files\Common Files\Adobe\AdobeGCClient\libcef.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-12-31 11:11 - 2016-12-13 18:35 - 02218792 _____ () C:\Program Files\Upwork\upwork.exe
2016-12-31 11:11 - 2016-12-07 08:01 - 52043776 _____ () C:\Program Files\Upwork\libcef.dll
2012-01-06 09:53 - 2012-01-06 09:53 - 00249856 _____ () C:\Program Files\FlashGet Network\FlashGet 3\BugReport.dll
2012-01-06 13:20 - 2012-01-06 13:20 - 00059016 _____ () C:\Program Files\FlashGet Network\FlashGet 3\zlib.dll
2012-01-06 09:53 - 2012-01-06 09:53 - 00262144 _____ () C:\Program Files\FlashGet Network\FlashGet 3\ckcore.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01179136 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 52839936 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libcef.dll
2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00802816 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01796608 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libglesv2.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00078848 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-08-16 06:56 - 00001132 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C4CC154E-919B-41C6-B776-FAE0AF1D6B71}] => C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{C6A19585-0C56-4C40-A082-CB9DAB47F52B}] => C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{ADF06669-93BC-4DBF-8433-4329AD584931}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8B956982-0979-4C29-B142-FD05BD457D96}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{22E5FFE6-3E10-410B-B007-804FE0D72594}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{C6EC10C5-54BB-43B8-ADFF-5988760217D5}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C3D9825D-97AE-4F3C-91A0-713388F20C62}] => C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{5A1B1DFE-C2FE-4000-BDC6-1ABE43B140C5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A423CDB-BB7F-498C-9C22-4F51A401F5C4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D95E8E1-C539-48F2-B735-F3A68D4ECAE4}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{549FEAF5-51B3-44BD-87DC-BE672DEC7479}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [UDP Query User{7C26711B-D3C3-4064-B8C2-724474B1A6BD}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [TCP Query User{F3B2373A-D233-4168-B1CA-A42AE4898C96}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{2425C900-D598-4655-BAEC-A3491A4CD887}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{CC722752-78F7-4EBB-B9A7-25FAF59B5C0A}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{8BC99953-22F6-4E45-861F-35D5F15BE93B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{40B66D3A-7CFA-42DD-9F8B-D6D20F7F071B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [UDP Query User{08B14589-8EE9-4212-B558-50D012C45F8B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [{8C849EDE-8146-441E-9A82-5DF35B56AEF0}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B1227832-7956-4BBE-97CE-6DCEDF9A660E}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C352655A-1625-4246-979B-2C12CB2FDBE6}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3AC3D3AF-2B94-48D0-9486-D73C9258B86E}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EB72103F-8E23-4C66-BFA2-8F80226FFFA4}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3331868B-6C5E-4D47-A2FA-1A29AA1F7456}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{F0AB04F9-A0E0-4921-8523-2D0A52AB44F1}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{BE316145-D544-414E-A7C7-DDAAF7F79D6C}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{D6058749-4878-4FD1-ADFA-0E2577BEA099}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{44164034-5116-4E1F-8326-DE6FBE660214}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2017 05:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:24:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\powerdirector14\muitransfer\MUIStartMenuX64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:05:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:01:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e90

Start Time: 01d2668e66efcb5a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 17101f66-d286-11e6-a1cd-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 03:59:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app ZeptoLabUKLimited.KingofThieves_sq9zxnwrk84pj!game failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 03:46:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/04/2017 07:03:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:03:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2017 07:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TheFreeWeatherService service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/04/2017 07:02:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:01:31 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/04/2017 07:01:13 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/04/2017 07:01:09 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2017-01-04 19:06:59.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-04 19:06:59.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-03 05:20:14.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-03 05:20:14.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 11:40:17.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 11:40:17.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3547.61 MB
Available physical RAM: 1524.97 MB
Total Virtual: 7131.61 MB
Available Virtual: 4819.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:1.35 GB) NTFS
Drive d: () (Fixed) (Total:56.33 GB) (Free:0.21 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (E) (Fixed) (Total:191.95 GB) (Free:109.35 GB) FAT32
Drive f: (F) (Fixed) (Total:188.09 GB) (Free:91.35 GB) FAT32
Drive g: (SAN_ANDREAS) (CDROM) (Total:4.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 63C463C4)
Partition 1: (Active) - (Size=56.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=409.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
 
#4
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-04 19:04:31
-----------------------------
19:04:31.945 OS Version: Windows 6.2.9200
19:04:31.945 Number of processors: 2 586 0x170A
19:04:31.945 ComputerName: DATAV90-PC UserName: Datav90
19:04:41.223 Initialize success
19:04:42.225 VM: initialized successfully
19:04:42.227 VM: Intel CPU BiosDisabled
19:05:11.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:05:11.850 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476938MB BusType: 3
19:05:12.014 Disk 0 MBR read successfully
19:05:12.016 Disk 0 MBR scan
19:05:12.018 Disk 0 Windows 7 default MBR code
19:05:12.026 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 57694 MB offset 63
19:05:12.028 Disk 0 Partition - 00 0F Extended LBA 419243 MB offset 118158075
19:05:12.042 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 29996 MB offset 118158138
19:05:12.045 Disk 0 Partition - 00 05 Extended 196600 MB offset 179590635
19:05:12.066 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 196600 MB offset 179590698
19:05:12.069 Disk 0 Partition - 00 05 Extended 192646 MB offset 643660290
19:05:12.129 Disk 0 Partition 4 00 0B FAT32 MSWIN4.1 192646 MB offset 582227793
19:05:12.161 Disk 0 scanning sectors +976768065
19:05:12.248 Disk 0 scanning C:\WINDOWS\system32\drivers
19:05:31.237 Service scanning
19:05:46.424 Modules scanning
19:05:46.424 Disk 0 trace - called modules:
19:05:46.439 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
19:05:46.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa7b638]
19:05:46.455 3 CLASSPNP.SYS[86fc423a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85893288]
19:05:46.455 Disk 0 statistics 100704/0/0 @ 3.86 MB/s
19:05:46.455 Scan finished successfully
19:06:11.675 Disk 0 MBR has been saved successfully to "C:\Users\Datav90\Desktop\MBR.dat"
19:06:11.769 The log file has been saved successfully to "C:\Users\Datav90\Desktop\aswMBR.txt"
 
#7
Thank you Sir
i uninstalled office as you asked and thats the new log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Datav90 (administrator) on DATAV90-PC (04-01-2017 23:49:26)
Running from C:\Users\Datav90\Desktop
Loaded Profiles: Datav90 (Available Profiles: Datav90)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\Upwork\upwork.exe
() C:\Program Files\Upwork\upwork.exe
(Facebook) C:\Users\Datav90\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
() C:\Program Files\Upwork\upwork.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x86__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42037.0_x86__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(The CefSharp Authors) C:\Users\Datav90\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Temp\ose00000.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-10-08] (Power Software Ltd)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [Upwork] => C:\Program Files\Upwork\upwork.exe [2218792 2016-12-13] ()
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [FlashGet 3] => C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe [3083712 2012-01-09] (Trend Media Corporation Limited)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: H - "H:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - "I:\iStudio.exe"
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2015-11-11] (Acronis)
Startup: C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-11-29]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Datav90\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6baf1436-5a7e-4bd8-ae41-6fb725d46c8f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Datav90\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-01-06] (Trend Media Group)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]
CHR Extension: (Google Slides) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-16]
CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-09-19]
CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-16]
CHR Extension: (Google Drive) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-16]
CHR Extension: (YouTube) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-16]
CHR Extension: (Intelligence Search) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\dipfggodcibdmflidbceoaanadclgomm [2016-11-25]
CHR Extension: (Group Invite All) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeajicmampllnpkmfimkhefbndkfeloo [2016-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-17]
CHR Extension: (Google Sheets) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (Instant Translate: Select and Translate) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2016-12-16]
CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [950584 2015-11-26] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [4463960 2016-01-29] (Acronis)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 mmsminisrv; C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [253776 2014-10-20] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7637744 2015-11-06] (Acronis)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59968 2016-12-14] ()
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [249184 2016-01-29] (Acronis International GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [153024 2017-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [87496 2017-01-04] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39360 2017-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [73152 2017-01-04] (Malwarebytes)
R1 MpKsl5a6c220d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys [39168 2017-01-04] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 NPF; C:\Users\Datav90\Downloads\Selfishnet win 7\npf.sys [42000 2007-01-25] (CACE Technologies)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [685400 2016-01-29] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [156504 2016-01-29] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\System32\DRIVERS\tnd.sys [398680 2016-01-29] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [229720 2016-01-29] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed]
U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 19:06 - 2017-01-04 19:06 - 00002218 _____ C:\Users\Datav90\Desktop\aswMBR.txt
2017-01-04 19:06 - 2017-01-04 19:06 - 00000512 _____ C:\Users\Datav90\Desktop\MBR.dat
2017-01-04 19:04 - 2017-01-04 23:50 - 00016864 _____ C:\Users\Datav90\Desktop\FRST.txt
2017-01-04 16:57 - 2017-01-04 16:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-04 15:34 - 2017-01-04 15:34 - 00153024 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-04 15:33 - 2017-01-04 22:04 - 00073152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:33 - 2017-01-04 19:03 - 00087496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00219072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-04 15:33 - 2017-01-04 19:02 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 15:33 - 2017-01-04 15:33 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-04 15:33 - 2017-01-04 15:33 - 00000000 ____D C:\Program Files\CCleaner
2017-01-04 15:33 - 2016-12-14 12:55 - 00059968 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-01-04 15:32 - 2017-01-04 16:21 - 00000000 ____D C:\AdwCleaner
2017-01-04 06:46 - 2017-01-04 06:47 - 02665984 _____ C:\Users\Datav90\Downloads\ZHPCleaner.exe
2017-01-04 05:48 - 2017-01-04 23:49 - 00000000 ____D C:\FRST
2017-01-04 05:47 - 2017-01-04 05:34 - 01760256 _____ (Farbar) C:\Users\Datav90\Desktop\FRST.exe
2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe
2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload
2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp
2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe
2017-01-04 03:09 - 2017-01-04 19:11 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-04 01:14 - 2017-01-04 01:19 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-01-02 12:14 - 2017-01-02 12:14 - 00000000 ____D C:\Users\Datav90\AppData\Local\mpress
2017-01-02 12:04 - 2017-01-02 12:04 - 00003621 _____ C:\Users\Public\Desktop\R@1n.txt
2017-01-02 12:03 - 2017-01-02 12:03 - 00023040 _____ C:\WINDOWS\KMS-R@1n111.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00004608 _____ C:\WINDOWS\KMS-R@1nHoo111k.exe
2017-01-02 12:03 - 2017-01-02 12:03 - 00003584 _____ C:\WINDOWS\KMS-R@1nHook111.dll
2017-01-02 11:59 - 2017-01-02 11:59 - 00000000 ____D C:\Users\Datav90\Desktop\BASEM ELHLAWANYY-ACT-WOROF
2017-01-02 11:51 - 2017-01-04 18:51 - 00000305 _____ C:\WINDOWS\system32\secushr.dat
2017-01-02 02:22 - 2017-01-04 19:08 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\BITS
2017-01-02 02:22 - 2017-01-02 02:22 - 00001282 _____ C:\Users\Datav90\Desktop\FlashGet3.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00001257 _____ C:\Users\Datav90\Desktop\FlashGet downloads.lnk
2017-01-02 02:22 - 2017-01-02 02:22 - 00000025 _____ C:\WINDOWS\libem.INI
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
2017-01-02 02:22 - 2017-01-02 02:22 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashgetSetup
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGetBHO
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FlashGet
2017-01-02 02:21 - 2017-01-02 02:21 - 00000000 ____D C:\Program Files\FlashGet Network
2017-01-02 02:17 - 2017-01-02 02:21 - 08041792 _____ (Trend Media Corporation Limited.) C:\Users\Datav90\Downloads\flashget3.7.0.1195en.exe
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Users\Datav90\AppData\Local\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2016-12-31 11:11 - 2016-12-31 11:11 - 00000000 ____D C:\Program Files\Upwork
2016-12-31 11:02 - 2016-12-31 11:11 - 27615024 _____ (Upwork, Inc ) C:\Users\Datav90\Downloads\UpworkSetup.exe
2016-12-31 10:34 - 2016-12-31 10:34 - 00009975 _____ C:\Users\Datav90\Downloads\photo 2.jpg
2016-12-31 08:19 - 2016-12-31 08:20 - 00172803 _____ C:\Users\Datav90\Downloads\coachesforscraping.csv
2016-12-31 02:13 - 2016-12-31 02:15 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (2).zip
2016-12-31 02:05 - 2016-12-31 02:11 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package.zip
2016-12-31 02:05 - 2016-12-31 02:09 - 10855871 _____ C:\Users\Datav90\Downloads\Joomla_3.6.5-Stable-Update_Package (1).zip
2016-12-30 01:37 - 2016-12-30 01:37 - 00017143 _____ C:\Users\Datav90\Downloads\esh8.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00065728 _____ C:\Users\Datav90\Downloads\esh4.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00018597 _____ C:\Users\Datav90\Downloads\esh7.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00017003 _____ C:\Users\Datav90\Downloads\esh6.jpg
2016-12-30 01:36 - 2016-12-30 01:36 - 00016866 _____ C:\Users\Datav90\Downloads\esh5.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00021585 _____ C:\Users\Datav90\Downloads\esh1.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00016557 _____ C:\Users\Datav90\Downloads\esh2.jpg
2016-12-30 01:34 - 2016-12-30 01:34 - 00014625 _____ C:\Users\Datav90\Downloads\esh3.jpg
2016-12-30 01:30 - 2016-12-30 01:30 - 00054646 _____ C:\Users\Datav90\Downloads\15727125_1791433404451678_2871036148880099708_n.jpg
2016-12-30 01:29 - 2016-12-30 01:29 - 00010587 _____ C:\Users\Datav90\Downloads\15747854_1791433191118366_2791255909819819944_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00011882 _____ C:\Users\Datav90\Downloads\15698046_1791430567785295_5891954741419882554_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00010206 _____ C:\Users\Datav90\Downloads\15747595_1791430614451957_402886003749102938_n.jpg
2016-12-30 01:28 - 2016-12-30 01:28 - 00008387 _____ C:\Users\Datav90\Downloads\15726425_1791430457785306_1590105582682755411_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00014437 _____ C:\Users\Datav90\Downloads\15697321_1791430304451988_1599783654902432698_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00011214 _____ C:\Users\Datav90\Downloads\15727013_1791430337785318_2260776694555007145_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010907 _____ C:\Users\Datav90\Downloads\15726941_1791430284451990_7468235468847233939_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00010367 _____ C:\Users\Datav90\Downloads\15741205_1791430231118662_7424300965506925307_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00009080 _____ C:\Users\Datav90\Downloads\15697663_1791430081118677_685444044530583677_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008701 _____ C:\Users\Datav90\Downloads\15697744_1791430214451997_599277962521379313_n.jpg
2016-12-30 01:27 - 2016-12-30 01:27 - 00008412 _____ C:\Users\Datav90\Downloads\15697195_1791430431118642_688240443350783932_n.jpg
2016-12-30 00:54 - 2016-12-30 00:54 - 00065582 _____ C:\Users\Datav90\Downloads\عبد-الرحمن.jpg
2016-12-30 00:52 - 2016-12-30 00:52 - 00078379 _____ C:\Users\Datav90\Downloads\15749660_1810845919202974_1551856833_n.jpg
2016-12-30 00:50 - 2016-12-30 00:50 - 00063452 _____ C:\Users\Datav90\Downloads\sara.jpg
2016-12-30 00:47 - 2016-12-30 00:47 - 00055315 _____ C:\Users\Datav90\Downloads\15781826_1839911066287065_1397427542_n.jpg
2016-12-29 22:32 - 2016-12-29 22:32 - 00023404 _____ C:\Users\Datav90\Downloads\15747732_359819711058758_286862103335593206_n.jpg
2016-12-29 08:55 - 2016-09-19 02:58 - 00295997 _____ C:\Users\Datav90\Documents\SAM_1553.JPG
2016-12-29 08:39 - 2016-12-29 11:31 - 00000722 _____ C:\Users\Datav90\Documents\New Text Document.txt
2016-12-29 07:01 - 2016-12-29 07:01 - 00016789 _____ C:\Users\Datav90\Downloads\06 Upwork Translation_sanitized.docx
2016-12-29 04:32 - 2016-12-29 04:32 - 00096897 _____ C:\Users\Datav90\Downloads\15781656_1374611485917371_7121881180046883649_n.jpg
2016-12-29 04:32 - 2016-12-29 04:32 - 00013311 _____ C:\Users\Datav90\Downloads\15621685_1374611475917372_7113708655159179370_n.jpg
2016-12-29 04:25 - 2016-12-29 04:25 - 00031592 _____ C:\Users\Datav90\Downloads\15697646_10202602289255587_128805314885165344_n.jpg
2016-12-29 04:23 - 2016-12-29 04:23 - 00080473 _____ C:\Users\Datav90\Downloads\946.jpg
2016-12-29 03:22 - 2016-12-29 03:22 - 01122704 _____ C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip
2016-12-29 03:15 - 2016-12-29 03:15 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft Help
2016-12-29 02:32 - 2016-12-29 02:32 - 00016371 _____ C:\Users\Datav90\Downloads\هل تعلم.docx
2016-12-29 02:16 - 2016-12-29 02:16 - 00074754 _____ C:\Users\Datav90\Downloads\attia.jpg
2016-12-29 02:15 - 2016-12-29 02:15 - 00006241 _____ C:\Users\Datav90\Downloads\15780759_1054803921332510_2962458877819057543_n.jpg
2016-12-29 00:47 - 2016-12-29 00:47 - 00028019 _____ C:\Users\Datav90\Downloads\15726378_10154868032978953_4135433702900079780_n.jpg
2016-12-29 00:18 - 2016-12-29 00:18 - 00017978 _____ C:\Users\Datav90\Downloads\mohdy.jpg
2016-12-29 00:17 - 2016-12-29 00:17 - 00040656 _____ C:\Users\Datav90\Downloads\15749450_1219036298187550_10451665_n.jpg
2016-12-28 01:10 - 2016-12-28 01:10 - 00016383 _____ C:\Users\Datav90\Downloads\10897759_1557899027789009_1715249256927502265_n.jpg
2016-12-27 16:32 - 2016-12-27 16:32 - 00000054 _____ C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA.txt
2016-12-27 15:18 - 2016-12-27 15:18 - 00155354 _____ C:\Users\Datav90\Downloads\736.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00146439 _____ C:\Users\Datav90\Downloads\730.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141902 _____ C:\Users\Datav90\Downloads\729.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00141256 _____ C:\Users\Datav90\Downloads\735.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00135838 _____ C:\Users\Datav90\Downloads\738.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00133531 _____ C:\Users\Datav90\Downloads\734.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00121913 _____ C:\Users\Datav90\Downloads\733.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00106221 _____ C:\Users\Datav90\Downloads\731.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00104750 _____ C:\Users\Datav90\Downloads\737.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00103829 _____ C:\Users\Datav90\Downloads\732.jpg
2016-12-27 15:18 - 2016-12-27 15:18 - 00094266 _____ C:\Users\Datav90\Downloads\728.jpg
2016-12-27 02:28 - 2016-12-27 02:28 - 00079482 _____ C:\Users\Datav90\Documents\tmp.reg
2016-12-27 01:31 - 2016-12-27 01:31 - 00000000 ____D C:\Users\Datav90\Downloads\FixWin10
2016-12-27 01:29 - 2017-01-03 15:04 - 00000000 ____D C:\Users\Datav90\AppData\Local\CrashDumps
2016-12-27 01:28 - 2016-12-27 01:28 - 00106816 _____ C:\Users\Datav90\Downloads\FixWin10.zip
2016-12-27 01:16 - 2016-12-27 01:16 - 00522710 _____ C:\Users\Datav90\Downloads\AppsDiagnostic.diagcab
2016-12-27 01:08 - 2016-12-27 01:08 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10 (1).diagcab
2016-12-27 00:52 - 2016-12-27 00:52 - 01225688 _____ (SafeBytes Software Inc.) C:\Users\Datav90\Downloads\TotalSystemCare_Installer.exe
2016-12-26 21:12 - 2016-12-26 21:12 - 00035300 _____ C:\Users\Datav90\Downloads\15683510_221074268345787_1626056584_n.jpg
2016-12-26 21:02 - 2016-12-26 21:02 - 00087736 _____ C:\Users\Datav90\Downloads\mostafa.jpg
2016-12-26 14:29 - 2016-12-26 14:29 - 00014750 _____ C:\Users\Datav90\Downloads\15726513_781046515369474_2567044352822146249_n.jpg
2016-12-26 09:44 - 2016-12-26 09:44 - 00011265 _____ C:\Users\Datav90\Downloads\Vision - final -Ali- Dec 22.docx
2016-12-26 09:26 - 2016-12-26 09:26 - 00330534 _____ C:\Users\Datav90\Downloads\15749024_1192879650802048_1648479191_o.png
2016-12-26 08:32 - 2016-12-26 08:32 - 00055486 _____ C:\Users\Datav90\Downloads\15683315_1613799898929410_1185965794_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00040846 _____ C:\Users\Datav90\Downloads\15722638_1613799902262743_259658064_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00038638 _____ C:\Users\Datav90\Downloads\15722662_1613799935596073_607550824_n.jpg
2016-12-26 08:32 - 2016-12-26 08:32 - 00031420 _____ C:\Users\Datav90\Downloads\15723939_1613799932262740_907010488_n.jpg
2016-12-26 07:10 - 2016-12-26 07:10 - 00000499 _____ C:\Users\Datav90\Downloads\Appsdiagnostic10.diagcab
2016-12-26 04:45 - 2016-12-27 02:53 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Ipswitch
2016-12-26 04:44 - 2016-12-26 04:44 - 00000000 ____D C:\ProgramData\Ipswitch
2016-12-26 04:11 - 2016-12-26 04:12 - 00001455 _____ C:\Users\Datav90\Downloads\defines.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00001037 _____ C:\Users\Datav90\Downloads\inj.php
2016-12-26 04:10 - 2016-12-26 04:10 - 00000417 _____ C:\Users\Datav90\Downloads\error_log
2016-12-26 04:10 - 2016-12-26 04:10 - 00000000 _____ C:\Users\Datav90\Downloads\bbfb06033226583ab80003e0c7586890
2016-12-26 03:59 - 2016-12-26 03:59 - 00000861 _____ C:\Users\Datav90\Downloads\badrash (1).coreftp
2016-12-26 03:58 - 2016-12-26 04:13 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\CoreFTP
2016-12-26 03:57 - 2016-12-26 03:57 - 00001018 _____ C:\Users\Datav90\Desktop\Core FTP LE.lnk
2016-12-26 03:57 - 2016-12-26 03:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
2016-12-26 03:56 - 2016-12-26 03:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-12-26 03:53 - 2016-12-26 03:56 - 04974659 _____ C:\Users\Datav90\Downloads\coreftplite.exe
2016-12-26 03:53 - 2016-12-26 03:53 - 00000861 _____ C:\Users\Datav90\Downloads\badrash.coreftp
2016-12-26 03:53 - 2016-12-26 03:53 - 00000838 _____ C:\Users\Datav90\Downloads\Secure Ftp badrash.xml
2016-12-26 03:47 - 2016-12-26 03:47 - 00000853 _____ C:\Users\Datav90\Downloads\Ftp datav90@badrashein.com.xml
2016-12-26 03:44 - 2016-12-26 03:44 - 00000838 _____ C:\Users\Datav90\Downloads\Ftp badrash.xml
2016-12-26 03:12 - 2016-12-29 02:07 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla
2016-12-26 03:12 - 2016-12-27 16:32 - 00000000 ____D C:\Users\Datav90\AppData\Local\FileZilla
2016-12-26 03:12 - 2016-12-26 03:12 - 00002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-12-26 03:12 - 2016-12-26 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-12-26 03:11 - 2016-12-26 03:12 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-12-26 03:10 - 2016-12-26 03:14 - 27522128 _____ C:\Users\Datav90\Downloads\wsftp12.5.1_English_SN4K2142ADXXF3N8I8I61AA5R.exe
2016-12-26 03:09 - 2016-12-26 03:11 - 06668016 _____ (Tim Kosse) C:\Users\Datav90\Downloads\FileZilla_3.23.0.2_win32-setup_bundled2.exe
2016-12-26 02:57 - 2016-12-26 02:57 - 00000000 ____D C:\Users\Datav90\AppData\Roaming\FileZilla Server
2016-12-26 02:54 - 2016-12-26 02:55 - 02238848 _____ (FileZilla Project) C:\Users\Datav90\Downloads\FileZilla_Server-0_9_59.exe
2016-12-26 02:36 - 2016-12-26 02:36 - 00000000 ____D C:\Users\Datav90\AppData\Local\Bazwise
2016-12-26 01:36 - 2016-12-26 01:36 - 00000000 ____D C:\ProgramData\Folder Size Explorer
2016-12-26 01:34 - 2016-12-26 01:35 - 01370420 _____ C:\Users\Datav90\Downloads\FolderSizeExplorer-23-OCT-2016-V171.zip
2016-12-25 20:31 - 2016-12-25 20:31 - 00133123 _____ C:\Users\Datav90\Downloads\15697737_1217207225025414_6715923463248477997_n.jpg
2016-12-24 01:10 - 2016-12-24 01:10 - 00048327 _____ C:\Users\Datav90\Downloads\15622181_690461711134726_8011711944848311533_n.jpg
2016-12-24 01:07 - 2016-12-24 01:07 - 00064540 _____ C:\Users\Datav90\Downloads\15590048_1800035033581631_7954651434522340218_n.jpg
2016-12-23 23:20 - 2016-12-23 23:20 - 00020703 _____ C:\Users\Datav90\Downloads\رخص.jpg
2016-12-23 23:19 - 2016-12-23 23:19 - 00041999 _____ C:\Users\Datav90\Downloads\15713180_380417302301769_1628446829_n.jpg
2016-12-23 22:21 - 2016-12-23 22:21 - 00041900 _____ C:\Users\Datav90\Downloads\البان.jpg
2016-12-23 03:09 - 2016-12-23 03:09 - 00024501 _____ C:\Users\Datav90\Downloads\diego-eduardo.jpg
2016-12-23 01:48 - 2016-12-23 01:48 - 00047850 _____ C:\Users\Datav90\Downloads\2016-636180235792457418-245.jpg
2016-12-23 01:22 - 2016-12-23 01:22 - 00088340 _____ C:\Users\Datav90\Downloads\tahlil.jpg
2016-12-23 01:12 - 2016-12-23 01:12 - 00083900 _____ C:\Users\Datav90\Downloads\15390705_136973856788227_8369061297559094453_n.jpg
2016-12-22 02:52 - 2016-12-22 02:52 - 00100920 _____ C:\Users\Datav90\Downloads\1 (1).jpg
2016-12-21 18:46 - 2016-12-21 18:46 - 02914369 _____ C:\Users\Datav90\Downloads\12444005_463587713846125_104851160_n.mp4
2016-12-21 18:33 - 2016-12-21 18:33 - 00021943 _____ C:\Users\Datav90\Downloads\15666222_704861376344436_664292759_n.jpg
2016-12-21 18:33 - 2016-12-21 18:33 - 00012630 _____ C:\Users\Datav90\Downloads\15683065_704373699726537_989221303_n.jpg
2016-12-21 14:36 - 2016-12-21 14:36 - 00234988 _____ C:\Users\Datav90\Downloads\pic_2.jpg
2016-12-21 00:49 - 2016-12-21 00:49 - 00094246 _____ C:\Users\Datav90\Downloads\15645143_935764609887069_1649562990_n.jpg
2016-12-20 20:45 - 2016-12-20 20:45 - 00027127 _____ C:\Users\Datav90\Downloads\13920610_154484784982762_8648536994615444379_n.jpg
2016-12-20 20:41 - 2016-12-20 20:41 - 00013787 _____ C:\Users\Datav90\Downloads\15578741_1255875001139511_5517789743120233867_n.jpg
2016-12-20 17:03 - 2016-12-20 17:03 - 00013717 _____ C:\Users\Datav90\Downloads\15621704_1884696855093911_7324338711842225629_n.jpg
2016-12-20 15:51 - 2016-12-20 15:51 - 00018208 _____ C:\Users\Datav90\Downloads\15578910_1653609548269965_5172276978296957487_n.jpg
2016-12-20 15:11 - 2016-12-20 15:11 - 00074971 _____ C:\Users\Datav90\Downloads\ayat5.jpg
2016-12-20 15:10 - 2016-12-20 15:11 - 00078268 _____ C:\Users\Datav90\Downloads\ayat4.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00089275 _____ C:\Users\Datav90\Downloads\ayat3.jpg
2016-12-20 15:10 - 2016-12-20 15:10 - 00070887 _____ C:\Users\Datav90\Downloads\ayat2.jpg
2016-12-20 15:09 - 2016-12-20 15:09 - 00075240 _____ C:\Users\Datav90\Downloads\ayat1.jpg
2016-12-20 15:01 - 2016-12-20 15:01 - 00078520 _____ C:\Users\Datav90\Downloads\15673394_241103106325238_546416552_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00094139 _____ C:\Users\Datav90\Downloads\15673220_241102742991941_582186434_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00081513 _____ C:\Users\Datav90\Downloads\15666123_241102966325252_1776948586_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00079345 _____ C:\Users\Datav90\Downloads\15666260_241103056325243_1635308780_n.jpg
2016-12-20 15:00 - 2016-12-20 15:00 - 00073337 _____ C:\Users\Datav90\Downloads\15644580_241103072991908_1532055082_n.jpg
2016-12-20 06:04 - 2016-12-20 06:04 - 00036499 _____ C:\Users\Datav90\Downloads\الدالي.jpg
2016-12-19 21:19 - 2016-12-19 21:20 - 01162272 _____ C:\Users\Datav90\Downloads\15569479_1105696322890477_1778779393041104896_n.mp4
2016-12-19 04:32 - 2016-12-09 11:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-19 04:32 - 2016-12-09 11:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-19 04:32 - 2016-12-09 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-19 04:32 - 2016-12-09 11:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-19 04:32 - 2016-12-09 11:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-19 04:31 - 2016-12-09 12:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-19 04:31 - 2016-12-09 12:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-19 04:31 - 2016-12-09 12:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-19 04:31 - 2016-12-09 12:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-19 04:31 - 2016-12-09 12:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-19 04:31 - 2016-12-09 12:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-19 04:31 - 2016-12-09 12:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-19 04:31 - 2016-12-09 12:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-19 04:31 - 2016-12-09 12:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-19 04:31 - 2016-12-09 12:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-19 04:31 - 2016-12-09 11:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-19 04:31 - 2016-12-09 11:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-19 04:31 - 2016-12-09 11:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-19 04:31 - 2016-12-09 11:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-19 04:31 - 2016-12-09 11:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-19 04:31 - 2016-12-09 11:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-19 04:31 - 2016-12-09 11:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-19 04:31 - 2016-12-09 11:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-19 04:31 - 2016-12-09 11:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-19 04:31 - 2016-12-09 11:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-19 04:31 - 2016-12-09 11:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-19 04:31 - 2016-12-09 11:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-19 04:31 - 2016-12-09 11:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-19 04:31 - 2016-12-09 11:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-19 04:31 - 2016-12-09 11:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-19 04:31 - 2016-12-09 11:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-19 04:31 - 2016-12-09 11:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-19 04:31 - 2016-12-09 11:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-19 04:31 - 2016-12-09 11:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-19 04:31 - 2016-12-09 11:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-19 04:31 - 2016-12-09 11:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-19 04:31 - 2016-09-15 18:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-19 04:14 - 2016-12-19 04:22 - 44392789 _____ C:\Users\Datav90\Downloads\rt_audacity_v1.0.rar
2016-12-19 01:42 - 2016-12-19 01:42 - 00019967 _____ C:\Users\Datav90\Downloads\15666039_2009070609319828_423034705_n.jpg
2016-12-19 01:42 - 2016-12-19 01:42 - 00016780 _____ C:\Users\Datav90\Downloads\15644496_2009070549319834_21459477_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00044153 _____ C:\Users\Datav90\Downloads\15541487_1286707674728406_4917506916978523842_n.jpg
2016-12-18 15:45 - 2016-12-18 15:45 - 00026916 _____ C:\Users\Datav90\Downloads\15590522_1286707624728411_2224882288721743826_n.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00091360 _____ C:\Users\Datav90\Downloads\tam1.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00089395 _____ C:\Users\Datav90\Downloads\tam2.jpg
2016-12-18 15:22 - 2016-12-18 15:22 - 00065088 _____ C:\Users\Datav90\Downloads\tam3.jpg
2016-12-18 15:14 - 2016-12-19 04:19 - 00294538 _____ C:\Users\Datav90\Downloads\SAM_1637.JPG
2016-12-18 15:14 - 2016-12-19 04:19 - 00286455 _____ C:\Users\Datav90\Downloads\SAM_1636.JPG
2016-12-18 15:14 - 2016-12-18 15:15 - 00294565 _____ C:\Users\Datav90\Downloads\SAM_1635.JPG
2016-12-18 15:11 - 2016-12-18 14:50 - 02982119 ____N C:\Users\Datav90\Downloads\IMG_20161217_235957.jpg
2016-12-18 15:11 - 2016-12-18 14:49 - 02907811 ____N C:\Users\Datav90\Downloads\IMG_20161217_235942.jpg
2016-12-18 15:11 - 2016-12-18 14:48 - 02812110 ____N C:\Users\Datav90\Downloads\IMG_20161217_235920.jpg
2016-12-18 01:28 - 2016-12-18 01:28 - 00057668 _____ C:\Users\Datav90\Downloads\15622294_1890081321221646_2240084992261860022_n.jpg
2016-12-17 22:07 - 2016-12-17 22:07 - 00069793 _____ C:\Users\Datav90\Downloads\15134567_1272664896110766_5587432740763612292_n.jpg
2016-12-17 01:20 - 2016-12-17 01:20 - 00008464 _____ C:\Users\Datav90\Downloads\15541993_1833258420290522_2335822066002946516_n.jpg
2016-12-16 16:07 - 2016-12-16 16:07 - 00046484 _____ C:\Users\Datav90\Downloads\nesma.jpg
2016-12-16 16:06 - 2016-12-16 16:06 - 00011678 _____ C:\Users\Datav90\Downloads\15591797_1713710115610917_1314929607_n.jpg
2016-12-16 16:04 - 2016-12-16 16:04 - 00046292 _____ C:\Users\Datav90\Downloads\583.jpg
2016-12-16 03:50 - 2016-12-16 03:51 - 00024080 _____ C:\Users\Datav90\Downloads\15589581_739867086171573_7978030631832322959_n.jpg
2016-12-16 01:10 - 2016-12-16 01:10 - 00158891 _____ C:\Users\Datav90\Downloads\nema.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00035606 _____ C:\Users\Datav90\Downloads\15541205_1380816955271073_9036191817213009882_n.jpg
2016-12-16 01:03 - 2016-12-16 01:03 - 00029679 _____ C:\Users\Datav90\Downloads\15492429_1380816888604413_7589306743660200241_n.jpg
2016-12-15 20:54 - 2016-12-15 20:54 - 00024009 _____ C:\Users\Datav90\Downloads\99807.jpg
2016-12-15 20:43 - 2016-12-15 20:43 - 00040927 _____ C:\Users\Datav90\Downloads\_92981501_c4ccafe2-f1d8-40e9-b58b-002e9df5cbe6.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00037506 _____ C:\Users\Datav90\Downloads\15442365_1281164158572999_5708725606552780280_n.jpg
2016-12-15 20:15 - 2016-12-15 20:15 - 00015346 _____ C:\Users\Datav90\Downloads\15578570_1281164015239680_3565590128071369348_n.jpg
2016-12-14 12:06 - 2016-12-14 12:07 - 00045500 _____ C:\Users\Datav90\Downloads\347.jpg
2016-12-14 00:32 - 2016-12-14 00:32 - 00070777 _____ C:\Users\Datav90\Downloads\15380309_1709843812663036_4409407772544437826_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00079879 _____ C:\Users\Datav90\Downloads\15541525_243658566065698_6342690252898199417_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00071750 _____ C:\Users\Datav90\Downloads\15390736_243658519399036_2659207842868567611_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00061178 _____ C:\Users\Datav90\Downloads\15420847_243658446065710_5921352442998396276_n.jpg
2016-12-13 10:35 - 2016-12-13 10:35 - 00038138 _____ C:\Users\Datav90\Downloads\15391158_243658542732367_6813489041534924004_n.jpg
2016-12-13 00:47 - 2016-12-13 00:47 - 00055165 _____ C:\Users\Datav90\Downloads\15542021_1269433389813807_1235259025878969592_n.jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505 (1).jpg
2016-12-12 15:06 - 2016-12-12 15:06 - 00033654 _____ C:\Users\Datav90\Downloads\34809-693abab1-fe1e-4144-91e0-2bdfdc36328a.jpg
2016-12-12 15:05 - 2016-12-12 15:05 - 00076984 _____ C:\Users\Datav90\Downloads\86442-a125f272-96bd-4c41-adab-ed0f04f27161.jpg
2016-12-12 15:03 - 2016-12-12 15:03 - 00046456 _____ C:\Users\Datav90\Downloads\51488-56e8c01a-8278-48e2-af57-39e6f1023505.jpg
2016-12-12 14:50 - 2016-12-12 14:50 - 00065187 _____ C:\Users\Datav90\Downloads\لشششش.jpg
2016-12-12 00:16 - 2016-12-12 00:16 - 00177932 _____ C:\Users\Datav90\Downloads\15398885_735620503269226_410214808_o.jpg
2016-12-10 21:09 - 2016-12-10 21:09 - 00052138 _____ C:\Users\Datav90\Downloads\15356080_1723250114657220_1959023838_n.jpg
2016-12-10 20:59 - 2016-12-10 20:59 - 00049816 _____ C:\Users\Datav90\Downloads\38c9604f31b08735863ba676d7f09c8a.jpg
2016-12-10 07:19 - 2016-11-11 10:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 07:19 - 2016-11-11 10:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 07:19 - 2016-11-11 10:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 07:19 - 2016-11-11 10:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 07:19 - 2016-11-11 09:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 07:19 - 2016-11-11 09:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 07:19 - 2016-11-11 09:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 07:19 - 2016-11-11 09:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 07:19 - 2016-11-11 09:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 07:19 - 2016-11-11 09:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 07:19 - 2016-11-11 09:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 07:19 - 2016-11-11 09:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 07:19 - 2016-11-11 09:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 07:19 - 2016-11-11 09:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-10 07:19 - 2016-11-11 09:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 07:19 - 2016-11-11 09:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 07:19 - 2016-11-11 09:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 07:19 - 2016-11-11 09:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 07:19 - 2016-11-11 09:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 07:19 - 2016-11-11 09:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 07:19 - 2016-11-11 09:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 07:19 - 2016-11-11 09:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 07:19 - 2016-11-11 09:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 07:19 - 2016-11-11 09:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 07:19 - 2016-11-11 09:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 07:19 - 2016-11-11 09:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 07:19 - 2016-11-11 09:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 07:19 - 2016-11-11 09:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 07:19 - 2016-11-11 09:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 07:19 - 2016-11-11 09:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 07:19 - 2016-11-11 09:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 07:19 - 2016-11-11 09:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 07:19 - 2016-11-11 09:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 07:19 - 2016-11-11 09:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 07:19 - 2016-11-11 09:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 07:19 - 2016-11-11 09:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 07:19 - 2016-11-11 09:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 07:19 - 2016-11-11 09:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 07:19 - 2016-11-11 09:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 07:19 - 2016-11-11 09:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-10 07:19 - 2016-11-11 09:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 07:19 - 2016-11-11 09:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-10 07:19 - 2016-11-11 09:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 07:19 - 2016-11-11 09:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 07:19 - 2016-11-11 09:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 07:19 - 2016-11-11 09:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 07:19 - 2016-11-11 09:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 07:19 - 2016-11-11 09:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 07:19 - 2016-11-11 09:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 07:19 - 2016-11-11 09:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 07:19 - 2016-11-11 09:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 07:19 - 2016-11-11 09:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 07:19 - 2016-11-11 09:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 07:19 - 2016-11-11 09:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 07:19 - 2016-11-11 09:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 07:19 - 2016-11-11 09:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 07:19 - 2016-11-11 09:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 07:19 - 2016-11-11 09:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 07:19 - 2016-11-11 09:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 07:19 - 2016-11-11 09:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 07:19 - 2016-11-11 09:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-08 16:51 - 2016-12-08 16:53 - 02383507 _____ C:\Users\Datav90\Downloads\15445175_1818689765075574_2785128382688395264_n.mp4
2016-12-08 16:49 - 2016-12-08 16:50 - 00156876 _____ C:\Users\Datav90\Documents\15424527_1164511423604257_1633711776_n.jpg
2016-12-08 16:43 - 2016-12-08 16:43 - 00071776 _____ C:\Users\Datav90\Documents\15326441_1139332409482788_8224781207746921100_n.jpg
2016-12-08 11:40 - 2016-12-08 11:41 - 03073529 _____ C:\Users\Datav90\Downloads\15315941_1833014716952129_1369930048701726720_n.mp4
2016-12-08 11:26 - 2016-12-08 11:26 - 00090427 _____ C:\Users\Datav90\Documents\15435874_830266523781786_253559807_n.jpg
2016-12-08 08:49 - 2016-12-08 08:49 - 00015880 _____ C:\Users\Datav90\Documents\15337578_1110498785736648_5770530851665041560_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00047128 _____ C:\Users\Datav90\Downloads\15327457_10210279915327965_5751880802827965275_n.jpg
2016-12-06 22:13 - 2016-12-06 22:13 - 00014232 _____ C:\Users\Datav90\Downloads\15267583_1798038690471973_6303314785682517112_n.jpg
2016-12-06 22:10 - 2016-12-06 22:10 - 00050665 _____ C:\Users\Datav90\Downloads\15409962_786367504843820_881457125_o.jpg
2016-12-06 22:04 - 2016-12-06 22:04 - 00081627 _____ C:\Users\Datav90\Downloads\15368766_786368694843701_1803954973_o.jpg
2016-12-06 15:47 - 2016-12-06 15:47 - 00084835 _____ C:\Users\Datav90\Downloads\15397719_1270465743009032_1864833973_o.jpg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 23:48 - 2016-09-14 06:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-04 23:48 - 2016-07-16 10:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-04 23:48 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-04 22:25 - 2016-08-14 16:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-04 20:45 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90
2017-01-04 19:02 - 2016-08-14 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-04 19:01 - 2016-07-16 04:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-04 18:54 - 2016-01-29 17:07 - 00273232 _____ C:\WINDOWS\ntbtlog.txt
2017-01-04 03:23 - 2016-08-16 01:48 - 00000000 ____D C:\Users\Datav90\AppData\Local\Adobe
2017-01-04 00:17 - 2016-04-24 04:04 - 00000000 ____D C:\PlantsVsZombies Game Of The Year
2017-01-03 09:49 - 2016-08-16 01:50 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-03 01:33 - 2016-08-22 00:45 - 00001456 _____ C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-02 12:06 - 2016-08-14 19:50 - 00000000 ____D C:\Users\Datav90\AppData\Local\Packages
2016-12-31 21:22 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-31 21:15 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000002.regtrans-ms
2016-12-31 21:15 - 2016-08-14 16:41 - 00065536 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TM.blf
2016-12-29 08:55 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Documents
2016-12-29 07:01 - 2016-08-14 16:41 - 00000000 ___SD C:\Users\Datav90\AppData\Roaming\Microsoft
2016-12-28 03:26 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-27 03:19 - 2016-07-16 10:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-27 02:53 - 2016-08-29 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-27 01:47 - 2016-07-16 10:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-26 17:09 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\Logs
2016-12-26 07:13 - 2016-09-22 20:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\ElevatedDiagnostics
2016-12-26 06:00 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-26 03:21 - 2016-07-16 10:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-26 03:16 - 2016-08-14 16:41 - 00000000 ____D C:\Users\Datav90\AppData\Local\Microsoft
2016-12-25 20:47 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-19 18:05 - 2016-07-16 04:22 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-19 18:04 - 2016-08-14 16:38 - 03775136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-19 18:03 - 2016-08-14 16:38 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 18:03 - 2016-08-14 16:38 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{3f85c219-4b2d-11e6-80cb-e41d2d0d40e0}.TM.blf
2016-12-19 18:02 - 2016-07-16 10:30 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-19 18:02 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\apppatch
2016-12-19 18:02 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-17 12:01 - 2016-08-14 19:53 - 00002369 _____ C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-17 12:01 - 2016-08-14 19:53 - 00000000 ___RD C:\Users\Datav90\OneDrive
2016-12-16 04:48 - 2016-08-16 01:30 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 04:48 - 2016-08-16 01:30 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 05:29 - 2016-08-16 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 05:27 - 2016-08-16 00:16 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-12 01:56 - 2016-07-16 10:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-11 00:15 - 2016-08-14 16:50 - 01103134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-11 00:15 - 2016-07-16 10:31 - 00844762 _____ C:\WINDOWS\system32\perfh009.dat
2016-12-11 00:15 - 2016-07-16 10:31 - 00243552 _____ C:\WINDOWS\system32\perfc009.dat
2016-12-11 00:11 - 2016-08-14 19:50 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-11 00:11 - 2016-08-14 19:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000436 ___SH C:\Users\Datav90\Desktop\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000402 ___SH C:\Users\Datav90\Documents\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000282 ___SH C:\Users\Datav90\Downloads\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000174 ___SH C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Videos
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Searches
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Saved Games
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Pictures
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Music
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Links
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Favorites
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\Contacts
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-11 00:11 - 2016-01-28 02:58 - 00000000 ___RD C:\Users\Datav90\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 00:08 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 00:08 - 2016-07-16 04:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 00:07 - 2016-08-14 16:41 - 00524288 ___SH C:\Users\Datav90\NTUSER.DAT{a78783b4-6233-11e6-a186-dd46cc32bb4f}.TMContainer00000000000000000001.regtrans-ms
2016-12-08 20:49 - 2016-07-16 10:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Datav90\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Datav90\AppData\Local\Temp\libeay32.dll
C:\Users\Datav90\AppData\Local\Temp\msvcr120.dll
C:\Users\Datav90\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-14 16:38

==================== End of FRST.txt ============================
 
#8
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2017
Ran by Datav90 (04-01-2017 23:53:02)
Running from C:\Users\Datav90\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-08-14 17:49:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3546961264-2073685745-768210978-500 - Administrator - Disabled)
Datav90 (S-1-5-21-3546961264-2073685745-768210978-1000 - Administrator - Enabled) => C:\Users\Datav90
DefaultAccount (S-1-5-21-3546961264-2073685745-768210978-503 - Limited - Disabled)
Guest (S-1-5-21-3546961264-2073685745-768210978-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Acronis True Image 2016 (HKLM\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (Version: 19.0.6027 - Acronis) Hidden
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Core FTP LE (HKLM\...\CoreFTP) (Version: - )
CyberLink PowerDirector 14 (HKLM\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dell System Detect (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Facebook Gameroom 1.1.3.1 (HKLM\...\{A3C248A7-BF21-4C3A-9C10-2D56F59460CD}) (Version: 1.1.3.1 - Facebook)
FileZilla Client 3.23.0.2 (HKLM\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
FlashGet3.7 (HKLM\...\FlashGet3.7) (Version: 3.7.0.1195 - hxxp://www.FlashGet.com)
Free YouTube Downloader 4.1.540 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Games Manager (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\GamesManager) (Version: 2.6.0.496 - iWin Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{61D7B517-5914-41D4-BD27-927163631227}) (Version: 5.2.2.87 - Apple Inc.)
iTunes (HKLM\...\{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
K-Lite Codec Pack 12.3.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Titler Pro for Windows (HKLM\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
Plants Vs Zombies: Game of the Year Edition (HKLM\...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - iWin.com)
Plants vs. Zombies(TM) (remove only) (HKLM\...\Plants vs. Zombies(TM)) (Version: - )
PowerISO (HKLM\...\PowerISO) (Version: 6.4 - Power Software Ltd)
proDAD Adorage 3.0 (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
Upwork version 4.2.115.0 (HKLM\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.2.115.0 - Upwork, Inc)
XAMPP (HKLM\...\xampp) (Version: 5.6.23-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B461EBD-C226-4401-9A07-12B5137E9B0D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FB6CA67-932F-4EAF-B9F7-A86FB36DCCB1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {14294684-59FB-41C7-8B08-0B88265FB627} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-31] (Adobe Systems Incorporated)
Task: {1DF6D448-EBBE-4D91-9CDE-B302DA73D7E1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {290FF108-8F3D-4FFA-8AB7-DE2E8B30B2C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32E3CCFB-4C77-4AB1-9668-7CA21C62DDB4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {343AC552-F025-46F6-BCAB-200AC94519F8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B624D98-7F84-437E-AEDD-757A3F439CA1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {493F6142-0BBD-48C6-A70F-B41D846DA5C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AD09A9-2485-4CBB-BE0F-EF00C081D02D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4AC606DA-DD00-43FC-BFA6-2F7F9F821376} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E61AD6C-95DD-4A84-94C5-7BF4FF66A0D0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54A6A44F-DAF5-4CD5-A802-223E89713020} - System32\Tasks\AdobeAAMUpdater-1.0-Datav90-PC-Datav90 => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {5ED585F6-A35F-49CC-935D-EFD304C03877} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks\{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads
Task: {73A17262-5276-4506-A544-D2A306CDC29C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {73F7F7EA-AF61-4BA2-82E7-02CB32597A23} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {747FF417-6FC5-406C-9BDE-3C33E1C19A33} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8053BBCD-8C18-4681-96D5-8B9D0ADD0193} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {805A3EE6-168C-4470-8AC7-B96143F0861C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {821A7999-BC63-4A15-927B-EBAA0ABCFAFC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E3E431-8D7C-4B5D-8C80-C668806471C7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {88C3EB22-F607-4649-A7FE-A4E17E635C6B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9AC75CCF-9B5B-44DC-8935-CB01887D85FA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7BEDC40-A604-4005-B51F-2ECCF136D24E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {A80FA2EC-E6EA-46D2-B992-E49ADB79E8F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B9D7CB82-CA93-4A42-8D1B-CC23DDB8A104} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA9D357-3D0F-4C63-BC8E-016DCA939BBF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {ED6CFF1B-234C-4200-B182-7BF232F1F161} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-08-16] (Google Inc.)
Task: {EE78825D-7154-4C27-A287-320734E95AC5} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {F1AD2998-CAC6-4631-AA1B-020630068E65} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk -> C:\Users\Datav90\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files\Common Files\Acronis\Infrastructure\sqlite3.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files\Common Files\Acronis\Home\EXPAT.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-04 15:33 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-19 04:31 - 2016-12-09 12:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 12:00 - 2016-12-17 12:00 - 01244376 _____ () C:\Users\Datav90\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-19 04:31 - 2016-12-09 11:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:48 - 2016-11-02 12:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-21 02:39 - 2016-08-06 05:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 14:48 - 2016-11-02 12:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:48 - 2016-11-02 12:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 19:31 - 2016-12-14 19:34 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 19:31 - 2016-12-14 19:34 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 07211112 _____ () C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-11-26 10:43 - 2015-11-26 10:43 - 00056752 _____ () C:\Program Files\Common Files\Acronis\Home\rpc_client.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-12-31 11:11 - 2016-12-13 18:35 - 02218792 _____ () C:\Program Files\Upwork\upwork.exe
2016-12-31 11:11 - 2016-12-07 08:01 - 52043776 _____ () C:\Program Files\Upwork\libcef.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01179136 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 52839936 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libcef.dll
2016-01-06 18:41 - 2016-01-06 18:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00802816 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 01796608 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libglesv2.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 00078848 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\libegl.dll
2016-11-23 09:18 - 2016-11-23 09:21 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 09:18 - 2016-11-23 09:21 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-15 07:22 - 2016-08-15 07:25 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 09:18 - 2016-11-23 09:21 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 09:18 - 2016-11-23 09:21 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 12:21 - 2016-07-16 12:21 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-12-16 04:48 - 2016-12-08 09:29 - 01829208 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-16 04:48 - 2016-12-08 09:29 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-31 21:22 - 2016-12-31 21:22 - 17833560 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer32_24_0_0_186.dll
2016-12-14 00:50 - 2016-12-14 00:50 - 17832368 _____ () C:\Users\Datav90\AppData\Local\Facebook\Games\plugins\fenix24.0.0.186.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\dell.com -> dell.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-08-16 06:56 - 00001132 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3546961264-2073685745-768210978-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{C4CC154E-919B-41C6-B776-FAE0AF1D6B71}] => C:\Program Files\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{C6A19585-0C56-4C40-A082-CB9DAB47F52B}] => C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{ADF06669-93BC-4DBF-8433-4329AD584931}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{8B956982-0979-4C29-B142-FD05BD457D96}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{22E5FFE6-3E10-410B-B007-804FE0D72594}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{C6EC10C5-54BB-43B8-ADFF-5988760217D5}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C3D9825D-97AE-4F3C-91A0-713388F20C62}] => C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{5A1B1DFE-C2FE-4000-BDC6-1ABE43B140C5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A423CDB-BB7F-498C-9C22-4F51A401F5C4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D95E8E1-C539-48F2-B735-F3A68D4ECAE4}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{549FEAF5-51B3-44BD-87DC-BE672DEC7479}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [UDP Query User{7C26711B-D3C3-4064-B8C2-724474B1A6BD}E:\pro evolution soccer 2016 - copy\pes2016.exe] => E:\pro evolution soccer 2016 - copy\pes2016.exe
FirewallRules: [TCP Query User{F3B2373A-D233-4168-B1CA-A42AE4898C96}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{2425C900-D598-4655-BAEC-A3491A4CD887}E:\pro evolution soccer 2016\pes2016.exe] => E:\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{CC722752-78F7-4EBB-B9A7-25FAF59B5C0A}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{8BC99953-22F6-4E45-861F-35D5F15BE93B}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{40B66D3A-7CFA-42DD-9F8B-D6D20F7F071B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [UDP Query User{08B14589-8EE9-4212-B558-50D012C45F8B}E:\games\duke nukem - manhattan project\prism3d.exe] => E:\games\duke nukem - manhattan project\prism3d.exe
FirewallRules: [{8C849EDE-8146-441E-9A82-5DF35B56AEF0}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C352655A-1625-4246-979B-2C12CB2FDBE6}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EB72103F-8E23-4C66-BFA2-8F80226FFFA4}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{F0AB04F9-A0E0-4921-8523-2D0A52AB44F1}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{BE316145-D544-414E-A7C7-DDAAF7F79D6C}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{D6058749-4878-4FD1-ADFA-0E2577BEA099}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{44164034-5116-4E1F-8326-DE6FBE660214}C:\program files\flashget network\flashget 3\flashget3.exe] => C:\program files\flashget network\flashget 3\flashget3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2017 07:12:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 1.1.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1a10

Start Time: 01d266ac83303352

Termination Time: 4294967295

Application Path: C:\Users\Datav90\Desktop\FRST.exe

Report Id: ee892b80-d29f-11e6-a1d0-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 05:03:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:24:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:21:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:13:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\powerdirector14\muitransfer\MUIStartMenuX64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2017 04:05:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2017 04:01:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e90

Start Time: 01d2668e66efcb5a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 17101f66-d286-11e6-a1cd-b8ac6f254ad6

Faulting package full name:

Faulting package-relative application ID:

Error: (01/04/2017 03:59:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Datav90-PC)
Description: Activation of app ZeptoLabUKLimited.KingofThieves_sq9zxnwrk84pj!game failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/04/2017 07:03:11 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:03:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:42 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:02:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2017 07:02:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TheFreeWeatherService service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/04/2017 07:02:24 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/04/2017 07:01:31 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/04/2017 07:01:13 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/04/2017 07:01:09 PM) (Source: DCOM) (EventID: 10005) (User: Datav90-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2017-01-04 19:06:59.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-04 19:06:59.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-03 05:20:14.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-03 05:20:14.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 11:40:17.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 11:40:17.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:31.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-02 02:23:25.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 82%
Total physical RAM: 3547.61 MB
Available physical RAM: 630.8 MB
Total Virtual: 7131.61 MB
Available Virtual: 2634.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:3.97 GB) NTFS
Drive d: () (Fixed) (Total:56.33 GB) (Free:0.21 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive e: (E) (Fixed) (Total:191.95 GB) (Free:109.35 GB) FAT32
Drive f: (F) (Fixed) (Total:188.09 GB) (Free:91.35 GB) FAT32
Drive g: (SAN_ANDREAS) (CDROM) (Total:4.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 63C463C4)
Partition 1: (Active) - (Size=56.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=409.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
 
#9
Hi please accept my apologies for my not responding sooner, my pc has hardware issues and I am having to review your logs on the 5 inch screen of my phone. It's taking my longer than I had anticipated but rest assured I will post back soon.
 
#10
Step One Uninstall Programs.

I suggest that you remove the programs listed below, these programs are redundant and may cause more harm than good on your machine.

Facebook Gameroom 1.1.3.1
Free YouTube Downloader 4.1.540
SpyHunter 4

Step Two FRST fix:

  • Open notepad
  • Please copy the entire contents of the code box below into Notepad.
    (To do this highlight the contents of the box from start to end, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to your desktop as fixlist.txt.
Code: 
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: H - "H:\setup.EXE" /AUTORUN
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\MountPoints2: {7ed61a6c-6575-11e6-a18c-b8ac6f254ad6} - "I:\iStudio.exe"
Hosts:
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\Datav90\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-01-06] (Trend Media Group)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR Extension: (Facebook Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-09-19]
CHR Extension: ( Video Downloader) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2016-12-06]
CHR Extension: (Video Downloader professional) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-08-17]
CHR Extension: (Video Downloader Pro) - C:\Users\Datav90\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-09-29]
S2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe [X]
R1 MpKsl5a6c220d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys [39168 2017-01-04] (Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9536FA8B-9D52-434A-8592-C24131A8E54D}\MpKsl5a6c220d.sys
U3 aswMBR; C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys [56704 2017-01-04] () [File not signed]
U3 aswVmm; C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys [192224 2017-01-04] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Datav90\AppData\Local\Temp\aswVmm.sys
C:\Users\Datav90\AppData\Local\Temp\aswMBR.sys
2017-01-04 04:12 - 2017-01-04 04:13 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Datav90\Downloads\SpyHunter-Installer.exe
2017-01-04 03:28 - 2017-01-04 03:28 - 00257184 _____ C:\Users\Datav90\Downloads\Unconfirmed 656127.crdownload
2017-01-04 03:28 - 2017-01-04 03:28 - 00034584 _____ C:\Users\Datav90\Downloads\BAA8.tmp
2017-01-04 03:24 - 2017-01-04 03:28 - 01183384 _____ C:\Users\Datav90\Downloads\WiperSoft-installer.exe
C:\WINDOWS\KMS-R@1nHook111.dll
C:\WINDOWS\KMS-R@1nHoo111k.exe
C:\WINDOWS\KMS-R@1n111.exe
C:\Users\Public\Desktop\R@1n.txt
C:\WINDOWS\system32\secushr.dat
C:\Users\Datav90\Downloads\Microsoft-Office-2016-Product-Key.zip
C:\Users\Datav90\214537CE4F7829EED1E8691D38650AAA.txt
C:\Users\Datav90\Downloads\bbfb06033226583ab80003e0c7586890
2016-08-22 00:45 - 2017-01-03 01:33 - 0001456 _____ () C:\Users\Datav90\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-14 03:27 - 2016-10-14 03:27 - 0007601 _____ () C:\Users\Datav90\AppData\Local\Resmon.ResmonCfg
Task: {3CBAA178-A130-4179-A240-ACAFAE36747D} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
ShortcutWithArgument: C:\Users\Datav90\Desktop\Play Pogo Games.lnk -> C:\Users\Datav90\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000002 -config.uri=hxxp://gm/iwin/index.html
HKU\S-1-5-21-3546961264-2073685745-768210978-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
Task: {65F92166-518C-461D-8F8F-271B99AD2816} - System32\Tasks\{5D35423B-D5FA-4FEB-8D11-9B6A99617C9F} => pcalua.exe -a C:\Users\Datav90\Downloads\devcon.exe -d C:\Users\Datav90\Downloads
RemoveProxy:
CMD: ipconfig /flushdns
End


  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right Click FRST and Run as Admin. and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.

Step Three Zemana Scan.

Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
Step Four Clear Downloads Folder.

I noticed a lot of oddly named pictures and setup files for Pup programs and otherwise useless programs. Navigate to the following path. C:\Users\Datav90\Downloads then make sure there is nothing important in there to you and delete the content of this folder.

Step Five Fresh FRST & Addition.txt logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply


Things I will need in your next reply.

  • FRST fixlog.
  • Zemana scan results.
  • Fresh FRST & Addition.txt logs.
  • Tell me what issues remain on your computer, and tell me how it is running.
 
  • Like
Reactions: jmarket and Malnutrition
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu