Error 80073712: Havent been able to install most updates for almost 2 years

Madridi · Oct 17, 2018

Hey guys,

New member here. Googling my issue lead me to this site. People seem to have had their issues fixed by skilled members here, though unfortunately their the fixes were member specific. So I'm hoping I can finally get this issue solved.

My problem is, most windows updates fail. I have not installed ANY security monthly rollup for almost 2 years. My PC is probably still susceptible to the wannacry virus.

I am running windows 7 x64. So basically, I get almost the same error everytime (80073712). Googling gave me a couple of tricks to try, but to no avail.

I tried the rename SoftwareDistribution and Catroot2 folders method. I also tried the dism method. Both had no affect as far as I can tell.

I also some people referencing the CBS log file. Mine is around 250MB. I have no idea what to do with it though.

I would appreciate some help on the matter.

Thank you in advance

Madridi · Oct 17, 2018

My apologies for double posting. There doesnt seem to be an option to edit my post? I have some more info to add:

I ran SFCfix, and the result is weird. It started of with 6 stages. Stage one completely failed, while the others completed 100%. It then was apparently supposed to create a zip file? But I got an error there. It then went ahead to check my CBS log, and then produced a summary with everything being zero.

The next screen was a text saying that there was no corruption but that the tool doesnt catch everything, so will require some human assistance.

Here is the contents of the log file:

------------------------------------------------
SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-10-18 01:30:37.862
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.

Failed to generate a complete zip file. Upload aborted.

SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-10-18 01:36:47.553
----------------------EOF-----------------------

One thing I noticed in the log. It says amd64. I'm not using amd though. Does this mean anything?

Finally, uploaded my entire CBS folder:
CBS.zip - Google Drive

BrianDrab · Oct 17, 2018

Hello and welcome!

Due to the precise nature of your corruption, you will receive help from a user named Oh My!. He's one of our senior trainees here who's in his final phase of his studies and needs to gain some real world experience in specific areas of Windows Update. This means that he'll be assisting you, but that I will first need to double check and approve his fixes before he posts them to you. If anything this is a good thing for you because it means that you've got at least two of us watching over your thread, but it will unfortunately add a slight delay between each reply. I hope that you understand and can accept the need for us to train up new members in this way in order to carry on doing what we do here, however, if for any reason you object to this setup, I will happily take on your thread myself.

Thank you very much for your understanding. We'll be with you very shortly.

Madridi · Oct 18, 2018

BrianDrab said:
Hello and welcome!

Due to the precise nature of your corruption, you will receive help from a user named Oh My!. He's one of our senior trainees here who's in his final phase of his studies and needs to gain some real world experience in specific areas of Windows Update. This means that he'll be assisting you, but that I will first need to double check and approve his fixes before he posts them to you. If anything this is a good thing for you because it means that you've got at least two of us watching over your thread, but it will unfortunately add a slight delay between each reply. I hope that you understand and can accept the need for us to train up new members in this way in order to carry on doing what we do here, however, if for any reason you object to this setup, I will happily take on your thread myself.

Thank you very much for your understanding. We'll be with you very shortly.

Hello Brian,

Thanks for your reply. I appreciate your help on the matter.

I fully support the training process. I dont mind a bit of delay if it will do some good. If anything, I hope it would be my way to paying back the favor.

Thanks again :)

Oh My! · Oct 18, 2018

Greetings Madridi and :welcome: to Sysnative's Windows Update Forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

First, please keep in mind most of us at Sysnative volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please understand this process may require some patience as it can become a multi-step process to resolve the issues.
If you are unable to reply within 4 days I will consider the topic Stale. Although you are welcome to continue to post after that, my workload at that time may or may not allow me the same opportunity for timely replies that I have now set aside for your issues

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

Madridi · Oct 18, 2018

Hello @Oh My!

Thanks for the warm welcome. I am absolutely delighted to be here.

I have read the rules, and I am readily available. My weekend also starts today so it should be no issue :)

I see you are in California. For reference, I am 10 hours ahead of you (GMT+3), so it's 5.22PM over here.

Looking forward to further communications. Thanks in advance!

Oh My! · Oct 19, 2018

Greetings Madridi.

Thank you for your continued patience. Before specifically addressing your Windows Update issues we need to take a step back and make sure your computer is free of malware. This requires some questions and investigative steps, as follows.

Can you recall roughly what date you were infected with WannaCry?
What steps were taken to clean your computer?
Are there any specific reasons you believe it still might be present, i.e. suspicious behavior?

Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
Right click on the icon and select Run as administrator
Click Yes to the disclaimer
Click Scan and allow the program to run
Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
2 Notepad documents should now be open on your desktop.
Please copy and paste the contents of each report in separate reply windows

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

WannaCry information
FRST results
Addition log

Madridi · Oct 19, 2018

Hello again Oh My!,

I might have been not clear about the wannacry information.
What I meant to say, is that my PC has not failed on most updates for about 2 years now. In other words, the security fix that microsoft released to address the wannacry virus has NOT been applied to my PC due to updates failing.

My PC, to my knowledge, is malware free. My permanent antivirus is kaspersky, but I also used malwarebytes software to get rid of a pesky malware about 3 days ago. I also used an old copy of spyhunter (database updated in June this year) and got rid of all warnings it gave me.

I ran FRST software. The following reply will contain FRST results, and the reply afterwards will be the additional log.

Thanks again for your assistance.

Madridi · Oct 19, 2018

FRST Results:
---------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Ahmed Al-Jefairi (administrator) on AHMED-PC (20-10-2018 02:47:36)
Running from E:\
Loaded Profiles: Ahmed Al-Jefairi (Available Profiles: Ahmed Al-Jefairi)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files (x86)\No-IP\DUC40.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2554544 2016-03-01] (FileZilla Project)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\Run: [HP Deskjet 4640 series (NET)] => C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\Run: [NoIPDUCv4] => C:\Program Files (x86)\No-IP\DUC40.exe [347648 2015-07-21] ()
HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-09-30] (Tonec Inc.)
HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2014-10-22]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.37.86.78
Tcpip\..\Interfaces\{DE80C1C7-59A9-4B51-A058-3F46173AFBAD}: [DhcpNameServer] 10.37.86.78

Internet Explorer:
==================
HKU\S-1-5-21-2288954308-418550406-815630550-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ae/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2288954308-418550406-815630550-1001 -> DefaultScope {C1E52210-D68C-405A-95E2-9318C18A7547} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2288954308-418550406-815630550-1001 -> {C1E52210-D68C-405A-95E2-9318C18A7547} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-17] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-04-19]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ahmed Al-Jefairi\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ahmed Al-Jefairi\AppData\Roaming\IDM\idmmzcc5 [2018-10-17] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default [2018-10-20]
CHR Extension: (Slides) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-02]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2018-10-17]
CHR Extension: (Docs) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-02]
CHR Extension: (Google Drive) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-02]
CHR Extension: (Tampermonkey) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-06-02]
CHR Extension: (Sheets) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-02]
CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2018-06-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2018-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (AdBlock) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-18]
CHR Extension: (Image Search Options) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2018-06-02]
CHR Extension: (Skype) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-06-02]
CHR Extension: (IDM Integration Module) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-02]
CHR Extension: (Page Monitor) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2018-06-02]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-10-17]
CHR Extension: (Gmail) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-22]
CHR Profile: C:\Users\Ahmed Al-Jefairi\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-17]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-09-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-09-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [816816 2016-03-01] (FileZilla Project)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-10] (Nero AG)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2102248 2017-12-13] (Plex, Inc.)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-05-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-07-04] (Wondershare)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-22] (Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-05-24] (Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-05-24] (Dev47Apps)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [25032 2018-01-17] ()
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [20936 2017-11-23] (Windows (R) Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-02-27] (Microsoft Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [92864 2018-04-19] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195896 2018-10-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1214752 2018-10-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1039664 2018-10-18] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-03-15] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [139976 2018-04-19] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2012-01-17] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-18] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-22] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 11:33 - 2018-10-18 11:33 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-18 11:33 - 2018-10-18 11:33 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-18 11:33 - 2018-10-18 11:33 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-18 01:36 - 2018-10-18 01:36 - 000001084 _____ C:\Users\Ahmed Al-Jefairi\Desktop\SFCFix.txt
2018-10-18 01:36 - 2018-10-18 01:36 - 000000000 ____D C:\SFCFix
2018-10-18 01:30 - 2018-10-18 01:36 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Local\niemiro
2018-10-17 23:08 - 2018-10-17 23:08 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-17 22:50 - 2018-10-17 22:50 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-17 22:50 - 2018-10-17 22:50 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Local\mbamtray
2018-10-17 22:50 - 2018-10-17 22:50 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Local\mbam
2018-10-17 22:50 - 2018-10-17 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-17 22:50 - 2018-10-17 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-17 22:50 - 2018-10-17 22:50 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-17 22:50 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-10-17 20:31 - 2018-10-17 20:31 - 000065486 _____ C:\Users\Ahmed Al-Jefairi\Documents\cc_20181017_203123.reg
2018-10-17 17:58 - 2018-10-20 02:47 - 000000000 ____D C:\FRST
2018-10-17 15:48 - 2018-10-17 15:48 - 000003260 _____ C:\Windows\System32\Tasks\{56EA3770-3A67-4FAB-9FB6-535FED0E7B6F}
2018-10-04 14:02 - 2018-10-04 14:02 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-10-04 14:02 - 2018-10-04 14:02 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-20 02:36 - 2016-09-20 01:26 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Roaming\qBittorrent
2018-10-20 01:39 - 2014-10-22 04:12 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-10-19 12:25 - 2014-10-22 00:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-19 04:09 - 2009-07-14 07:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-19 04:09 - 2009-07-14 07:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-18 13:22 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2018-10-18 13:21 - 2018-04-19 10:46 - 000152960 _____ (AO Kaspersky Lab) C:\Windows\system32\klhkum.dll
2018-10-18 13:21 - 2016-09-12 23:03 - 001214752 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2018-10-18 13:21 - 2016-09-12 23:03 - 001039664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2018-10-18 13:21 - 2016-06-26 15:10 - 000195896 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2018-10-18 01:39 - 2014-10-22 21:51 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Roaming\DMCache
2018-10-18 00:03 - 2016-12-01 22:26 - 000003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-10-17 23:47 - 2014-10-22 20:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-17 23:47 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-17 20:17 - 2014-10-22 01:41 - 000006656 _____ C:\Windows\system32\lpcio.dll
2018-10-17 19:53 - 2018-08-19 01:14 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Local\ElevatedDiagnostics
2018-10-17 19:03 - 2014-10-22 20:25 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Roaming\FileZilla
2018-10-17 15:49 - 2014-10-22 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-17 15:49 - 2014-10-22 20:50 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-17 15:48 - 2014-10-22 20:50 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-16 00:48 - 2014-10-22 00:41 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-15 15:30 - 2014-10-23 00:48 - 000000000 ____D C:\Program Files (x86)\OfflineList 0.7.3a
2018-10-15 15:00 - 2014-10-23 00:10 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\LocalLow\Adobe
2018-10-11 03:22 - 2017-05-27 03:50 - 000421352 _____ C:\Windows\system32\FNTCACHE.DAT
2018-10-11 03:06 - 2009-07-14 05:34 - 000000478 _____ C:\Windows\win.ini
2018-10-11 03:05 - 2014-10-22 00:35 - 000000000 ____D C:\Windows\system32\MRT
2018-10-11 03:03 - 2014-10-22 00:35 - 136745976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-10-11 03:01 - 2014-10-22 01:26 - 003029106 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-10-11 03:01 - 2014-10-22 01:06 - 000748446 _____ C:\Windows\system32\perfh00A.dat
2018-10-11 03:01 - 2014-10-22 01:06 - 000693614 _____ C:\Windows\system32\perfh00C.dat
2018-10-11 03:01 - 2014-10-22 01:06 - 000482004 _____ C:\Windows\system32\perfh001.dat
2018-10-11 03:01 - 2014-10-22 01:06 - 000159464 _____ C:\Windows\system32\perfc00A.dat
2018-10-11 03:01 - 2014-10-22 01:06 - 000131222 _____ C:\Windows\system32\perfc00C.dat
2018-10-11 03:01 - 2014-10-22 01:06 - 000095762 _____ C:\Windows\system32\perfc001.dat
2018-10-11 03:01 - 2009-07-14 08:13 - 003029106 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-10 12:08 - 2014-10-22 21:11 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-10 12:08 - 2014-10-22 21:11 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-10 12:08 - 2014-10-22 21:11 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-10-10 12:08 - 2014-10-22 21:11 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-10 12:08 - 2014-10-22 21:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-08 16:19 - 2015-10-30 21:18 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-07 12:31 - 2016-02-20 18:13 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\Documents\theRenamer
2018-10-05 00:25 - 2017-05-27 03:51 - 000110024 _____ C:\Users\Ahmed Al-Jefairi\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-04 14:06 - 2014-10-22 21:44 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Roaming\vlc
2018-10-03 13:50 - 2016-03-13 17:26 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Local\JDownloader v2.0
2018-09-26 16:00 - 2018-08-12 17:34 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\Desktop\Vita Hacking
2018-09-26 15:46 - 2018-08-02 08:40 - 000000000 ____D C:\Users\Ahmed Al-Jefairi\AppData\Roaming\soarqin
2018-09-22 13:31 - 2017-05-22 13:53 - 000001154 _____ C:\Users\Ahmed Al-Jefairi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2018-09-20 21:42 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\system32\catroot2.bak
2018-09-20 20:12 - 2017-10-24 23:18 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-09-20 20:12 - 2017-04-07 14:07 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-09-20 09:36 - 2015-01-09 17:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-20 00:05 - 2014-10-22 20:34 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-10-23 00:38 - 2014-10-23 00:41 - 000000600 _____ () C:\Users\Ahmed Al-Jefairi\AppData\Roaming\winscp.rnd
2016-05-18 21:02 - 2017-04-06 04:14 - 000045568 _____ () C:\Users\Ahmed Al-Jefairi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-03 21:10 - 2016-07-03 21:10 - 000001792 _____ () C:\Users\Ahmed Al-Jefairi\AppData\Local\recently-used.xbel
2014-10-23 20:28 - 2018-06-28 02:18 - 000007598 _____ () C:\Users\Ahmed Al-Jefairi\AppData\Local\resmon.resmoncfg
2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Ahmed Al-Jefairi\AppData\Local\setup.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:30

==================== End of FRST.txt ============================

Madridi · Oct 19, 2018

Additional Log:
--------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Ahmed Al-Jefairi (20-10-2018 02:47:55)
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) (2014-10-21 21:06:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2288954308-418550406-815630550-500 - Administrator - Disabled)
Ahmed Al-Jefairi (S-1-5-21-2288954308-418550406-815630550-1001 - Administrator - Enabled) => C:\Users\Ahmed Al-Jefairi
Guest (S-1-5-21-2288954308-418550406-815630550-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2288954308-418550406-815630550-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.3 - Futuremark)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AIDA64 Extreme v4.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.70 - FinalWire Ltd.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
clrmamepro (HKLM-x32\...\clrmamepro) (Version: 4.00.33.0 - Roman Scherzer)
CMake (HKLM-x32\...\{AFAA3072-0AF0-4124-B664-DEC2666CF6E5}) (Version: 3.5.0 - Kitware)
CPUID HWMonitor Pro 1.29 (HKLM\...\CPUID HWMonitorPro_is1) (Version: 1.29 - )
CPUID ROG CPU-Z 1.71 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.71 - CPUID, Inc.)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
devkitProUpdater 1.6.0 (HKLM-x32\...\devkitProUpdater) (Version: 1.6.0 - devkitPro)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
EaseUS Partition Master 12.9 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
erLT (HKLM-x32\...\{A498D9EB-927B-459B-85D6-DD6EF8C2C564}) (Version: 1.20.0137 - Logitech, Inc.) Hidden
FileBot (HKLM-x32\...\{9C335136-F74D-489C-94F0-E691F9F6FB8F}) (Version: 4.7.9 - Reinhard Pointner)
FileZilla Client 3.36.0 (HKLM-x32\...\FileZilla Client) (Version: 3.36.0 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.56 - FileZilla Project)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.16.2.1 - Futuremark Corporation)
G9x User's Guide (HKLM\...\{05408942-55F9-4D32-AE07-A9ECDC013961}) (Version: 1.10.0000 - Logitech)
Git version 2.7.2 (HKLM\...\Git_is1) (Version: 2.7.2 - The Git Development Community)
GnuWin32: Make-3.81 (HKLM-x32\...\Make-3.81_is1) (Version: 3.81 - GnuWin32)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Go Programming Language amd64 go1.6.3 (HKLM-x32\...\{1B57FA66-2E0C-4ED9-BFA7-7D008073F62F}) (Version: 1.6.3 - hxxps://golang.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HackingToolkit3DS version 9 (HKLM-x32\...\{DFCCDD37-4B7E-4E7D-ABAC-06AA7C1DEFB5}_is1) (Version: 9 - Asia81)
HackingToolkit9DS version 11 (HKLM-x32\...\{03A02BEC-85C1-480F-ABDB-BB4B1F547671}_is1) (Version: 11 - Asia81)
HackingToolkit9DS version 12 (HKLM-x32\...\{2BB35841-AB00-4127-8CBC-B23599BA8426}_is1) (Version: 12 - Asia81)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.1 - HexChat)
HP Deskjet 4640 series Basic Device Software (HKLM\...\{81DC7FEB-87CF-4E3E-8A1C-83C837215DC7}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 4640 series Help (HKLM-x32\...\{8DF1C066-BBD8-4B9F-A5BC-AC555C9A872F}) (Version: 31.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
ImageMagick 6.9.2-10 Q16 (64-bit) (2015-12-20) (HKLM\...\ImageMagick 6.9.2 Q16 (64-bit)_is1) (Version: 6.9.2 - ImageMagick Studio LLC)
ImageMagick 7.0.4-5 Q16 (64-bit) (2017-01-21) (HKLM\...\ImageMagick 7.0.4 Q16 (64-bit)_is1) (Version: 7.0.4 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{73D60EDA-FD00-4CB4-8723-212AFB2219CF}) (Version: 7.3.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
Logitech SetPoint 5.10 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.10 - Logitech)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1034 - Marvell)
MediaInfo 18.08 (HKLM\...\MediaInfo) (Version: 18.08 - MediaArea.net)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
MKVToolNix 20.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 20.0.0 - Moritz Bunkus)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Nero 8 Essentials (HKLM-x32\...\{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}) (Version: 8.3.582 - Nero AG)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.77 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Paquete de compatibilidad de Microsoft .NET Framework 4.6.1 (español) (HKLM-x32\...\{2ECA62A3-BA78-4B96-BEA3-0E9DA82F08D9}) (Version: 4.6.01055 - Microsoft Corporation)
PBP Unpacker v0.94 (HKLM-x32\...\PBP Unpacker_is1) (Version: - pdc)
Perl (x64) (HKLM\...\{13088604-3B4D-4C5A-AE0F-6DE82273F1C4}) (Version: 5.20.0 - HexChat)
Plex Media Server (HKLM-x32\...\{2fb84613-d20f-4778-8955-66178d5dee6f}) (Version: 1.10.1.4602 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{CB3C17B5-1DE6-4D78-9447-38C6F1277A2A}) (Version: 1.10.1602 - Plex, Inc.) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PSP Type B Driver 1.2.6 (HKLM-x32\...\PSP Type B Driver) (Version: 1.2.6 - ${PRODUCT_PUBLISHER})
Python 2.7 pycrypto-2.6.1 (HKLM\...\pycrypto-py2.7) (Version: - )
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 2.7.8 (64-bit) (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56De}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (HKLM-x32\...\{C68BE7C0-355D-49B6-B950-A558FAA17451}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (HKLM-x32\...\{7665C66D-78C4-4B30-B4B9-8DD484403532}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (HKLM-x32\...\{2B2FED36-5D63-411A-A8C4-E311D70BCF33}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (HKLM-x32\...\{77EEC303-714C-4290-AF63-5252FDB5D7C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (HKLM-x32\...\{946BBA68-EDC0-4981-83D3-09592B9A84FA}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4F29879C-940D-4599-8CEC-407579F73DF7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (HKLM-x32\...\{65A2F7DA-ACD7-4EC1-8A88-665D535D9CE7}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C387DB53-A25F-49E3-8DF7-94F47E5A7921}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (HKLM-x32\...\{FA87440D-634A-4581-AD9C-C6FA859B88DD}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (HKLM-x32\...\{9254A29B-0F60-444C-B5CE-DB7E2505474C}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
qBittorrent 4.1.3 (HKLM-x32\...\qBittorrent) (Version: 4.1.3 - The qBittorrent project)
Qcma (HKLM\...\Qcma) (Version: 0.4.1 - codestation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidCRC 0.6.1 (HKLM-x32\...\RapidCRC) (Version: 0.6.1 - Sebastian Ewert)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
rebox.NET 2.9.9.3 (HKLM-x32\...\{02846029-D5BA-4504-96B2-2BD844FE3AAF}_is1) (Version: 2.9.9.3 - clone.AD)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{87BFB956-DC1D-38FC-A849-A9997A183F63}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.65.0 - Samsung Electronics Co., Ltd.)
SDK de Microsoft .NET Framework 4.6.1 (español) (HKLM-x32\...\{07570008-8840-4A14-A752-1367157138A5}) (Version: 4.6.01055 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.28 (HKLM-x32\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{5E4EA395-F2C2-4A16-A4C7-99897E1859F2}) (Version: 1.10.1602 - Plex, Inc.) Hidden
SummerProperties 1.2 (HKLM\...\97149975-b4b1-4d2b-b9fe-7ba413d0efeb_is1) (Version: 1.2 - Johny Mattsson)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{23F3B544-D6BD-322B-A48A-C66790A8AE0D}) (Version: 14.102.25521 - Microsoft) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
theRenamer 7.69 (HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version: - theRenamer)
TV Show Renamer 2.8.7 Beta (HKLM-x32\...\TV Show Renamer) (Version: 2.8.7 Beta - Scott Nation.)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
UEStudio '10.20 (HKLM-x32\...\{4F8C52F6-FE88-4276-B514-1AA8ABD1CA41}) (Version: 10.20.2 - IDM Computer Solutions, Inc.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VC90_CRT_x64 (HKLM-x32\...\{71B7840D-BB4D-409C-87A2-9EFD10BC0C3D}) (Version: 1.00.0000 - Intel Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VS Update core components (HKLM-x32\...\{2FAE53FC-8859-3EB9-BAAA-3A9BE26931BC}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{D949D8A9-0CEF-3997-BA76-75EA19E62137}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WiiU_USB_Helper (HKU\S-1-5-21-2288954308-418550406-815630550-1001\...\2bfcfdc8f5500a14) (Version: 0.6.1.655 - WiiU_USB_Helper)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\52F55B7350CFAA8EB4941B1D74E758A1F2C2007A) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Driver Package - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.5-0 - Bitnami)
XMedia Recode version 3.3.8.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.8.0 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2288954308-418550406-815630550-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2009-03-25] (Nero AG)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers1-x32-x32: [RapidCRC] -> {E5A23DE9-6CC4-4f8c-88E9-AF8455B38E06} => C:\Program Files (x86)\RapidCRC\rcrcshex.dll [2005-01-18] ()
ContextMenuHandlers1-x32-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2009-06-18] (TOSHIBA)
ContextMenuHandlers1-x32-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers4-x32: [RapidCRC] -> {E5A23DE9-6CC4-4f8c-88E9-AF8455B38E06} => C:\Program Files (x86)\RapidCRC\rcrcshex.dll [2005-01-18] ()
ContextMenuHandlers4-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2009-06-18] (TOSHIBA)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-01-24] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2018-10-18] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2288954308-418550406-815630550-1001: [UEStudio] -> {18f2a19c-9c6d-42c3-aff1-91a546ae4208} => C:\Program Files (x86)\IDM Computer Solutions\UEStudio\ues64ctmn.dll [2010-09-24] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18B9CA38-9050-4F4B-A46E-A47B548FEED4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {33954D3F-10FB-47DC-8163-A87D89D6B71A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {3459797A-D696-458F-A728-752B60532339} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {385F2EFB-000C-4658-BFFD-EE89C2BDF83F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {3C6FBEF8-DEA8-46EE-8005-C73179111638} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {4CE73837-AC01-4183-AB1A-4C5ED597E5BA} - System32\Tasks\ScanToPCActivationApp.exe_{90E8179E-4A87-497C-8499-7F57B6262FE3} => C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {56D2C200-C635-4387-B9DB-E9F35CFE30FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {59C4F860-AEF4-4766-A621-0B453CBFD35E} - System32\Tasks\{6636B803-AD20-4A47-84A0-7F219747BB65} => E:\New folder (2)\PSP\UMDGen 4.00.exe
Task: {5B1AB1D7-11AD-4D0B-8A3B-152B7E904F16} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {5E7D7707-3148-47D0-9C8A-0B71CA396FCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {6406A2F2-242B-4DAE-9982-C3D9E5F1D32B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {95FD5C94-5300-4E04-880A-A46AAD316C03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {960FB805-9906-429C-AACF-07C7D610D766} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {9646DDCA-F75E-408D-B803-3BEB7620FBBF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {99595D6E-087D-4AAB-9258-BFABD118DF11} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {AFAD0A2B-319A-49C0-A1B6-C04FE104AA48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {B6AC9EC0-77EA-487B-A14F-3A06053DE1BA} - System32\Tasks\{56EA3770-3A67-4FAB-9FB6-535FED0E7B6F} => C:\Windows\system32\pcalua.exe -a C:\Users\AHMEDA~1\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {C619D5E9-1AB6-47EA-973E-4A50849E7CB2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {D6AEDEC3-54C7-4A97-B947-F58A4AC35306} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {D79803A6-A4B3-4C8E-99AA-7A26F53926AC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {F1121085-E08B-40E1-901D-3DA2229CDDEF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ahmed Al-Jefairi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ahmed Al-Jefairi\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Ahmed Al-Jefairi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ahmed Al-Jefairi\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Ahmed Al-Jefairi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ahmed Al-Jefairi\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"

==================== Loaded Modules (Whitelisted) ==============

2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-07 15:50 - 2017-05-03 23:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-08-27 14:57 - 2018-08-27 14:57 - 000054440 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2018-08-28 10:46 - 2018-08-28 10:46 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-08-28 10:46 - 2018-08-28 10:46 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2015-07-21 03:22 - 2015-07-21 03:22 - 000347648 _____ () C:\Program Files (x86)\No-IP\DUC40.exe
2018-05-04 23:25 - 2014-11-18 14:44 - 000255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe
2015-07-20 18:34 - 2015-07-20 18:34 - 000012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2018-09-20 00:05 - 2018-09-15 11:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-20 00:05 - 2018-09-15 11:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2018-09-19 00:11 - 2018-09-19 00:11 - 024981504 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2018-10-17 22:50 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-12-13 05:18 - 2017-12-13 05:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-10-07 15:50 - 2017-05-03 23:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-20 18:34 - 2015-07-20 18:34 - 000073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-05-04 23:25 - 2014-02-13 15:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\traynet.dll
2018-05-04 23:25 - 2014-02-13 15:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\libcurl.dll
2018-05-04 23:25 - 2014-02-13 15:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\zlib1.dll
2018-05-04 23:25 - 2014-02-13 15:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\uexper.dll
2018-08-27 14:57 - 2018-08-27 14:57 - 000049320 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2288954308-418550406-815630550-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ahmed Al-Jefairi\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 10.37.86.78
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ahmed Al-Jefairi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: qBittorrent => "C:\Program Files (x86)\qBittorrent\qbittorrent.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2047F489-7697-43FC-8BF2-ABD978C8B88D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{817FFF86-D1EC-4C76-9164-8880BF25913D}H:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Allow) H:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe
FirewallRules: [UDP Query User{62F05572-3214-42FE-B6A8-89519351D0F7}H:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Allow) H:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe
FirewallRules: [{A22498C6-761B-4B7F-A79C-BD3A24509C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D0E9EC1-4EEB-4EFC-A274-0FB2C340539B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AA71783-266E-44F3-8E54-A328E7F0B85B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B8F52FC-5129-4B91-A506-6BFAD69969E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{559A6108-7008-404A-92C4-9D1FAF417BCC}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\FaxApplications.exe
FirewallRules: [{AD07EAE0-8515-4ACB-A0C5-35E2776F058A}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\DigitalWizards.exe
FirewallRules: [{3D88972C-21C6-4A03-B992-0C53908C3B71}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\SendAFax.exe
FirewallRules: [{F7455127-4A73-4E72-840D-327191ABE6F5}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\DeviceSetup.exe
FirewallRules: [{672B2D52-D67C-4884-B0BD-C0768012DAE2}] => (Allow) LPort=5357
FirewallRules: [{AB64888C-66C2-4E7C-84A5-BA037EC79BFF}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A0429BCC-5C41-46D6-8CFD-8E98E3DE9F43}] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{454B2763-FE2C-4DB8-AC8B-1228A0D51E98}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{D3FAD71A-F26C-4310-B2B6-1D998C3AA7CD}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{C8A60E54-7F37-48AC-BA54-A5DE36418768}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{15C0A2B9-5E59-41E6-B533-CB89FF519E05}] => (Allow) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
FirewallRules: [{5D76FA33-2CD3-4790-98B1-9E9B1A631D0A}] => (Allow) LPort=990
FirewallRules: [{59CC230B-BC41-4E18-BEC8-7C94776AA9DB}] => (Allow) LPort=21
FirewallRules: [{0AD547C3-730D-4C21-BC1A-22091AD0D37C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{68559EE1-8E7E-4923-97FF-DF905E40D559}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C87BB211-39C2-4CA7-90AE-22D437A52C66}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{1384E763-4EC3-4EDD-9C7F-8A03F5FCB862}C:\xampp\htdocs\saviine\saviine_server.exe] => (Allow) C:\xampp\htdocs\saviine\saviine_server.exe
FirewallRules: [UDP Query User{232FACBD-4A6E-4EB3-A1A6-AEBAE61D8B5E}C:\xampp\htdocs\saviine\saviine_server.exe] => (Allow) C:\xampp\htdocs\saviine\saviine_server.exe
FirewallRules: [TCP Query User{5C469B40-CB3A-4BA9-96E2-CE83D7DE0EF0}C:\xampp\htdocs\vita\stage2.exe] => (Allow) C:\xampp\htdocs\vita\stage2.exe
FirewallRules: [UDP Query User{4E5155B9-D4A1-4D59-8019-675A08A7B894}C:\xampp\htdocs\vita\stage2.exe] => (Allow) C:\xampp\htdocs\vita\stage2.exe
FirewallRules: [TCP Query User{28F82F02-40DB-4349-9321-8BA42A7A0D55}C:\xampp\htdocs\sdcafiine\sdcafiine_server.exe] => (Allow) C:\xampp\htdocs\sdcafiine\sdcafiine_server.exe
FirewallRules: [UDP Query User{FCB93C21-B1EC-4144-A5BA-86BC0F793003}C:\xampp\htdocs\sdcafiine\sdcafiine_server.exe] => (Allow) C:\xampp\htdocs\sdcafiine\sdcafiine_server.exe
FirewallRules: [TCP Query User{D7B62AFD-FBA6-4B3B-8188-8DAB8FCF0CA4}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe
FirewallRules: [UDP Query User{F82E9114-D20B-46E6-B97A-DF4388D5EC30}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe
FirewallRules: [TCP Query User{D2F1709D-5DC6-4155-B860-6CE80DD98AE1}C:\xampp\htdocs\dddtitledumper\ddd.exe] => (Allow) C:\xampp\htdocs\dddtitledumper\ddd.exe
FirewallRules: [UDP Query User{746D8665-4662-4C61-B18B-FDAC2FE1F1F4}C:\xampp\htdocs\dddtitledumper\ddd.exe] => (Allow) C:\xampp\htdocs\dddtitledumper\ddd.exe
FirewallRules: [TCP Query User{2840C99C-43D7-45EB-991E-96E7190BBC5E}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{861C0D83-D9FD-4090-A41D-AC17843B634C}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{D9857405-BDB0-492A-8DBB-CF22E6DE6749}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0128881-E54C-4CF6-9910-DED97175A40A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E69A0A26-AEBC-462A-BEFE-CB6243A564A2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{26EBBB50-8526-4665-9A3C-50003FA70C1B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13A8CA29-94A9-4611-A6A5-DCBB8DD348C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{00203C65-2B43-4372-BD0E-246BDDAFD772}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{844DE329-28B9-4274-9C54-910BB188CD16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{983A0CA1-FCC2-40BF-9139-6266DF72770D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9E704AC-2E96-42A0-BE11-76F98EBDF726}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{A8A3280D-DAF9-427A-8577-2261FB3FB19D}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{28A88D6F-AAA4-4457-AA91-4204DA021373}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [{4267B802-443B-4A37-B39F-CB5CA2C10F45}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{20F72788-4089-4322-9094-577AC41BF3DC}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2AB035A0-8780-4C1E-92B2-59D666BA1B05}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{B61EB38E-C05C-4FF8-9B86-06232EB5EB25}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{FAE3E7A0-63A7-4124-93EE-711A1879F698}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [TCP Query User{6F0A3F80-C332-4FB5-8365-E09F1475D261}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{6CDD3942-3733-475F-859C-8B6580BFF918}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{CB01C4E9-CE3F-42A8-B7A0-B0BCC7AF935E}C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_07346a2bd6e2fd25\wiiu_usb_helper.exe] => (Allow) C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_07346a2bd6e2fd25\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{01EA4F58-F306-4315-9BF6-6A45235EBAF5}C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_07346a2bd6e2fd25\wiiu_usb_helper.exe] => (Allow) C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_07346a2bd6e2fd25\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{6EE66485-B4B9-447C-9329-2A5067B8D602}C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_4254db977f3083a5\wiiu_usb_helper.exe] => (Allow) C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_4254db977f3083a5\wiiu_usb_helper.exe
FirewallRules: [UDP Query User{EDD03187-BE50-473F-84C1-D19B3DCD2EF2}C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_4254db977f3083a5\wiiu_usb_helper.exe] => (Allow) C:\users\ahmed al-jefairi\appdata\local\apps\2.0\8wxeza92.wgc\reh3b12v.kl6\wiiu..tion_0000000000000000_0000.0006_4254db977f3083a5\wiiu_usb_helper.exe
FirewallRules: [TCP Query User{B369DE02-A2C1-462B-84C5-66B7E35C01E8}E:\finalhe.exe] => (Allow) E:\finalhe.exe
FirewallRules: [UDP Query User{A2F7351E-FEEC-48C8-B50A-2CC40C4987E5}E:\finalhe.exe] => (Allow) E:\finalhe.exe
FirewallRules: [TCP Query User{D3242D93-DF84-4BE3-BB2D-143A1F36F0D7}E:\teknoparrot_1.63\mkdx10\amcus\amauthd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\amauthd.exe
FirewallRules: [UDP Query User{BD238A1E-F15A-44A8-ADE8-08EE41C17ED0}E:\teknoparrot_1.63\mkdx10\amcus\amauthd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\amauthd.exe
FirewallRules: [TCP Query User{F638AD73-05A5-4801-9A5B-B61B9FA62BA8}E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe
FirewallRules: [UDP Query User{5796DE08-93CA-40C0-ACE0-49E0DB5E1878}E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe
FirewallRules: [TCP Query User{0CDAA469-D14A-4080-BC6E-AEE29DE418BE}E:\teknoparrot_1.63\mkdx10\mk_agp3_final.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\mk_agp3_final.exe
FirewallRules: [UDP Query User{7FB8BF1E-F98D-41F9-BD3D-E8154603241A}E:\teknoparrot_1.63\mkdx10\mk_agp3_final.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\mk_agp3_final.exe
FirewallRules: [TCP Query User{CF0E31CE-AB17-4A6C-8F99-BD178A55EA89}E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe
FirewallRules: [UDP Query User{5951AE83-F085-493D-9BC9-1D050A22B646}E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe] => (Allow) E:\teknoparrot_1.63\mkdx10\amcus\muchabin\muchacd.exe
FirewallRules: [{D12F3986-3617-45C8-A781-A3CD9E728F68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F85C5164-5E77-42F0-9802-7E6A95FFFF41}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{907BB5DB-60D4-4FBB-9990-BD4807075C41}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{E4681EB4-5483-4855-A6D1-6BA4FC79449D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{6003B6DC-7386-4192-9203-775BAFD66D06}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA73EBC3-5F4A-4882-9035-A6912992DD9B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{383BEE73-2ABB-4239-878A-1FCAE8707876}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{98B2D5E8-6B29-4920-AA95-B629E2CEFC08}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5543392-00DF-480F-B6B6-FA96D5881327}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{10784114-D77D-4E52-9B70-DAA92D90BAF8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{40F1768C-A508-4E43-AE20-E8D0FC3F2EEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{62ADAD6A-1B32-4B1D-8EF1-94B42A3C6F22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7BA2E70-664F-475A-947F-C373D4B44E0E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A6989584-9506-42DC-A087-C81E85AA1CDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

17-10-2018 21:10:28 Scheduled Checkpoint
17-10-2018 23:24:35 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2018 11:09:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000005
Fault offset: 0x000000000001f177
Faulting process id: 0xdf8
Faulting application start time: 0x01d4665516b5a0dd
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report Id: 9291a9b3-d248-11e8-a847-20cf3055f463

Error: (10/17/2018 10:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: SelfProtectionSdk.dll, version: 3.0.0.360, time stamp: 0x5b995ba2
Exception code: 0xc0000005
Fault offset: 0x000000000001f177
Faulting process id: 0x2324
Faulting application start time: 0x01d46652a063d361
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
Report Id: a01861f8-d246-11e8-a8ea-20cf3055f463

Error: (10/17/2018 05:58:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {59d33dee-7079-49e1-9c62-87e49364f00a}

Error: (09/16/2018 04:11:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Exception code: 0xc0000005
Fault offset: 0x00000000000ba290
Faulting process id: 0x251c
Faulting application start time: 0x01d44dbed9ebea7d
Faulting application path: C:\Program Files\Windows Sidebar\sidebar.exe
Faulting module path: C:\Program Files\Windows Sidebar\sidebar.exe
Report Id: 17a1fb09-b9b2-11e8-bc66-20cf3055f463

Error: (09/16/2018 04:11:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Faulting module name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7
Exception code: 0xc0000005
Fault offset: 0x0000000000055f60
Faulting process id: 0xfac
Faulting application start time: 0x01d44a310582afc8
Faulting application path: C:\Program Files\Windows Sidebar\sidebar.exe
Faulting module path: C:\Program Files\Windows Sidebar\sidebar.exe
Report Id: 13c79898-b9b2-11e8-bc66-20cf3055f463

Error: (08/19/2018 05:34:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MK_AGP3_FINAL.exe, version: 0.0.0.0, time stamp: 0x55a38b64
Faulting module name: MK_AGP3_FINAL.exe, version: 0.0.0.0, time stamp: 0x55a38b64
Exception code: 0xc0000005
Fault offset: 0x003a83ed
Faulting process id: 0x271c
Faulting application start time: 0x01d43752e31f8986
Faulting application path: E:\TeknoParrot_1.63\mkdx10\MK_AGP3_FINAL.exe
Faulting module path: E:\TeknoParrot_1.63\mkdx10\MK_AGP3_FINAL.exe
Report Id: 753fe295-a358-11e8-b050-20cf3055f463

Error: (08/19/2018 02:11:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\TeknoParrot_1.63\mkdx10\AMCUS\MuchaBin\muchacd-debug.exe".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/19/2018 02:11:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "E:\TeknoParrot_1.63\mkdx10\Mucha\muchacd-debug.exe".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (10/18/2018 01:22:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (10/17/2018 11:48:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2018 11:48:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2018 11:47:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (10/17/2018 11:31:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2018 11:31:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2018 11:30:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (10/17/2018 11:11:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-08-03 15:28:39.235
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Ircbrute!gmb threat description - Windows Defender Security Intelligence
Name:Trojan:Win32/Ircbrute!gmb
ID:203707
Severity:Severe
Category:Trojan
Path Found:containerfile:E:\auto-xbins.zip;file:E:\auto-xbins.zip->auto-xbins/xbins.exe;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5C596606-6689-48D1-9CDE-C1E3B0FFAAE1}-auto-xbins.zip;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{5C596606-6689-48D1-9CDE-C1E3B0FFAAE1}-auto-xbins.zip|404 Not Found
Detection Type:Concrete
Detection Source

ownloads and attachments
Status:Unknown
Process Name:C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Date: 2018-07-04 03:42:47.913
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.442.0
Previous Signature Version:1.269.1974.0
Update Source:User
Signature Type:AntiSpyware
Update Type

elta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-04 03:42:47.913
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

CodeIntegrity:
===================================

Date: 2016-03-25 19:33:05.161
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 23:38:29.659
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-11 23:38:29.659
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 01:26:51.215
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 01:26:51.215
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 01:25:53.417
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 01:25:53.417
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-06 22:08:30.699
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 12279.12 MB
Available physical RAM: 7232.07 MB
Total Virtual: 24556.42 MB
Available Virtual: 19040.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:88.11 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:436.01 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:34.67 GB) NTFS

\\?\Volume{61c2bf69-59b9-11e4-848a-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: B14E04C8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D57620C4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 7974EC14)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Oh My! · Oct 19, 2018

Thank you for the clarification and reports.

I am sure I don't have to alert you to the dangers of torrent file sharing but I would be remiss if I didn't at least mention it.

Having identified some specific errors in Windows Update I am in the process of obtaining the files we will need to install on your computer to try to overcome your issues. I probably won't have that next step ready and approved until tomorrow my time.

The FRST reports look pretty good but let's do this.

===================================================

Farbar Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------

Please download View attachment fixlist.txt and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
Right click on FRST and select Run as administrator
Click Fix and once completed your computer will reboot
The tool will create a log on the desktop called Fixlog.txt
Copy and paste the contents of that document your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Fixlog

Madridi · Oct 20, 2018

Hello Oh My!

Yes, I understand the risks behind torrent it. I am conceptually against it, but I have started using it recently as its the only viable method of getting some files. That said, I dont download any programs or installable files. Nore than 90% of my downloads are verified video files.

I would like to give you a bit of heads up. We have got some heavy rain today, and well, our internet and phone lines do not work. My isp said they will be visiting to fix this in 48 hours.

Given that I am using ethernet on my pc (no wireless), I have no way of downloading the attachement and running it then posting back at the moment. So I ask for some patience (48 hours if the isp remains true to their word). It should also give you enough time for the next step.

I'll report back once I know more info. I am xurrently replying from my phone (using 4g)

Thanks again

Oh My! · Oct 20, 2018

No problem at all. Thank you for going through the effort to update me.

Stay safe.....

Gary

Madridi · Oct 23, 2018

Oh My! said:
No problem at all. Thank you for going through the effort to update me.

Stay safe.....

Gary

Hello Gary,

Finally got internet again, and all is well.

I just ran fix, and here is the text in fixlog:

---------------------------------------------------------
Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Ahmed Al-Jefairi (23-10-2018 17:03:01) Run:2
Running from E:\
Loaded Profiles: Ahmed Al-Jefairi (Available Profiles: Ahmed Al-Jefairi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-10-11 03:06 - 2009-07-14 05:34 - 000000478 _____ C:\Windows\win.ini
Task: {B6AC9EC0-77EA-487B-A14F-3A06053DE1BA} - System32\Tasks\{56EA3770-3A67-4FAB-9FB6-535FED0E7B6F} => C:\Windows\system32\pcalua.exe -a C:\Users\AHMEDA~1\AppData\Local\Temp\jre-8u191-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\taphss6 => removed successfully
taphss6 => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Windows\win.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6AC9EC0-77EA-487B-A14F-3A06053DE1BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6AC9EC0-77EA-487B-A14F-3A06053DE1BA}" => removed successfully
C:\Windows\System32\Tasks\{56EA3770-3A67-4FAB-9FB6-535FED0E7B6F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56EA3770-3A67-4FAB-9FB6-535FED0E7B6F}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8987652 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 6386407 B
Edge => 0 B
Chrome => 418063140 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 22748 B
Ahmed Al-Jefairi => 14839669 B

RecycleBin => 0 B
EmptyTemp: => 435.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:03:48 ====

Oh My! · Oct 23, 2018

Glad you are doing well.

Thank you for the report, that looks great. I am in the process of consulting with my mentor regarding our next steps and hopefully will have another post for you in a reasonable amount of time.

Oh My! · Oct 24, 2018

Greetings.

Thank you for your continued patience.

Let's start with this.

===================================================

Manually Uninstalling a Windows Update

--------------------

Click Start, type cmd, right click on Command Prompt (or cmd) above and select Run as administrator
Type or copy and paste the following after the Command Prompt and hit Enter

wusa /uninstall /KB:4457139

If the update is found click Yes on the Do you want to uninstall the following Windows software update? screen
If the update is not installed click OK
Report in your reply whether the update was successfully uninstalled or was not found

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Update uninstall?

Madridi · Oct 24, 2018

Oh My! said:
Greetings.

Thank you for your continued patience.

Let's start with this.

===================================================

Manually Uninstalling a Windows Update

--------------------

Click Start, type cmd, right click on Command Prompt (or cmd) above and select Run as administrator

Type or copy and paste the following after the Command Prompt and hit Enter

wusa /uninstall /KB:4457139

If the update is found click Yes on the Do you want to uninstall the following Windows software update? screen

If the update is not installed click OK

Report in your reply whether the update was successfully uninstalled or was not found

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Update uninstall?

Hello,

Just ran the command. It says the update is NOT installed on my computer.

Thanks

Oh My! · Oct 24, 2018

Thank you for the quick reply and information.

Those results are unfortunate but not completely unexpected. Though we may face the same results I would like to do the same thing for the companion update to the one we just looked for.

Please do this.

===================================================

Manually Uninstalling a Windows Update

--------------------

Click Start, type cmd, right click on Command Prompt (or cmd) above and select Run as administrator
Type or copy and paste the following after the Command Prompt and hit Enter

wusa /uninstall /KB:4457144

If the update is found click Yes on the Do you want to uninstall the following Windows software update? screen
If the update is not installed click OK
Report in your reply whether the update was successfully uninstalled or was not found

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Update uninstall?

Madridi · Oct 24, 2018

Oh My! said:
Thank you for the quick reply and information.

Those results are unfortunate but not completely unexpected. Though we may face the same results I would like to do the same thing for the companion update to the one we just looked for.

Please do this.

===================================================

Manually Uninstalling a Windows Update

--------------------

Click Start, type cmd, right click on Command Prompt (or cmd) above and select Run as administrator

Type or copy and paste the following after the Command Prompt and hit Enter

wusa /uninstall /KB:4457144

If the update is found click Yes on the Do you want to uninstall the following Windows software update? screen

If the update is not installed click OK

Report in your reply whether the update was successfully uninstalled or was not found

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Update uninstall?

Thanks once again for the reply.

The result is the same as the one before. The update is NOT installed on my PC.

Oh My! · Oct 24, 2018

Greetings,

Thank you for going through that verification step.

Now please do this.

===================================================

Obtaining Windows Update History Log Using Farbar Recovery Scan Tool (FRST)

--------------------

If necessary, download FRST for either 64 bit or 32 bit computers. If unsure, download both and only the correct one will run.
Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time
The information will be copied invisibly and will be "pasted" into FRST automatically when you click Fix as instructed below

Code:

Start::
CloseProcesses:
StartPowershell:
$Session = New-Object -ComObject "Microsoft.Update.Session" 
 
$Searcher = $Session.CreateUpdateSearcher() 
 
$historyCount = $Searcher.GetTotalHistoryCount() 
 
$Searcher.QueryHistory(0, $historyCount) | Select-Object Date, 
 
   @{name="Operation"; expression={switch($_.operation){ 
 
       1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}}}}, 
 
   @{name="Status"; expression={switch($_.resultcode){ 
 
       1 {"In Progress"}; 2 {"Succeeded"}; 3 {"Succeeded With Errors"}; 
 
       4 {"Failed"}; 5 {"Aborted"} 
 
}}}, Title | Export-Csv -NoType "$Env:userprofile\Desktop\WindowsUpdates.csv"
EndPowershell:
End::

Click Fix
When completed he tool will create a log on the desktop called Fixlog.txt. Copy and paste the report in your reply.
In addition, a Windows Update file will be placed on your desktop. Please attach that file to your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog
Attached Windows Update file

Error 80073712: Havent been able to install most updates for almost 2 years

Well-known member

Well-known member

Emeritus

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Well-known member

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst

Well-known member

Sysnative Staff, Security Analyst