PC Infection- svchost.exe and Video ads

[KrymeX12]

Hello,

 

I recently experienced an issue while browsing the internet whereby a video popup would appear on many pages, and closing this video would subsequently attempt to redirect me to a website. After downloading Malwarebytes, no malware was detected, but the video popups persist (the site itself, however, is blocked by Malwarebytes). Subsequent to downloading Malwarebytes, a constant message appears warning of a malicious website being blocked that originates from svchost.exe to the same IP address, through various ports. I was wondering if you could assist me with this matter.

[kevinf80]

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

 
Next,
 
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Make sure Addition.txt is checkmarked under "Optional scans"
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.
  

let me see those logs in your reply..

 

Thank you,

 

Kevin...
 

[KrymeX12]

Hello again,

 

Here are the requested logs:

 

MalwareBytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-12-23
Scan Time: 5:13 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.23.02
Rootkit Database: v2015.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Karim Messak

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347640
Time Elapsed: 11 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

AdwCleaner log:

# AdwCleaner v5.026 - Logfile created 23/12/2015 at 05:42:26
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Karim Messak - DESKTOP-LG8KFMJ
# Running from : C:\Users\Karim Messak\Downloads\AdwCleaner (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [800 bytes] ##########
 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Karim Messak (Administrator) on 2015-12-23 at  5:29:37.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\Karim Messak\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Public\asr.dat (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-23 at  5:31:20.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Karim Messak (administrator) on DESKTOP-LG8KFMJ (23-12-2015 05:48:08)
Running from C:\Users\Karim Messak\Downloads
Loaded Profiles: Karim Messak (Available Profiles: Karim Messak)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkNGui] => C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [9403096 2015-07-16] (Realtek Semiconductor)
HKLM\...\Run: [RtI2SBgProc] => C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2707672 2015-07-16] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [742592 2015-07-16] (Conexant Systems, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955872 2015-09-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-08-29] (NCSOFT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286784 2015-09-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-337104247-703420634-313039277-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-337104247-703420634-313039277-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-337104247-703420634-313039277-1001\...\RunOnce: [uninstall C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-337104247-703420634-313039277-1001\...\RunOnce: [uninstall C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-337104247-703420634-313039277-1001\...\RunOnce: [uninstall C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Karim Messak\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-07]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.3.252.70 5.152.219.50
Tcpip\..\Interfaces\{2b004695-3176-4863-aa87-0e6afafeafb4}: [DhcpNameServer] 31.3.252.70 5.152.219.50
Tcpip\..\Interfaces\{4fa3d144-bae7-4371-811f-b216930409f5}: [DhcpNameServer] 192.168.4.3
Tcpip\..\Interfaces\{5a8e3138-1f5f-46aa-b768-70ceb2c4d5b9}: [DhcpNameServer] 40.25.1.201 40.25.1.202

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-337104247-703420634-313039277-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-337104247-703420634-313039277-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-337104247-703420634-313039277-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-16] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-16] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-16] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Karim Messak\AppData\Roaming\Mozilla\Firefox\Profiles\8qyvv306.default
FF Homepage: about:blank
hxxp://www.lenovo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-16] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-09-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-09-07] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.2.0.5371003\npmathplugin.dll [2015-08-03] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Karim Messak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-18] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-07] (RealNetworks, Inc.)
R2 RtkI2SCodec; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [168680 2015-08-20] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2015-09-19] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [68096 2015-07-10] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-07-10] (ASIX Electronics Corp.)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [167152 2015-06-18] (Intel Corporation)
R3 IntcADSP; C:\Windows\system32\DRIVERS\IntcADSP.sys [738576 2015-07-16] (Intel® Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [9391896 2015-06-22] (Intel Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 RTKI2SAC; C:\Windows\system32\DRIVERS\RTKI2SAC.sys [236776 2015-08-20] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-10] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-06-10] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-09-19] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31280 2015-07-11] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-23 05:43 - 2015-12-23 05:43 - 00016148 _____ C:\windows\system32\DESKTOP-LG8KFMJ_Karim Messak_HistoryPrediction.bin
2015-12-23 05:43 - 2015-12-23 05:43 - 00000000 ____D C:\Users\Karim Messak\AppData\Local\CrashRpt
2015-12-23 05:31 - 2015-12-23 05:31 - 00000687 _____ C:\Users\Karim Messak\Desktop\JRT.txt
2015-12-23 05:30 - 2015-12-23 05:41 - 01743360 _____ C:\Users\Karim Messak\Downloads\AdwCleaner (1).exe
2015-12-23 05:30 - 2015-12-23 05:30 - 01599336 _____ (Malwarebytes) C:\Users\Karim Messak\Downloads\JRT (1).exe
2015-12-23 05:28 - 2015-12-23 05:29 - 01599336 _____ (Malwarebytes) C:\Users\Karim Messak\Downloads\JRT.exe
2015-12-23 05:25 - 2015-12-23 05:26 - 01743360 _____ C:\Users\Karim Messak\Downloads\AdwCleaner.exe
2015-12-23 02:57 - 2015-12-23 05:48 - 00022695 _____ C:\Users\Karim Messak\Downloads\FRST.txt
2015-12-23 02:57 - 2015-12-23 05:34 - 00033688 _____ C:\Users\Karim Messak\Downloads\Addition.txt
2015-12-23 02:56 - 2015-12-23 05:48 - 00000000 ____D C:\FRST
2015-12-23 02:54 - 2015-12-23 02:56 - 02370560 _____ (Farbar) C:\Users\Karim Messak\Downloads\FRST64.exe
2015-12-23 02:53 - 2015-12-23 02:54 - 01721344 _____ (Farbar) C:\Users\Karim Messak\Downloads\FRST.exe
2015-12-23 02:21 - 2015-12-23 02:21 - 00001167 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-23 02:21 - 2015-12-23 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 02:21 - 2015-12-23 02:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-23 02:21 - 2015-12-23 02:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 02:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-23 02:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-23 02:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-23 02:20 - 2015-12-23 02:20 - 00002420 _____ C:\Users\Karim Messak\Desktop\Rkill.txt
2015-12-23 02:19 - 2015-12-23 02:19 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karim Messak\Downloads\iExplore.exe
2015-12-23 02:16 - 2015-12-23 02:18 - 00525100 _____ C:\TDSSKiller.3.1.0.9_23.12.2015_02.16.23_log.txt
2015-12-23 02:15 - 2015-12-23 02:16 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Karim Messak\Downloads\tdsskiller.exe
2015-12-22 18:12 - 2015-12-22 18:12 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Karim Messak\Downloads\mbam-clean-2.1.1.1001.exe
2015-12-22 18:06 - 2015-12-23 05:42 - 00000000 ____D C:\AdwCleaner
2015-12-22 18:03 - 2015-12-22 18:05 - 01743360 _____ C:\Users\Karim Messak\Downloads\adwcleaner_5.026.exe
2015-12-22 17:14 - 2015-12-23 05:43 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-22 17:07 - 2015-12-22 17:13 - 22908888 _____ (Malwarebytes ) C:\Users\Karim Messak\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-19 14:49 - 2015-12-19 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-18 00:12 - 2015-12-18 00:12 - 00000222 _____ C:\Users\Karim Messak\Desktop\XCOM Enemy Unknown.url
2015-12-17 21:19 - 2015-12-17 21:19 - 00513993 _____ C:\Users\Karim Messak\Documents\IMG_20151217_0002.pdf
2015-12-17 21:19 - 2015-12-17 21:19 - 00507720 _____ C:\Users\Karim Messak\Documents\IMG_20151217_0003.pdf
2015-12-17 21:18 - 2015-12-17 21:18 - 00522749 _____ C:\Users\Karim Messak\Documents\IMG_20151217_0001.pdf
2015-12-16 23:15 - 2015-12-16 23:15 - 01413920 _____ C:\windows\Minidump\121615-5015-01.dmp
2015-12-15 02:04 - 2015-12-15 02:04 - 04189184 _____ C:\Users\Karim Messak\Downloads\Lecture12_adaptation_sv (6).ppt
2015-12-12 23:07 - 2015-12-12 23:07 - 00951161 _____ C:\Users\Karim Messak\Documents\Karim_Messak_Quiz_One.pdf
2015-12-12 23:06 - 2015-12-12 23:06 - 00964387 _____ C:\Users\Karim Messak\Documents\IMG_20151212_0002.pdf
2015-12-12 22:59 - 2015-12-12 22:59 - 00957343 _____ C:\Users\Karim Messak\Documents\IMG_20151212_0001.pdf
2015-12-11 22:57 - 2015-12-11 22:57 - 04189184 _____ C:\Users\Karim Messak\Downloads\Lecture12_adaptation_sv (5).ppt
2015-12-11 22:31 - 2015-12-11 22:31 - 04189184 _____ C:\Users\Karim Messak\Downloads\Lecture12_adaptation_sv (4).ppt
2015-12-08 17:53 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-12-08 17:53 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\gpuenergydrv.sys
2015-12-08 17:53 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2015-12-08 17:53 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2015-12-08 17:53 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-08 17:53 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-08 17:53 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2015-12-08 17:53 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\windows\explorer.exe
2015-12-08 17:53 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\windows\system32\NetworkUXBroker.exe
2015-12-08 17:53 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-12-08 17:53 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-12-08 17:53 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-08 17:53 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\windows\system32\userenv.dll
2015-12-08 17:53 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-08 17:53 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2015-12-08 17:53 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-12-08 17:53 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-08 17:53 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-08 17:53 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\windows\SysWOW64\userenv.dll
2015-12-08 17:53 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2015-12-08 17:53 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\windows\system32\WlanMediaManager.dll
2015-12-08 17:53 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\windows\system32\MBMediaManager.dll
2015-12-08 17:53 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\windows\system32\RasMediaManager.dll
2015-12-08 17:53 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\EthernetMediaManager.dll
2015-12-08 17:53 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\DAMediaManager.dll
2015-12-08 17:53 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2015-12-08 17:53 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-08 17:53 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-12-08 17:53 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\windows\system32\SRHInproc.dll
2015-12-08 17:53 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-12-08 17:53 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-12-08 17:53 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2015-12-08 17:53 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-08 17:53 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\windows\system32\DAMM.dll
2015-12-08 17:53 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\dot3mm.dll
2015-12-08 17:53 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-08 17:53 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2015-12-08 17:53 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-08 17:53 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\windows\system32\ninput.dll
2015-12-08 17:53 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-08 17:53 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-08 17:53 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2015-12-08 17:53 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\windows\system32\comdlg32.dll
2015-12-08 17:53 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\windows\system32\shutdownux.dll
2015-12-08 17:53 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-12-08 17:53 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\profext.dll
2015-12-08 17:53 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-08 17:53 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2015-12-08 17:53 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-08 17:53 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2015-12-08 17:53 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\windows\system32\win32kbase.sys
2015-12-08 17:53 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\duser.dll
2015-12-08 17:53 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-08 17:53 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZST.DLL
2015-12-08 17:53 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-08 17:53 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-08 17:53 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2015-12-08 17:53 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2015-12-08 17:53 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2015-12-08 17:53 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-12-08 17:53 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRHInproc.dll
2015-12-08 17:53 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2015-12-08 17:53 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-12-08 17:53 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ninput.dll
2015-12-08 17:53 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2015-12-08 17:53 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-08 17:53 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-08 17:53 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-08 17:53 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.dll
2015-12-08 17:53 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\profext.dll
2015-12-08 17:53 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-08 17:53 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2015-12-08 17:53 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\windows\SysWOW64\duser.dll
2015-12-08 17:53 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-08 17:53 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-08 17:53 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZST.DLL
2015-12-08 17:53 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-08 17:53 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-08 17:53 - 2015-11-24 21:52 - 00775312 _____ C:\windows\SysWOW64\locale.nls
2015-12-08 17:53 - 2015-11-24 21:52 - 00775312 _____ C:\windows\system32\locale.nls
2015-12-08 16:47 - 2015-12-08 16:47 - 00309375 _____ C:\Users\Karim Messak\Downloads\Unit 2, Chapters 7 and 8, 15-16 (4).pptx
2015-12-08 15:42 - 2015-12-08 15:42 - 01358960 _____ C:\windows\Minidump\120815-4921-01.dmp
2015-12-08 12:28 - 2015-12-08 12:28 - 01363224 _____ C:\windows\Minidump\120815-4875-01.dmp
2015-12-06 00:55 - 2015-12-06 00:55 - 00159704 _____ C:\Users\Karim Messak\Downloads\Unit 2, Chapter 6, 15-16 (2).pptx
2015-12-06 00:40 - 2015-12-06 00:40 - 01966592 _____ C:\Users\Karim Messak\Downloads\Unit 1  15-16 (9).ppt
2015-12-06 00:40 - 2015-12-06 00:40 - 00159704 _____ C:\Users\Karim Messak\Downloads\Unit 2, Chapter 6, 15-16 (1).pptx
2015-12-05 23:30 - 2015-12-05 23:30 - 01966592 _____ C:\Users\Karim Messak\Downloads\Unit 1  15-16 (8).ppt
2015-12-05 23:29 - 2015-12-05 23:29 - 01467832 _____ C:\windows\Minidump\120515-4890-01.dmp
2015-12-04 13:53 - 2015-12-04 13:53 - 01966592 _____ C:\Users\Karim Messak\Downloads\Unit 1  15-16 (7).ppt
2015-12-03 11:46 - 2015-12-03 11:46 - 01692192 _____ C:\windows\Minidump\120315-4937-01.dmp
2015-12-02 23:08 - 2015-12-02 23:09 - 00282056 _____ C:\windows\Minidump\120215-5562-01.dmp
2015-12-02 21:10 - 2015-12-02 21:10 - 00822272 _____ C:\Users\Karim Messak\Downloads\Unit 3 15-16 (1).ppt
2015-12-01 11:01 - 2015-12-01 11:01 - 00003350 _____ C:\windows\System32\Tasks\{A257CE99-4BCB-4104-AC3E-6F826DEF99F7}
2015-11-29 17:30 - 2015-11-29 17:30 - 00882176 _____ C:\Users\Karim Messak\Downloads\Chapter5 (1).ppt
2015-11-29 17:11 - 2015-11-29 17:11 - 00884224 _____ C:\Users\Karim Messak\Downloads\Chapter5.ppt
2015-11-29 16:54 - 2015-11-29 16:54 - 00037483 _____ C:\Users\Karim Messak\Downloads\MaternalHealthStudy-fulldata (1).csv
2015-11-29 15:06 - 2015-11-29 15:06 - 00822272 _____ C:\Users\Karim Messak\Downloads\Unit 3 15-16.ppt
2015-11-29 12:13 - 2015-11-29 12:13 - 01482584 _____ C:\windows\Minidump\112915-8828-01.dmp
2015-11-26 16:15 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2015-11-26 16:15 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-11-26 16:15 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2015-11-26 16:15 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2015-11-26 16:15 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-11-26 16:15 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-11-26 16:15 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2015-11-26 16:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2015-11-26 16:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2015-11-26 16:15 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2015-11-26 16:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_41.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2015-11-26 16:15 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_41.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2015-11-26 16:15 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2015-11-26 16:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2015-11-26 16:15 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2015-11-26 16:15 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2015-11-26 16:15 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2015-11-26 16:15 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2015-11-26 16:15 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2015-11-26 16:15 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2015-11-26 16:15 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2015-11-26 16:15 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2015-11-26 16:15 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2015-11-26 16:15 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2015-11-26 16:15 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2015-11-26 16:15 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2015-11-26 16:15 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2015-11-26 16:15 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2015-11-26 16:15 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2015-11-26 16:15 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2015-11-26 16:15 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2015-11-26 16:15 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2015-11-26 16:15 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2015-11-26 16:15 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2015-11-26 16:15 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2015-11-26 16:15 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2015-11-26 16:15 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2015-11-26 16:15 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2015-11-26 16:15 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2015-11-26 16:15 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2015-11-26 16:15 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2015-11-26 16:15 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2015-11-26 16:15 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2015-11-26 16:15 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2015-11-26 16:15 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2015-11-26 16:15 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2015-11-26 16:15 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2015-11-26 16:15 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2015-11-26 16:15 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2015-11-26 16:15 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2015-11-26 16:15 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2015-11-26 16:15 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2015-11-26 16:15 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2015-11-26 16:15 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2015-11-26 16:15 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2015-11-26 16:15 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2015-11-26 16:15 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2015-11-26 16:15 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2015-11-26 16:15 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2015-11-26 16:15 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2015-11-26 16:15 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2015-11-26 16:15 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2015-11-26 16:15 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2015-11-26 16:15 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2015-11-26 16:15 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2015-11-26 16:15 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2015-11-26 16:15 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2015-11-26 16:15 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2015-11-26 16:15 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2015-11-26 16:15 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2015-11-26 16:15 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2015-11-26 16:15 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2015-11-26 16:15 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2015-11-26 16:15 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2015-11-26 16:15 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2015-11-26 16:15 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2015-11-26 16:15 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2015-11-26 16:15 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2015-11-26 16:15 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2015-11-26 16:15 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2015-11-26 16:15 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2015-11-26 16:15 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2015-11-26 16:15 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2015-11-26 16:15 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2015-11-26 16:15 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2015-11-26 16:15 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2015-11-26 16:14 - 2015-11-26 16:14 - 00001176 _____ C:\Users\Public\Desktop\AION Free-to-Play.lnk
2015-11-26 16:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2015-11-26 16:14 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2015-11-26 16:14 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2015-11-26 16:14 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2015-11-26 16:14 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2015-11-26 16:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2015-11-26 16:14 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2015-11-26 16:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2015-11-26 16:14 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2015-11-26 16:14 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2015-11-26 16:14 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2015-11-26 16:14 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2015-11-26 16:14 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2015-11-26 16:14 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2015-11-26 16:14 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2015-11-26 16:14 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2015-11-26 16:14 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2015-11-26 16:14 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2015-11-26 16:14 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2015-11-26 16:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2015-11-26 16:14 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2015-11-26 16:14 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2015-11-26 16:14 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2015-11-26 16:14 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2015-11-26 16:12 - 2015-11-26 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-11-26 16:12 - 2015-11-26 16:12 - 20197096 _____ (Gameforge ) C:\Users\Karim Messak\Downloads\AION_GameforgeLiveSetup_EN.exe
2015-11-26 16:12 - 2015-11-26 16:12 - 00001132 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2015-11-26 16:12 - 2015-11-26 16:12 - 00000000 ____D C:\Users\Karim Messak\Downloads\Gameforge Live
2015-11-26 16:12 - 2015-11-26 16:12 - 00000000 ____D C:\Users\Karim Messak\AppData\Local\Gameforge4d
2015-11-26 16:12 - 2015-11-26 16:12 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2015-11-24 17:52 - 2015-11-24 17:52 - 00003350 _____ C:\windows\System32\Tasks\{A745D087-F387-4C27-8646-C3B51D36B6AD}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-23 05:44 - 2015-08-21 07:26 - 00000000 ____D C:\Users\Karim Messak\AppData\Roaming\Skype
2015-12-23 05:43 - 2015-08-28 07:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-23 05:43 - 2015-08-20 19:55 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 05:43 - 2015-08-20 19:52 - 00000000 __SHD C:\Users\Karim Messak\IntelGraphicsProfiles
2015-12-23 05:43 - 2015-08-20 19:51 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-23 05:43 - 2015-07-10 07:21 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-23 05:42 - 2015-07-10 04:05 - 00262144 ___SH C:\windows\system32\config\BBI
2015-12-23 05:33 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-23 05:18 - 2015-10-02 17:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 05:16 - 2015-08-20 19:55 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-23 02:38 - 2015-07-16 01:09 - 00969890 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-23 02:38 - 2015-07-10 06:02 - 00000000 ____D C:\windows\INF
2015-12-23 02:36 - 2015-08-20 19:55 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-22 13:43 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 13:43 - 2015-07-10 06:04 - 00000000 ____D C:\windows\AppReadiness
2015-12-19 14:49 - 2015-08-21 07:26 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-19 14:49 - 2015-08-21 07:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-19 14:49 - 2015-08-21 07:26 - 00000000 ____D C:\Users\Karim Messak\AppData\Local\Skype
2015-12-19 14:49 - 2015-08-21 07:26 - 00000000 ____D C:\ProgramData\Skype
2015-12-18 17:06 - 2015-09-25 19:16 - 00000000 ____D C:\Users\Karim Messak\Documents\My Games
2015-12-16 23:46 - 2015-08-21 10:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-16 23:46 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-16 23:29 - 2015-08-20 19:52 - 00000000 ____D C:\Users\Karim Messak
2015-12-16 23:15 - 2015-08-21 21:16 - 833946840 _____ C:\windows\MEMORY.DMP
2015-12-16 23:15 - 2015-08-21 21:16 - 00000000 ____D C:\windows\Minidump
2015-12-16 21:17 - 2015-08-20 19:55 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 11:34 - 2015-08-20 19:52 - 00000000 ____D C:\Users\Karim Messak\AppData\Local\Packages
2015-12-15 04:06 - 2015-07-10 06:04 - 00000000 ____D C:\windows\LiveKernelReports
2015-12-11 16:33 - 2015-07-10 06:04 - 00000000 ____D C:\windows\rescache
2015-12-11 15:45 - 2015-07-10 07:20 - 00378904 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-11 01:30 - 2015-07-10 06:04 - 00000000 ____D C:\windows\system32\oobe
2015-12-10 23:30 - 2015-08-20 19:54 - 00002380 _____ C:\Users\Karim Messak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-10 23:30 - 2015-08-20 19:54 - 00000000 ___RD C:\Users\Karim Messak\OneDrive
2015-12-08 22:39 - 2015-08-20 21:59 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-08 19:57 - 2015-07-10 05:55 - 00000000 ____D C:\windows\CbsTemp
2015-12-08 19:56 - 2015-08-21 21:24 - 00000000 ____D C:\windows\system32\MRT
2015-12-08 19:54 - 2015-08-21 21:24 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-07 10:58 - 2015-07-16 01:50 - 00000000 ____D C:\windows\Panther
2015-12-07 10:55 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-04 18:42 - 2015-07-22 09:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-02 10:11 - 2015-08-20 19:55 - 00003996 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 10:11 - 2015-08-20 19:55 - 00003764 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 19:32 - 2015-07-10 06:06 - 00826872 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-30 19:32 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-29 16:55 - 2015-09-16 09:21 - 00000000 ____D C:\RData_STA215
2015-11-29 14:53 - 2015-09-07 19:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 15:51 - 2015-09-07 19:49 - 00000000 ____D C:\Users\Karim Messak\AppData\Roaming\Real
2015-11-26 15:51 - 2015-09-07 19:47 - 00000000 ____D C:\ProgramData\Real
2015-11-25 15:12 - 2015-10-14 14:49 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-25 15:12 - 2015-10-14 14:49 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-25 15:12 - 2015-10-14 14:49 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-25 15:12 - 2015-10-14 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

Some files in TEMP:
====================
C:\Users\Karim Messak\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Karim Messak\AppData\Local\Temp\lowproc.exe
C:\Users\Karim Messak\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Karim Messak\AppData\Local\Temp\sqlite3.dll
C:\Users\Karim Messak\AppData\Local\Temp\stubhelper.dll
C:\Users\Karim Messak\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-13 22:44

==================== End of FRST.txt ============================

 

The addition.txt file from FRST has been attached

 

Addition_23-12-2015_05-48-59.txt

[kevinf80]

Does the issue still happen, if so can you post the most recent "Protection" log from Malwarebytes...

 

Open Malwarebytes

• Click on the History tab > Application Logs.
• Double click on the Protection log which shows the most recent Date and time..
  
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
• Close the program > Don't Fix anything!
  

 

Thank you,

 

Kevin..
 

[KrymeX12]

The problem is persistent.

 

The protection log was to long to paste into the reply, so I have attached it.

The RogueKiller report is also attached

RogueKillerLog.txt

ProtectionLog.txt

[kevinf80]

The IP address information follows:

 

IP Location    United Kingdom United Kingdom Gosport Dedicated Server Hosting
ASN    United Kingdom AS35662 REDSTATION Redstation Limited (registered Jul 14, 2008)
Resolve Host    h5-152-219-50.host.redstation.co.uk
Whois Server    whois.ripe.net
IP Address    5.152.219.50

 

Is that known to you?

[KrymeX12]

No, it is not known to me.

[kevinf80]

Do you have a specific browser open when the blocks happen

[KrymeX12]

No,it happens regardless of the browser. So far I have tried chrome, firefox, and microsoft edge

[kevinf80]

Does it happen with no browser open?

[KrymeX12]

Yes, it does indeed.

[KrymeX12]

Yes, it does indeed. As an added development, when I attempted to play an online game (League of Legends). A popup appeared several times, stating that a secure connection to the site could not be established, and mentioning a certificate.

[kevinf80]

Go to this link: https://windowsinstructed.com/clean-boot-windows-windows/ follow the instructions and run your system in "Clean Boot" mode. See if the issue happens in that mode....

Clean Boot is all 3rd party services (none system services) disabled....

[KrymeX12]

After following the instructions and restarting, the popup regarding the malicious website continues to show up. I've noticed, however, that after restarting, when I opened msconfig. The "Load startup items" box was checked again, even after disabling it and clicking apply and trying this several times. al other changes in msconfig seemed to persist after the first time I did them.

[kevinf80]

I was expecting the issue to cease in Clean Boot, thought probably a none system service would be at fault... Change the system back to normal mode, instructions at the link I provided earlier..

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

• The file will be randomly named
• Reboot to safe mode <<<<<------------ http://support.eset.com/kb2268/
• Run Dr Web
• Tick the I agree box and select continue
• Click select objects for scanning
  
  
  
  
  
• Tick all boxes as shown
• Click the wrench and select automatically apply actions to threats
  
  
  
  
  
• Press start scan
• The scan will now commence
  
  
  
  
  
• Once the scan has finished click open report <<<--- Do not miss this step
  
  
  
  
  
• A notepad will open
• Select File > Save as..
• Save it to your desktop
  

This log will be excessive,  Please attach it to your next reply…
 

Thanks,

 

Kevin....

[KrymeX12]

As requested, the cureit log is attached.

cureit.log.txt

[kevinf80]

Upload a File to Virustotal

Go to http://www.virustotal.com/

• Click the Choose file button
• Navigate to the file C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
• Click the Scan it tab
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.
  

 

Thank you,

 

Kevin..

[KrymeX12]

SHA256: d3228a13cc455b8ed228881ab1d3c0570aac005dad7ff0cef0f6f2118a5b805b File name: downloader2.exe Detection ratio: 1 / 54 Analysis date:

2015-12-24 00:40:01 UTC ( 0 minutes ago )                                                       Jiangmin Adware.Agent.dxe 20151223 ALYac   20151224 AVG   20151223 AVware   20151223 Ad-Aware   20151224 AegisLab   20151223 Agnitum   20151220 AhnLab-V3   20151223 Alibaba   20151208 Antiy-AVL   20151223 Arcabit   20151224 Avast   20151223 Avira   20151224 Baidu-International   20151223 BitDefender   20151223 Bkav   20151223 ByteHero   20151224 CAT-QuickHeal   20151223 CMC   20151217 ClamAV   20151223 Comodo   20151224 Cyren   20151224 DrWeb   20151224 ESET-NOD32   20151224 Emsisoft   20151224 F-Prot   20151223 F-Secure   20151223 Fortinet   20151223 GData   20151223 Ikarus   20151223 K7AntiVirus   20151223 K7GW   20151223 Kaspersky   20151223 Malwarebytes   20151224 McAfee   20151224 McAfee-GW-Edition   20151224 MicroWorld-eScan   20151224 Microsoft   20151223 NANO-Antivirus   20151224 Panda   20151223 Rising   20151223 SUPERAntiSpyware   20151223 Sophos   20151224 Symantec   20151223 Tencent   20151224 TheHacker   20151223 TrendMicro   20151224 TrendMicro-HouseCall   20151224 VBA32   20151223 VIPRE   20151219 ViRobot   20151224 Zillya   20151223 Zoner   20151223 nProtect   20151223

​

[kevinf80]

Can you uninstall RealNetworks then re-boot your PC. Run FRST again as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

 

Thank you,

 

Kevin
 

[KrymeX12]

Is there anything to be done in particular for the uninstallation, or is it simply deleting the folder?

[KrymeX12]

Here are the requested logs after RealNetwork was uninstalled via settings-> system-> apps and features

Addition_23-12-2015_20-13-31.txt

FRST_23-12-2015_20-13-31.txt

[kevinf80]

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on RealNetworks to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option
 

[KrymeX12]

Hello. After uninstalling via settings->system-> apps and features, I cannot find RealNetwork in the geek uninstaller app. I can only assume it was successfully uninstalled

[kevinf80]

Has that made any difference?

[KrymeX12]

The video popups have stopped, but the "Malicious website blocked" notification persists. Process: C:\Windows\System32\svchost.exe