Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by maher (08-08-2018 22:11:58)
Running from C:\Users\maher\Downloads
Windows 10 Home Version 1803 17134.165 (X64) (2018-06-16 03:23:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1256764830-1755746423-1667595358-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1256764830-1755746423-1667595358-503 - Limited - Disabled)
Guest (S-1-5-21-1256764830-1755746423-1667595358-501 - Limited - Disabled)
maher (S-1-5-21-1256764830-1755746423-1667595358-1002 - Administrator - Enabled) => C:\Users\maher
WDAGUtilityAccount (S-1-5-21-1256764830-1755746423-1667595358-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Aide et support Dell (HKLM\...\{7B3E057E-F356-4DB0-A664-4FF813C73F20}) (Version: 2.1.59.0 - Dell Inc.) Hidden
Aide et support Dell (HKLM-x32\...\InstallShield_{7B3E057E-F356-4DB0-A664-4FF813C73F20}) (Version: 2.1.59.0 - Dell Inc.)
Amazon Assistant (HKLM-x32\...\{42FA793A-4E94-4FA3-A638-9B4B6B1D6A25}) (Version: 10.18.0221 - Amazon) <==== ATTENTION
Amazon Search (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{BB0F1FB3-6352-BDEE-32D3-B3F463E3B95C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.1026.2023.34870 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chromium (HKLM-x32\...\{45E3AD23-1563-7CA3-A4E3-0C237463DFA3}) (Version: - )
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cisco Packet Tracer 7.1 64Bit (HKLM\...\Cisco Packet Tracer 7.1 64Bit_is1) (Version: 7.1.0.0222 - Cisco Systems, Inc.)
Cisco Packet Tracer 7.1.1 64Bit (HKLM\...\Cisco Packet Tracer 7.1.1 64Bit_is1) (Version: 7.1.1.0132 - Cisco Systems, Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{B16CC15E-08D8-4FA8-AE36-4DC5C197ED92}) (Version: 3.3.0.4941 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{74d58082-09be-4059-afb8-50334cde261d}) (Version: 3.3.0.4941 - Dell Inc.)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Enregistrement du produit (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Enregistrement du produit Dell (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Exam Formatter 3.0 (HKLM-x32\...\Exam Formatter_is1) (Version: - ExamCollection.com)
Exam Testing Engine (HKLM-x32\...\Exam Testing Engine_is1) (Version: - Vumingo)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FastAccess (HKLM\...\{4CA6FFA7-9EA2-4C0D-BDC2-1931EB52C9D8}) (Version: 4.1.224.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Chrome Canary (HKU\S-1-5-21-1256764830-1755746423-1667595358-1002\...\Google Chrome SxS) (Version: 70.0.3516.0 - Google Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 161 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180161}) (Version: 8.0.1610.12 - Oracle Corporation)
JMP 13 (Single User) (HKLM-x32\...\{F8E90FFA-3E88-470D-8171-5DC23A076AA2}) (Version: 13.1.0 - SAS Institute Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.208 - McAfee, Inc.)
McAfee® AntiVirus (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1256764830-1755746423-1667595358-1002\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 61.0.1 (x64 fr) (HKU\S-1-5-21-1256764830-1755746423-1667595358-1002\...\Mozilla Firefox 61.0.1 (x64 fr)) (Version: 61.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team)
Npcap 0.83 (HKLM-x32\...\NpcapInst) (Version: 0.83 - Nmap Project)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.3 - Qualcomm Atheros)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.1.5.86 - Client Connect LTD) <==== ATTENTION
Search the Web (Yahoo) (HKLM-x32\...\{CEA02660-9E20-F7E0-2FA0-8760FF2054E0}) (Version: - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
SoundBooster 58.7891 (HKLM-x32\...\SoundBooster 58.7891) (Version: 58.7891 - LetaSoft LLC)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TomTom MyDrive Connect 4.1.6.3229 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3229 - TomTom)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-040C-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft)
VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version: - Avanset)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 11.1.4 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.4 - VMware, Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wireshark 2.2.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Yahoo! Powered (HKLM-x32\...\{DDA13561-8D21-E4E1-3CA1-9461EC2147E1}) (Version: - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\maher\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\maher\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{A20662AD-1909-4774-8FC2-5F8BDC3A21AB}\localserver32 -> C:\Program Files (x86)\Chameleon Explorer\ChameleonExplorer.exe (NeoSoft Tools)
CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maher\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\maher\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002_Classes\CLSID\{FA372A6E-149F-4E95-832D-8F698D40AD7F}\localserver32 -> C:\Users\maher\AppData\Local\Google\Chrome SxS\Application\70.0.3516.0\notification_helper.exe (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-05-17] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2016-05-05] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-05-05] (VMware, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-10-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EC4955-0C74-4515-9799-9C7ABA9BAC7B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {1663EECA-DC28-4B92-870A-97194197027C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1256764830-1755746423-1667595358-1002Core => C:\Users\maher\AppData\Local\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.)
Task: {18759AC8-DB67-49E2-8180-7797553F9F74} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {21F3C970-3FA0-427A-B230-536951750F9F} - System32\Tasks\bvyvdvge => C:\Users\maher\AppData\Local\bvyvdvge\bvyvdvge.exe <==== ATTENTION
Task: {2460B6E9-D1EA-4F30-92B2-9DF130A0F437} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {249EE4DB-A4D4-45A3-B1E8-A7AD62B2E882} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {27B94167-D23C-4B39-A655-D89DCE7CF6EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {2804A194-58CE-4013-B6D8-42BA45B12D40} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {2D47E89E-1C52-4BB7-AA3B-BFED43143045} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
Task: {2DBDB64E-C15D-457B-B25C-DE8ABABD10B3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {38C73D8A-F2B5-4649-99CC-6C85D12121BC} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-01] (Distromatic) <==== ATTENTION
Task: {48D4CA1B-39EF-424E-9E56-EEA99D3AD92A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {5CEEA664-B9EF-4A3C-BEBF-97590273CB8C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {5E741D39-EAA0-4588-8A42-64D69A5C73C1} - System32\Tasks\Chameleon Folder-maher => "C:\Program Files (x86)\Chameleon Explorer\ChameleonFolder.exe"
Task: {61E658A4-70FE-4CA4-A78F-38895CE066A2} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-06-14] (McAfee, LLC.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {663945B0-DBB0-4E76-ADE0-36A59475DC6B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {67404BCC-ABEC-4DC0-BA6C-290E9294D804} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {786F3AD2-D43C-4E22-9695-F0EDA95556B8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {7A46E5B7-0870-421F-9108-DAD51005644D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-06-11] (McAfee, Inc.)
Task: {A2F43F07-031A-4271-85E8-C8E2BBE69BC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-24] (Google Inc.)
Task: {A3C59260-34D4-4AF7-AB87-FA65BB58CE7D} - System32\Tasks\Yahoo! Powered roril => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{0076C515-8A34-4FD3-0CF2-D19196B05A5F}\sofa.txt" "68747470733a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b30303736433531352d384133342d344644332d304346322d4431393139364230354135467d5c6e696c696e69" "433a5c50726f6772616d446174615c7b30303736433531352d384133342d344644332d3043 (the data entry has 80 more characters). <==== ATTENTION
Task: {B389F22B-7F48-4F4D-857F-117D43971F3B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {B5904B8A-290E-4ED8-858B-D16EAB0B8FC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-24] (Google Inc.)
Task: {B5F49FA6-E5B8-44B0-9217-B417BD387665} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-14] (McAfee, Inc.)
Task: {BD6F41E3-3C1A-4A59-BE29-E80CDBF983FA} - System32\Tasks\{535F725E-CDA4-8FC5-BC64-5C417F747557} => C:\PROGRA~2\COMMON~1\535F72~1\SYNCVE~1.EXE
Task: {C0788DD6-B792-482D-83F2-F2F66517910F} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {C2599EA0-FD35-457F-AE8B-C491EF7F2F2B} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {C26A4818-B111-444D-9383-1571DBC6DE4B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {C283B2A5-4644-4C77-A3EB-B2A78B22B631} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {C459DBB4-9C83-43B8-93C7-D695ABEADC73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1256764830-1755746423-1667595358-1002UA => C:\Users\maher\AppData\Local\Google\Update\GoogleUpdate.exe [2017-07-16] (Google Inc.)
Task: {C56AE9E8-1CCC-4D98-98CB-3C286CD2E936} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-01] (Distromatic) <==== ATTENTION
Task: {C7FD46EB-B4E6-456A-AF44-5194C9B536BC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CA8FA003-9344-43AC-8040-CA436A732506} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {CE14EF57-7FE3-4B07-BD66-F6C9739B01E4} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\maher\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe [2017-09-19] ()
Task: {D5D7E778-27E2-4225-BF46-289BB7A14A9F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {D82B0F56-1F5F-44AE-9C42-32EB09F88AE9} - System32\Tasks\S-1-5-21-1256764830-1755746423-1667595358-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {E1029647-39C0-4E7B-8BBE-D0E85E2E26BF} - System32\Tasks\System\SystemChecks => C:\Windows\System32\wscript.exe C:\Users\Public\Libraries\Checks.vbs
Task: {E38EC52C-2F43-4608-8E40-F66EFE8EE1DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E92874E4-2951-466C-BAC6-4D440DFECE40} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {E9B223FA-CDBD-48DB-810D-5E6824F57115} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {ED7A2494-A345-44B6-9C20-A00D9E16BC5D} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-01] (Distromatic) <==== ATTENTION
Task: {F1F4B8AA-DE26-4909-B1D9-A396950861C4} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-01] (Distromatic) <==== ATTENTION
Task: {F6900B3D-68DF-424D-8912-E92E80CBD2F3} - System32\Tasks\{659088E0-AAE5-86F8-2A4C-62E512D6BDD8} => C:\Users\maher\AppData\Local\Cehopo\UpdTask.exe <==== ATTENTION
Task: {FF5A87F2-3515-45C1-80AC-8868207F5E5B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-10-26] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP K0LG41I
Task: C:\WINDOWS\Tasks\Yahoo! Powered roril.job => Wscript.exe C:\ProgramData\{0076C515-8A34-4FD3-0CF2-D19196B05A5F}\sofa.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{535F725E-CDA4-8FC5-BC64-5C417F747557}.job => C:\PROGRA~2\COMMON~1\535F72~1\SYNCVE~1.EXE
Task: C:\WINDOWS\Tasks\{659088E0-AAE5-86F8-2A4C-62E512D6BDD8}.job => C:\Users\maher\AppData\Local\Cehopo\UpdTask.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-02-22 15:26 - 2018-02-22 15:26 - 000105136 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2018-02-22 15:28 - 2018-02-22 15:28 - 000159408 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-18 19:23 - 2015-09-22 22:06 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-02-13 21:36 - 2014-04-14 22:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2018-07-24 17:15 - 2018-07-24 22:32 - 000788480 _____ () C:\Program Files\fik WYTOPITLOCK Updater\WYTOPITLOCK.exe
2018-04-06 07:05 - 2018-04-06 07:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-26 20:40 - 2017-10-26 20:40 - 000155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-07-13 16:59 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 20:23 - 2017-10-26 20:23 - 000017408 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2017-06-05 05:33 - 2017-06-05 05:33 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 05:33 - 2017-06-05 05:33 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-16 21:41 - 2018-07-16 21:41 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-16 21:41 - 2018-07-16 21:41 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-16 21:41 - 2018-07-16 21:41 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-16 21:41 - 2018-07-16 21:41 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-16 21:41 - 2018-07-16 21:41 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-09 23:36 - 2018-07-09 23:36 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2015-08-08 12:38 - 2015-08-08 12:38 - 004358888 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\FAAppMonOT.exe
2016-01-11 11:25 - 2016-01-11 11:25 - 000036200 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2018-07-27 13:52 - 2018-07-27 13:55 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-27 13:52 - 2018-07-27 13:55 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-04 11:11 - 2017-10-04 11:12 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-04-26 11:36 - 2018-04-26 11:37 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-19 22:05 - 2018-07-19 22:06 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-19 22:05 - 2018-07-19 22:06 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-07-19 22:05 - 2018-07-19 22:06 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 11:12 - 2018-03-30 11:14 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-27 13:52 - 2018-07-27 13:55 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-19 22:05 - 2018-07-19 22:06 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-27 13:52 - 2018-07-27 13:53 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-29 20:02 - 2018-05-29 20:03 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-19 22:05 - 2018-07-19 22:06 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-27 13:52 - 2018-07-27 13:55 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-25 14:51 - 2018-07-25 14:51 - 004383232 _____ () C:\Program Files\WindowsApps\Microsoft.OneConnect_5.1807.1991.0_x64__8wekyb3d8bbwe\OneConnect.dll
2015-08-08 12:52 - 2015-08-08 12:52 - 000093928 _____ () C:\WINDOWS\SYSTEM32\FAIEExtension.DLL
2013-04-04 15:42 - 2013-04-04 15:42 - 000012424 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\MFCaptureD3D_2_DLL.dll
2016-05-05 02:42 - 2016-05-05 02:42 - 001309768 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2016-02-13 21:33 - 2014-12-08 03:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 19:28 - 2014-12-08 19:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2018-07-13 21:58 - 2018-08-01 00:38 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-08-07 16:36 - 2018-08-01 00:38 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-08-07 16:36 - 2018-08-01 00:38 - 000094152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\skype-coexistence\build\Release\coexistence.node
2018-08-07 16:36 - 2018-08-01 00:38 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-03-15 21:06 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-03-15 21:06 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-07-13 21:58 - 2018-08-01 00:38 - 002723944 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-07-13 21:58 - 2018-08-01 00:38 - 000033264 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-08-07 16:36 - 2018-08-01 00:38 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-08-07 16:36 - 2018-08-01 00:38 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-08-07 16:36 - 2018-08-01 00:38 - 002352064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2017-09-19 10:35 - 2017-09-19 10:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2018-06-29 10:56 - 2018-06-29 10:56 - 024031728 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 18:53 - 2018-02-11 18:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-08-10 11:24 - 2017-08-10 11:24 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1256764830-1755746423-1667595358-1002\...\amazon.ca -> hxxps://amazon.ca

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2015-10-30 03:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1256764830-1755746423-1667595358-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E1DCDD3D-7746-4D92-BD17-DBEF1E380558}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{0E3D87B6-B3B5-4214-AA3E-51B3EB3B4D8F}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{D809D89E-4E57-4650-955E-C43C8316DE34}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{D3A50A90-1963-44CA-962E-CB6F38ED10BA}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{FFD148ED-CB03-4E18-97D3-F278F3BFE436}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{FA81957D-BD37-42A1-AE8C-9A02292F3020}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{C4977873-A137-4B04-AB72-BBE9DD25596A}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{6BE4C737-8F77-4EA0-9F58-D768253E1B37}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{14BFEE55-42CA-42FF-8EA0-FC5E89D346FD}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{0A5E76D1-C98D-4FCF-8953-ED04CA34F123}] => (Allow) C:\Program Files\WindowsApps\D50536CD.CitrixReceiver_4.12.0.0_x86__hmf6bx7z76t54\ICA Client\wfica32.exe
FirewallRules: [{2BF9FF66-8F3B-4EE2-AF83-F43149C06D7F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{BB4EB26C-98F7-4067-9A45-B6A47E9544FB}C:\users\maher\appdata\local\mozilla firefox\firefox.exe] => (Block) C:\users\maher\appdata\local\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{355402B1-B9D7-48A8-B62A-4943C5F419DE}C:\users\maher\appdata\local\mozilla firefox\firefox.exe] => (Block) C:\users\maher\appdata\local\mozilla firefox\firefox.exe
FirewallRules: [{4B7814A6-5690-4ABA-9399-F48FD8B268E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D4EC5434-B676-4A0A-ACCE-EDF295C4B16A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BFD7DA3A-0C01-412E-829F-3E69BAE24452}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{84D41D72-E142-428C-959C-7958B67BCC62}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{80B1299B-A859-4BE8-AFB2-801433E52069}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{32C093C0-F151-487C-9F6C-20406C50FBD8}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A94FF3BF-3744-47D0-835A-0C07C87AFF07}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{22BC1D79-E6F5-4023-8AD2-84EB32E193E2}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8EA88EF4-6FA1-4CF2-A4B9-C12410134044}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29E35B28-F69A-4FB6-97BB-97472FFFABDD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{12D72652-F26B-49D8-A17C-D5ECB53FAB1E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{302123BD-2FF9-4CA4-A396-B6D25BFA9C0B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{D89C4B20-F853-489C-A19C-E12467F08484}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{3F04239D-D2EF-41EE-8A48-610457D0BEA4}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{EA5149E0-0EB3-4D8A-A411-2C60088D602F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB970894-9C92-4B33-8563-1822E54A8F53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6905265-4554-46C0-BCC7-EB310FE0C3CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B77B0589-B33B-4BB9-A88E-BA5B2BA1085E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{277BB7AA-EDFF-4D84-A80D-BB95E7301E62}] => (Allow) C:\Users\maher\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EC369C2B-CDC3-438B-9F6D-47492C094018}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{089F6CE9-DB61-4634-B076-C48C9E69E9CD}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{E2674DDF-3628-4DDD-B064-1D881E47AA6D}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{E6008DEE-802D-4F36-A06F-4709A2C71CA9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{66F2E2BF-C1AF-44B8-87DA-27D57FB36061}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{79470941-80B9-43C9-814D-BA80D38E0425}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-07-2018 23:02:37 Windows Update
25-07-2018 22:37:37 WinZip 22.0 supprimé.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2018 08:52:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application : DellUpTray.exe
Version du Framework : v4.0.30319
Description : le processus a été arrêté en raison d'une exception non gérée.
Informations sur l'exception : code d'exception c0020001, adresse d'exception 7402DDC2
Pile :

Error: (08/08/2018 08:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Nom du module défaillant : quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Code d’exception : 0xc000041d
Décalage d’erreur : 0x00000000000041d0
ID du processus défaillant : 0xc74
Heure de début de l’application défaillante : 0x01d42f79860af329
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\QuickSet\quickset.exe
Chemin d’accès du module défaillant: C:\Program Files\Dell\QuickSet\quickset.exe
ID de rapport : b889af7f-d236-418f-bf81-4b4258721102
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (08/08/2018 08:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Nom du module défaillant : quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000041d0
ID du processus défaillant : 0xc74
Heure de début de l’application défaillante : 0x01d42f79860af329
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\QuickSet\quickset.exe
Chemin d’accès du module défaillant: C:\Program Files\Dell\QuickSet\quickset.exe
ID de rapport : 504bdaeb-9c19-4855-b79d-bba29ce5801b
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (08/08/2018 08:34:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (08/08/2018 01:53:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante Explorer.EXE, version : 10.0.17134.165, horodatage : 0x4031a9f8
Nom du module défaillant : ntdll.dll, version : 10.0.17134.165, horodatage : 0xf4df6dc2
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000043911
ID du processus défaillant : 0x2980
Heure de début de l’application défaillante : 0x01d42f1c242c8c7c
Chemin d’accès de l’application défaillante : C:\WINDOWS\Explorer.EXE
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll
ID de rapport : 746ba8de-4027-4582-a48b-7180c2130749
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (08/08/2018 01:51:06 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/08/2018 01:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Nom du module défaillant : quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Code d’exception : 0xc000041d
Décalage d’erreur : 0x00000000000041d0
ID du processus défaillant : 0x4008
Heure de début de l’application défaillante : 0x01d42f3fea2e8be9
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\QuickSet\quickset.exe
Chemin d’accès du module défaillant: C:\Program Files\Dell\QuickSet\quickset.exe
ID de rapport : f7fc979e-dc81-4351-84a3-f875f7c13319
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (08/08/2018 01:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Nom du module défaillant : quickset.exe, version : 10.17.6.3, horodatage : 0x554804a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000041d0
ID du processus défaillant : 0x4008
Heure de début de l’application défaillante : 0x01d42f3fea2e8be9
Chemin d’accès de l’application défaillante : C:\Program Files\Dell\QuickSet\quickset.exe
Chemin d’accès du module défaillant: C:\Program Files\Dell\QuickSet\quickset.exe
ID de rapport : c3009fc7-e26b-4ae1-a398-a3dd85ecdabe
Nom complet du package défaillant :
ID de l’application relative au package défaillant :


System errors:
=============
Error: (08/08/2018 09:52:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/08/2018 08:46:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/08/2018 08:42:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Le serveur {9E175B68-F52A-11D8-B9A5-505054503030} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Error: (08/08/2018 08:41:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Le service Windows Search est en attente de démarrage.

Error: (08/08/2018 08:41:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/08/2018 08:37:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/08/2018 08:37:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
et l’APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.

Error: (08/08/2018 08:37:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Les paramètres d’autorisation application-specific n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
et l’APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
au SID NT AUTHORITY\LOCAL SERVICE de l’utilisateur (S-1-5-19) depuis l’adresse LocalHost (Using LRPC) s’exécutant dans le SID Unavailable du conteneur d’applications (Unavailable). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.


==================== Memory info ===========================

Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G
Percentage of memory in use: 43%
Total physical RAM: 11720.14 MB
Available physical RAM: 6648.91 MB
Total Virtual: 13512.14 MB
Available Virtual: 7658.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.67 GB) (Free:299.5 GB) NTFS
Drive e: (Nouveau nom) (Fixed) (Total:433.33 GB) (Free:410.42 GB) NTFS

\\?\Volume{9386d3ab-f68e-4d46-8c4c-5330c0704e9f}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{87c9f258-e1a6-44f3-bf1b-c975ffd74686}\ (Image) (Fixed) (Total:13.28 GB) (Free:0.63 GB) NTFS
\\?\Volume{b05572d8-069d-45f5-8a38-d704d74c0500}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 924F1278)

Partition: GPT.

==================== End of Addition.txt ============================