TechSpot

Ads virus + plugin crash for firefox

By Majdi Aref
Oct 4, 2014
  1. Hello
    I downloaded a few days ago a vpn called lepontier, then my homepage changed to arabyonline.com and ads kept going on every website I enter. I think I solved the issue using malwarebytes and hitmanpro but firefox shockwave and flash plugins keep on crashing whenever I enable them. in addition hitman pro keeps detecting cookies for ads. I can't find the source of this virus, I tried uninstalling the flashplayers and firefox but it didn't work. the log is attached and the hitmanpro log is pasted in this thread. please help as soon as possible.
    thank you

    Malware _____________________________________________________________________

    C:\Users\MajdiAref\Downloads\SoftonicDownloader_for_ad-aware.exe -> Quarantined
    Size . . . . . . . : 367,432 bytes
    Age . . . . . . . : 0.6 days (2014-10-03 21:57:26)
    Entropy . . . . . : 8.0
    SHA-256 . . . . . : D10C17FF21ED5927F760D3E2DF24D8AF3B263B46EA30EE0E042CF9D08466C7AA
    Product . . . . . : Application Installer
    Publisher
    Description . . . : Application Installer
    Version . . . . . : 1.41.6.11
    RSA Key Size . . . : 2048
    LanguageID . . . . : 3082
    Authenticode . . . : Valid
    > Kaspersky . . . . : not-a-virus:Downloader.Win32.Agent.bxib
    Fuzzy . . . . . . : 106.0
    Forensic Cluster
    -37.7s C:\Windows\Prefetch\BACKGROUNDTRANSFERHOST.EXE-0F7FB435.pf
    -37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7gVtx[2].jpg
    -37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7fgGD[2].jpg
    -37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7gudM[2].jpg
    -33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\TheBestInternetNews[3].gif
    -33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\TheBestInternetNews[3].gif
    -33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\TheBestInternetNews[4].gif
    -33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\TheBestInternetNews[4].gif
    -32.1s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b2[10].jpg
    -32.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bmainXAJI1STM.jpg
    -31.9s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\b3RLN4HV7L.jpg
    -31.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b12LD9389A.jpg
    -31.7s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b6XXEIT9CD.jpg
    -31.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b5XE692HID.jpg
    -31.4s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\b8NW3Q5WQB.jpg
    -31.2s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b7387ZA937.jpg
    -31.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b12FWUR6PVB.jpg
    -31.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b11902DC7P2.jpg
    -30.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b4EDJCUWT7.jpg
    -30.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b9NS3FXNLB.jpg
    -30.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b10FV82FCSX.jpg
    -30.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bsocial13RRGN9MM.jpg
    -30.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bsocial2DL2I96LV.jpg
    -28.2s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bici\bi001003.sqm
    -27.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\1619359_10203127639771539_849080467_n[2].jpg
    -25.9s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bici\bi000007.sqm
    -25.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\2A2C98E8D9123DE7A43C7A340D1D9A375D605BD0
    -22.8s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\3C1F3BD954D3048973938CA0D1470D3B953D244E
    -1.6s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\7766a264-d5e2-4264-b3d4-8170a0a5bef6.dmp
    -1.6s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\7766a264-d5e2-4264-b3d4-8170a0a5bef6.extra
    -1.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\414627C7ABA0E70466AAD74FC3E2E98729C1C034
    -0.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\56BB93E48A832D7B8B5C705D4E4CCD44592A6F29
    0.0s C:\Users\MajdiAref\Downloads\SoftonicDownloader_for_ad-aware.exe
    0.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BD5EAB5DB874F65B4C95C0BB1EE86AACD4522558
    0.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\F95F6950EEF542C2C27431982CE34926D636F7E6
    1.8s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\thumbnails\d89d49f45468d28a31b587d3f2d7200d.png
    18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\31\8E5774564D63B913.dat
    18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D8F1A4F8-491E-4923-9071-8D7292318A3C}
    18.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\universaldownloader-prefetch[1].htm
    19.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\81fe5-8ea63[1].js
    21.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[1].gif
    24.1s C:\Windows\Prefetch\SOFTONICDOWNLOADER_FOR_AD-AWA-D59DAA24.pf
    25.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\3IHT5OGP.txt
    26.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[1].gif
    31.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\campaign-100340,100860[1].htm
    32.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\fad58-b3118[1].css
    32.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\ad-aware-24-100x100[1].png
    32.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\sd_100340_6d8d2[1].jpg
    32.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\sd_100860_41d97[1].jpg
    32.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\gradientbg[1].png
    32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\sd_icon_100860_d73dd[1].png
    32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\loading[1].gif
    32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\sprite[1].png
    33.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\f[1].txt
    33.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[1].txt
    33.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\pubads_impl_51[1].js
    33.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\container[1].htm
    34.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\sd_100340_6d8d2[1].jpg
    34.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\sd_100860_41d97[1].jpg
    34.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[1].gif
    34.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[2].gif
    35.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[2].gif
    35.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[2].gif
    35.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[3].gif
    35.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[1].gif
    35.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[3].gif
    35.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\SmartPlayerAPI[1].js
    35.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\federated_f9[1]
    35.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\1pix[1].gif
    35.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\BrightcoveBootloader[1].swf
    53.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[4].gif
    68.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[3].gif
    69.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[2].gif
    69.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[5].gif
    69.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[4].gif
    69.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[4].gif
    83.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[3].gif
    83.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[6].gif
    83.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[5].gif
    83.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[6].gif
    105.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[5].gif
    105.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[4].gif
    105.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[7].gif
    105.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[6].gif
    105.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[2].txt
    106.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\f[1].txt
    106.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\3085986924427351408[1].jpg
    107.0s C:\Users\MajdiAref\Desktop\Adaware_Installer.exe
    108.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\activeview[1].gif
    125.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[7].gif
    127.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[5].gif
    128.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8F1BDD8D-6799-4F13-84CC-7F8855BACDA8}
    128.3s C:\Users\MajdiAref\AppData\Local\Temp\2386c19c-abc8-4964-b179-3d94cb325e2b\
    128.3s C:\Users\MajdiAref\AppData\Local\Temp\2386c19c-abc8-4964-b179-3d94cb325e2b\AdAwareWebInstaller.exe
    128.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\44\62B57D259F47A684.dat
    137.6s C:\Windows\Prefetch\ADAWARE_INSTALLER.EXE-FC4A004A.pf
    157.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[7].gif
    157.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\35\97DD89F60FBEAAC3.dat
    157.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[8].gif
    157.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[6].gif
    157.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{64D8BFA6-DDC0-47AF-ABAB-F7495B544C8E}
    157.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[8].gif
    157.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[8].gif
    157.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[9].gif
    157.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[3].txt
    157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[7].gif
    157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\ATAAY4GR.htm
    157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[9].gif
    158.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\BrightcovePlayer[1].swf
    158.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\default_icon_7[1].gif
    158.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\f56d6[1].png
    159.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\tracker[1].htm
    159.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\J3WODUU3.txt
    159.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[10].gif
    160.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\activeview[1].gif
    164.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\crossdomain[1].xml
    166.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\crossdomain[1].xml
    166.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\QAX8YQOD.txt
    167.1s C:\Windows\Prefetch\ADAWAREWEBINSTALLER.EXE-9404029C.pf
    167.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\brightcove-sd[1].xml
    167.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\AdvertisingModule[1].swf
    170.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\IMA3[1].swf
    172.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\Minimal[1].swf
    173.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\BCMenu[1].swf
    174.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\adsapi_3[1].swf
    174.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\1pix[1].gif
    174.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\1pix[2].gif
    175.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\1pix[1].gif
    175.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\adsapi_3_0_156[1].swf
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D5ACC30AA2616C97153A8F836AF72C74CE64FA2B
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\179917EDFD56EADBE0BD446B4E88E8DACF2625A1
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\EC4D75773F0639A5EB0343F8F66D76E71AD9CADC
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0F4878757559AFDA32C2330A39FF2EE9A9D5ADEE
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\07A44713066229352EA1E8ADB6A0D979BF4FE22D
    191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0D31427B7F14E02DDCE26641CE72814B0C8F7339
    196.3s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\2D34A7FF560E2060D1B8AF0336B6795CE7BF870B
    196.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\8B352912A8BA7EAF5804F72C19EEF166649A4CCE
    202.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\42035AE0077374ABF300651CCBE6C5C3BB9326C3
    202.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D1FAD5A7735A58754E34A099C38A34BBFC607AD4
    203.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\9663029F8794E7BC70AD88553988BE520A64B346
    203.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\C21908EF8C3AE04FF6DA7DC3F1B4898469453108
    204.2s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\678F1DF3809CBCE6B2EC6BFD9C22D40BB13DDCAA
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BF5E079D2091BD3C6781EDAA85BC9D91C31DB274
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\5441BEB51A49C40D00CB5BE3860116B62B26800D
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A734BA8200891D28521E833FDF058AB62AE16AC1
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\23CD98ED6E90EB10E1596350F08A0E011B8664EA
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\968C9B2B4543E1EB68A7890E918927732EB84710
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\553FD4D64155B570FD5A346EB558D2F4CD4BC2D3
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\4EC9DFCC8FBB1699EFA11329A188FC441BC5F5FA
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\C40C0FE5D70507B3130E80880284EFBDF8AD6C36
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0164F07CB4D020F0AD0EA05AC1694294CAE31A7A
    204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BAF1A9B02421C32C2D7E2A9453BEC78C74D40C45
    207.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_d3e92c4a64d22ebec443e91ffff8c1dcc5deca8_3aa8f864_0d0fc8cf\
    207.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_d3e92c4a64d22ebec443e91ffff8c1dcc5deca8_3aa8f864_0d0fc8cf\Report.wer
    207.1s C:\Users\MajdiAref\AppData\Local\Temp\acro_rd_dir\FAPC8FE.tmp
    208.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_18c1e3f53ff7e2d4b3bc8503c36dcdd35881dd1_3aa8f864_1273d022\
    208.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_18c1e3f53ff7e2d4b3bc8503c36dcdd35881dd1_3aa8f864_1273d022\Report.wer
    209.0s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\a39b53cf-0b36-4a52-919b-b3bd17a6452a.dmp
    209.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\E37E2962D16FFAF873D5C131DEA71424B08BFFE5
    209.1s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\a39b53cf-0b36-4a52-919b-b3bd17a6452a.extra
    211.3s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\4F78544AE0089B0C2635F27BF4B8CBE0AA468CCD
    211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\35AC7E90DB3C5B2245397AE6A0774911FE696D2D
    211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\14CE51EE8F4204E2E0A1BC74294EF93B3E9D6768
    211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A747BFB2B51C19A808AB3EAF6990EBC95BD8D356
    211.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\45F2EC2AB1225D863F33C9C991DF8A3EF2C9D3C7
    212.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D7E5CB99622AC1CC3D0DBFA18299053FFD9B60FB
    212.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A7053E207A367E4DB32152157D2A025906A1DD7D
    212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D087BA3DA7068E8F3E5A35ADDFF7E65688BBD040
    212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\25AC65AC9C5B3C94CB2CAC3852FC54F73B7372D5
    212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\AB50334B1C4619C48A0E45AF93092D64A44DA951
    212.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\49F9D669E08A89F489496EFB48D57D03F75F6770
    213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\E15F2EA2C8C6407C1625AF2E91EB61651E5BF91C
    213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\FE2FB942077BA5489596ABB3A3ED13BC39E17236
    213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\DA6FF9DB829BDECB9ABEE22AD4398BD53987A71F
    213.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\6D25ECB1E7AB4AD8DCEDC2730E99CA3F57D6B7FC
    213.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A4422480EF77D01C85B0E8F3010D5FA5D3AD280E
    213.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\03AAAFDFAE5F1F3BC748A8A60C844385B5D1F52D
    214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\3FFC84F6E2774041EFF5846F9FB8E939C4D85CAC
    214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0D887C10E54018D8481CB115C7A1B1857691AB6E
    214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\7CB130A35C87BEFFC657EF400D2C15F9905056F5
    214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\5426B2CCF83C1FBE3EA428A71824404569AD4599
    214.2s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\73583C9454AC92B36902E6099BF258A7B239D0BD
    214.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D04F7591F037F64B284A29B982D6F1ACED6D0D4F


    Potential Unwanted Programs _________________________________________________

    HKU\S-1-5-21-979933412-960713541-3746131152-1003\Software\Softonic\ (Softonic) -> Deleted

    Cookies _____________________________________________________________________

    C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\EFN5LBMC.txt
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.360yield.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.kiosked.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.vikadsk.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.creative-serving.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.pubmatic.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.yahoo.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:adtech.de
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:adtechus.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:advertising.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:at.atwola.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:casalemedia.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:doubleclick.net
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:googleadservices.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:mediaplex.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:revsci.net
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ru4.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:serving-sys.com
    C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:zedo.com


    [/code]
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Hello,
    thank you for your help. however I have a problem. whenever I try to run DDS it tells me "DDS is not meant to run in compatibility mode the program shall now exit". I'm running windows 8.1 I think that's the reason why it's not working. what should I do?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    DDS indeed won't run on Windows 8.1.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Here are the files you requested :)
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  7. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    sorry!
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.06.02

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17278
    MajdiAref :: MAJDI [administrator]

    06/10/2014 12:13:23 PM
    mbar-log-2014-10-06 (12-13-23).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 327256
    Time elapsed: 14 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    RogueKiller V9.3.0.0 [Oct 6 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : MajdiAref [Admin rights]
    Mode : Remove -- Date : 10/06/2014 11:56:32

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TunMirror ("C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe") -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TunMirror ("C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe") -> NOT SELECTED
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> NOT SELECTED
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-979933412-960713541-3746131152-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> NOT SELECTED
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-979933412-960713541-3746131152-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 Activation.guitar-pro.com

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
    --- User ---
    [MBR] fd9c45f893067b4140b808bdc8664c76
    [BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_10062014_115505.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 05/10/2014
    Scan Time: 11:04:46 AM
    Logfile: scan log mbytes.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.05.03
    Rootkit Database: v2014.09.19.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: MajdiAref

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 327442
    Time Elapsed: 17 min, 27 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17278

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 17108590592, free: 12561211392

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17278

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 17108590592, free: 12577222656

    Downloaded database version: v2014.10.06.02
    Downloaded database version: v2014.09.19.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    10/06/2014 12:13:17
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\System32\drivers\usb3Hub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\system32\DRIVERS\Netwew00.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\RtsPer.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\ISCTD64.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\iwdbus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\system32\DRIVERS\clwvd.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\drivers\WPRO_41_2001.sys
    \SystemRoot\System32\drivers\rdpvideominiport.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\drivers\BthLEEnum.sys
    \SystemRoot\System32\drivers\rfcomm.sys
    \SystemRoot\System32\drivers\BthEnum.sys
    \SystemRoot\System32\drivers\bthpan.sys
    \SystemRoot\System32\drivers\BthAvrcpTg.sys
    \SystemRoot\System32\drivers\btampm.sys
    \SystemRoot\System32\drivers\hidbth.sys
    \SystemRoot\system32\drivers\WdFilter.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\MTConfig.sys
    \SystemRoot\System32\drivers\WinUSB.sys
    \SystemRoot\System32\drivers\WUDFRd.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffe001ec3c0060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000039\
    Lower Device Object: 0xffffe001eada4060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe001ec3c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe001ec3c0b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe001ec3c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe001ec3c1600, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xffffe001eadbb420, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe001eada4060, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 1E1F4777

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 904710576
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34 LastUsableLba 1953525134
    GPT Header Guid 9f1e8867-97b1-4e68-8721-2cd5618d313e
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 904710576
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
    Backup GPT header Guid 9f1e8867-97b1-4e68-8721-2cd5618d313e
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3469db28-cc04-491c-87d9-776e27477593
    FirstLBA 2048 Last LBA 821247
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 350a5092-8965-4969-9be2-6e96621341d1
    FirstLBA 821248 Last LBA 1353727
    Attributes 0
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 736d114c-201e-491d-9795-78a46f7e7098
    FirstLBA 1353728 Last LBA 1615871
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 2561a231-d939-44dd-83cc-3d3fcac58c96
    FirstLBA 1615872 Last LBA 990238719
    Attributes 0
    Partition Name Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 1a032094-e8cf-4abc-84ce-4c179af635cf
    FirstLBA 990238720 Last LBA 990955519
    Attributes 1
    Partition Name

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID c4d91df-4af4-4456-bcfd-e196542197d
    FirstLBA 990955520 Last LBA 1912553471
    Attributes 0
    Partition Name Basic data partition

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 6e638539-9f8d-4f95-bea9-2bab77212992
    FirstLBA 1912555520 Last LBA 1953513471
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  9. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Here are the logs
    # AdwCleaner v3.311 - Report created 11/10/2014 at 20:42:40
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 8.1 Single Language (64 bits)
    # Username : MajdiAref - MAJDI
    # Running from : C:\Users\MajdiAref\Downloads\adwcleaner_3.311(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17278


    -\\ Mozilla Firefox v32.0.3 (x86 en-US)

    [ File : C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [9278 octets] - [03/10/2014 09:03:22]
    AdwCleaner[R1].txt - [259 octets] - [03/10/2014 10:25:57]
    AdwCleaner[R2].txt - [992 octets] - [03/10/2014 10:33:26]
    AdwCleaner[R3].txt - [1046 octets] - [03/10/2014 10:43:09]
    AdwCleaner[R4].txt - [1172 octets] - [03/10/2014 10:55:19]
    AdwCleaner[R5].txt - [1306 octets] - [03/10/2014 17:07:14]
    AdwCleaner[R6].txt - [1496 octets] - [11/10/2014 20:41:26]
    AdwCleaner[R7].txt - [1556 octets] - [11/10/2014 20:42:18]
    AdwCleaner[S0].txt - [7912 octets] - [03/10/2014 09:04:40]
    AdwCleaner[S1].txt - [1108 octets] - [03/10/2014 10:51:57]
    AdwCleaner[S2].txt - [1234 octets] - [03/10/2014 11:04:07]
    AdwCleaner[S3].txt - [1368 octets] - [03/10/2014 17:15:17]
    AdwCleaner[S4].txt - [1479 octets] - [11/10/2014 20:42:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1539 octets] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.2 (10.09.2014:1)
    OS: Windows 8.1 Single Language x64
    Ran by MajdiAref on 11/10/2014 at 20:51:10.46
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\MajdiAref\AppData\Roaming\mozilla\firefox\profiles\1w63kn5y.default-1412344396769\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/10/2014 at 20:52:54.27
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
    Ran by MajdiAref (administrator) on MAJDI on 11-10-2014 20:55:03
    Running from C:\Users\MajdiAref\Downloads
    Loaded Profile: MajdiAref (Available profiles: MajdiAref)
    Platform: Windows 8.1 Single Language (X64) OS Language: English (United Kingdom)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\MajdiAref\Downloads\FRST64(1).exe
     
  11. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-02-22] (IDT, Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4db76ba7-9a4b-11e3-be82-00c2c61723b5} - "F:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4e6ea2ec-de56-11e3-bea4-00c2c61723b5} - "F:\Startme.exe"
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {c98283f1-f15b-11e3-bea6-0024211eaa99} - "F:\LaunchU3.exe" -a
    AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
    ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {802FD59E-DF6F-4669-9B65-DDC89CF38104} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Hosts: 127.0.0.1 Activation.guitar-pro.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769
    FF Homepage: https://www.google.com/?gws_rd=ssl
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Extension: DownloadHelper - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
    FF Extension: Flagfox - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-10-03]
    FF Extension: New Tab Homepage - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-10-03]
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-10-03]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-03] (SurfRight B.V.)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
    R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-02-22] (IDT, Inc.) [File not signed]
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
    S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
    S2 TunMirror; C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe [10752 2014-05-09] () [File not signed]
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-11] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
    S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-05] (Sony Mobile Communications)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-09-19] (The OpenVPN Project)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-20] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-24] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-06] ()
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
    R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-10-11] ()
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 iBurstU; \SystemRoot\system32\DRIVERS\iBux64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  12. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-11 20:55 - 2014-10-11 20:55 - 00018833 _____ () C:\Users\MajdiAref\Downloads\FRST.txt
    2014-10-11 20:54 - 2014-10-11 20:54 - 02109952 _____ (Farbar) C:\Users\MajdiAref\Downloads\FRST64(1).exe
    2014-10-11 20:52 - 2014-10-11 20:52 - 00000783 _____ () C:\Users\MajdiAref\Desktop\JRT.txt
    2014-10-11 20:47 - 2014-10-11 20:47 - 01705755 _____ (Thisisu) C:\Users\MajdiAref\Downloads\JRT(1).exe
    2014-10-11 20:46 - 2014-10-11 20:46 - 00001619 _____ () C:\Users\MajdiAref\Desktop\AdwCleaner[S4].txt
    2014-10-11 20:45 - 2014-10-11 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2014-10-11 20:44 - 2014-10-11 20:44 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
    2014-10-11 20:40 - 2014-10-11 20:40 - 01375089 _____ () C:\Users\MajdiAref\Downloads\adwcleaner_3.311(1).exe
    2014-10-09 18:06 - 2014-10-09 18:08 - 00744448 _____ () C:\Users\MajdiAref\Downloads\econ 415 chapter 2.ppt
    2014-10-09 18:00 - 2014-10-09 18:00 - 00000000 ____D () C:\Users\MajdiAref\Documents\My Received Files
    2014-10-09 10:41 - 2014-10-11 20:43 - 00000360 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMajdiAref.job
    2014-10-09 10:41 - 2014-10-09 10:41 - 00003182 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMajdiAref
    2014-10-08 16:54 - 2014-10-09 11:57 - 02064735 _____ () C:\Users\MajdiAref\Desktop\Internship Presentation.pptx
    2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Intel_Corporation
    2014-10-07 11:41 - 2014-10-07 11:41 - 00000434 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2014-10-06 12:42 - 2014-10-06 12:42 - 00002658 _____ () C:\Users\MajdiAref\Desktop\RKreport_DEL_10062014_115632(2).txt
    2014-10-06 12:13 - 2014-10-06 12:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-06 12:04 - 2014-10-06 12:36 - 00000000 ____D () C:\Users\MajdiAref\Desktop\mbar
    2014-10-06 11:59 - 2014-10-06 12:03 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MajdiAref\Downloads\mbar-1.07.0.1012.exe
    2014-10-06 11:58 - 2014-10-06 11:58 - 00002658 _____ () C:\Users\MajdiAref\Desktop\RKreport_DEL_10062014_115632.log
    2014-10-06 11:49 - 2014-10-06 11:49 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-10-06 11:49 - 2014-10-06 11:49 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-06 11:48 - 2014-10-06 11:49 - 04910680 _____ () C:\Users\MajdiAref\Downloads\RogueKiller.exe
    2014-10-05 11:28 - 2014-10-05 11:28 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(4).com
    2014-10-04 14:31 - 2014-10-04 14:32 - 02109440 _____ (Farbar) C:\Users\MajdiAref\Downloads\FRST64.exe
    2014-10-04 14:23 - 2014-10-04 14:23 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(3).com
    2014-10-04 14:19 - 2014-10-04 14:20 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(2).com
    2014-10-04 14:14 - 2014-10-04 14:14 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(1).com
    2014-10-04 14:06 - 2014-10-04 14:06 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds.com
    2014-10-04 13:40 - 2014-10-04 13:40 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2014-10-04 11:19 - 2014-10-04 11:20 - 04991400 _____ (Adobe Systems Inc.) C:\Users\MajdiAref\Downloads\Shockwave_Installer_Slim.exe
    2014-10-03 22:19 - 2014-10-03 22:19 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\LavasoftStatistics
    2014-10-03 22:11 - 2014-10-03 22:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2014-10-03 21:59 - 2014-10-03 21:59 - 01707144 _____ () C:\Users\MajdiAref\Desktop\Adaware_Installer.exe
    2014-10-03 19:03 - 2014-10-11 20:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-10-03 19:03 - 2014-10-03 19:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-10-03 18:58 - 2014-10-03 19:06 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Adobe
    2014-10-03 18:27 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Mozilla
    2014-10-03 18:27 - 2014-10-03 18:27 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-10-03 18:27 - 2014-10-03 18:27 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-10-03 18:27 - 2014-10-03 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-03 18:26 - 2014-10-03 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-03 17:59 - 2014-10-03 19:14 - 00000334 _____ () C:\WINDOWS\system32\.crusader
    2014-10-03 17:42 - 2014-10-03 17:59 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-10-03 17:42 - 2014-10-03 17:42 - 00001912 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
    2014-10-03 17:42 - 2014-10-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2014-10-03 17:42 - 2014-10-03 17:42 - 00000000 ____D () C:\Program Files\HitmanPro
    2014-10-03 17:39 - 2014-10-03 17:42 - 11194928 _____ (SurfRight B.V.) C:\Users\MajdiAref\Downloads\HitmanPro_x64.exe
    2014-10-03 17:19 - 2014-10-03 17:19 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-10-03 17:18 - 2014-10-03 17:19 - 01702068 _____ (Thisisu) C:\Users\MajdiAref\Downloads\JRT.exe
    2014-10-03 16:00 - 2014-10-11 20:55 - 00000000 ____D () C:\FRST
    2014-10-03 09:33 - 2014-10-11 20:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-03 09:33 - 2014-10-06 12:04 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-03 09:33 - 2014-10-03 09:33 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-03 09:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-10-03 09:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-10-03 09:17 - 2014-10-03 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MajdiAref\Downloads\mbam-setup-2.0.2.1012.exe
    2014-10-03 09:03 - 2014-10-11 20:42 - 00000000 ____D () C:\AdwCleaner
    2014-10-03 09:02 - 2014-10-03 09:03 - 01375089 _____ () C:\Users\MajdiAref\Downloads\adwcleaner_3.311.exe
    2014-10-03 00:53 - 2014-10-03 00:53 - 00000111 _____ () C:\Users\MajdiAref\AppData\Roaming\profiles.ini
    2014-10-03 00:53 - 2014-10-03 00:53 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Crash Reports
    2014-10-03 00:36 - 2014-10-03 00:36 - 00000000 ____D () C:\SUPERDelete
    2014-09-29 19:24 - 2014-09-29 19:24 - 00000000 _____ () C:\autoexec.bat
    2014-09-29 19:23 - 2014-10-02 07:26 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-09-29 19:18 - 2014-09-29 19:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\MajdiAref\Downloads\SpyHunter-Installer.exe
    2014-09-29 07:33 - 2014-09-18 20:53 - 00030347 _____ () C:\Users\MajdiAref\Desktop\loan amotrization.xlsx
    2014-09-27 19:45 - 2014-09-27 19:45 - 00041198 _____ () C:\Users\MajdiAref\Downloads\a.beautiful.mind.(2001).eng.1cd.(5178816).zip
    2014-09-27 17:32 - 2014-09-27 17:32 - 00003130 _____ () C:\WINDOWS\System32\Tasks\{79C824BD-A4A1-4154-A5AC-ACAD5E34E02E}
    2014-09-27 17:28 - 2014-09-27 17:28 - 00001877 _____ () C:\Users\MajdiAref\AppData\Roaming\VPNMasterFreeVPN.pbk
    2014-09-27 17:27 - 2014-09-27 17:27 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\SPK
    2014-09-27 17:27 - 2014-09-27 17:27 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Fixs
    2014-09-27 09:10 - 2014-09-27 17:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
    2014-09-27 09:10 - 2014-09-27 09:10 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
    2014-09-26 15:01 - 2014-09-27 19:45 - 00000000 ____D () C:\Users\MajdiAref\Downloads\A Beautiful Mind (2001) [1080p]
    2014-09-26 14:56 - 2014-09-27 18:09 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Ghandi (1982) [1080p]
    2014-09-26 10:15 - 2014-09-26 10:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
    2014-09-26 10:15 - 2014-09-26 10:15 - 00000000 ____D () C:\WINDOWS\system32\NV
    2014-09-26 10:12 - 2014-09-14 02:48 - 31887680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 24552592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 20589536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 19954520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 18106152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 14026304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 13939272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 13157696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2014-09-26 10:12 - 2014-09-14 02:48 - 11392576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 11330776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 04287296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 04008592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434411.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434411.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00957584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00925896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00919240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00894096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00501064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00417096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
    2014-09-26 10:12 - 2014-09-14 02:48 - 00032576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
    2014-09-23 19:15 - 2014-09-24 05:35 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Amadeus (1984) Directors Cut
    2014-09-20 11:42 - 2014-08-15 03:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
    2014-09-19 08:21 - 2014-07-30 04:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
    2014-09-19 08:21 - 2014-07-29 08:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
    2014-09-19 08:21 - 2014-07-24 18:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-09-19 08:21 - 2014-07-24 18:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2014-09-19 08:21 - 2014-07-24 18:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2014-09-19 08:21 - 2014-07-24 18:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
    2014-09-19 08:21 - 2014-07-24 18:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-09-19 08:21 - 2014-07-24 18:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-09-19 08:21 - 2014-07-24 18:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2014-09-19 08:21 - 2014-07-24 18:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2014-09-19 08:21 - 2014-07-24 18:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
    2014-09-19 08:21 - 2014-07-24 18:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-09-19 08:21 - 2014-07-24 18:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2014-09-19 08:21 - 2014-07-24 18:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2014-09-19 08:21 - 2014-07-24 18:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2014-09-19 08:21 - 2014-07-24 18:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2014-09-19 08:21 - 2014-07-24 18:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2014-09-19 08:21 - 2014-07-24 18:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-09-19 08:21 - 2014-07-24 18:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2014-09-19 08:21 - 2014-07-24 18:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-09-19 08:21 - 2014-07-24 18:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2014-09-19 08:21 - 2014-07-24 18:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2014-09-19 08:21 - 2014-07-24 18:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2014-09-19 08:21 - 2014-07-24 17:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-09-19 08:21 - 2014-07-24 17:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2014-09-19 08:21 - 2014-07-24 16:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2014-09-19 08:21 - 2014-07-24 16:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-09-19 08:21 - 2014-07-24 16:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2014-09-19 08:21 - 2014-07-24 16:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-09-19 08:21 - 2014-07-24 16:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2014-09-19 08:21 - 2014-07-24 16:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-09-19 08:21 - 2014-07-24 16:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2014-09-19 08:21 - 2014-07-24 16:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2014-09-19 08:21 - 2014-07-24 14:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
    2014-09-19 08:21 - 2014-07-24 14:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2014-09-19 08:21 - 2014-07-24 14:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2014-09-19 08:21 - 2014-07-24 14:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2014-09-19 08:21 - 2014-07-24 14:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2014-09-19 08:21 - 2014-07-24 14:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2014-09-19 08:21 - 2014-07-24 14:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
    2014-09-19 08:21 - 2014-07-24 14:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2014-09-19 08:21 - 2014-07-24 14:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
    2014-09-19 08:21 - 2014-07-24 13:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
    2014-09-19 08:21 - 2014-07-24 13:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2014-09-19 08:21 - 2014-07-24 13:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
    2014-09-19 08:21 - 2014-07-24 13:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2014-09-19 08:21 - 2014-07-24 13:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
    2014-09-19 08:21 - 2014-07-24 13:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
    2014-09-19 08:21 - 2014-07-24 13:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2014-09-19 08:21 - 2014-07-24 12:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2014-09-19 08:21 - 2014-07-24 12:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-09-19 08:21 - 2014-07-24 12:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2014-09-19 08:21 - 2014-07-24 12:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2014-09-19 08:21 - 2014-07-24 12:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
    2014-09-19 08:21 - 2014-07-24 12:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2014-09-19 08:21 - 2014-07-24 12:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-09-19 08:21 - 2014-07-24 12:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2014-09-19 08:21 - 2014-07-24 12:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2014-09-19 08:21 - 2014-07-24 12:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2014-09-19 08:21 - 2014-07-24 12:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2014-09-19 08:21 - 2014-07-24 12:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2014-09-19 08:21 - 2014-07-24 12:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2014-09-19 08:21 - 2014-07-24 11:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2014-09-19 08:21 - 2014-07-24 11:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2014-09-19 08:21 - 2014-07-24 11:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2014-09-19 08:21 - 2014-07-24 11:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2014-09-19 08:21 - 2014-07-24 11:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2014-09-19 08:21 - 2014-07-24 11:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2014-09-19 08:21 - 2014-07-24 11:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2014-09-19 08:21 - 2014-07-24 11:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2014-09-19 08:21 - 2014-07-24 11:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2014-09-19 08:21 - 2014-07-24 11:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2014-09-19 08:21 - 2014-07-24 11:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2014-09-19 08:21 - 2014-07-24 11:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2014-09-19 08:21 - 2014-07-24 11:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2014-09-19 08:21 - 2014-07-24 11:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-09-19 08:21 - 2014-07-24 11:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2014-09-19 08:21 - 2014-07-24 11:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
    2014-09-19 08:21 - 2014-07-24 11:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2014-09-19 08:21 - 2014-07-24 11:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-09-19 08:21 - 2014-07-24 11:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-09-19 08:21 - 2014-07-24 11:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2014-09-19 08:21 - 2014-07-24 11:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-09-19 08:21 - 2014-07-24 11:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2014-09-19 08:21 - 2014-07-24 11:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-09-19 08:21 - 2014-07-24 11:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-09-19 08:21 - 2014-07-24 11:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-09-19 08:21 - 2014-07-24 11:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2014-09-19 08:21 - 2014-07-24 10:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
    2014-09-19 08:21 - 2014-07-24 10:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
    2014-09-19 08:21 - 2014-07-24 10:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2014-09-19 08:21 - 2014-07-24 10:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-09-19 08:21 - 2014-07-24 10:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
    2014-09-19 08:21 - 2014-07-24 10:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-09-19 08:21 - 2014-07-24 10:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-09-19 08:21 - 2014-07-24 10:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-09-19 08:21 - 2014-07-24 10:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-09-19 08:21 - 2014-07-24 10:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-09-19 08:21 - 2014-07-24 10:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-09-19 08:21 - 2014-07-24 10:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2014-09-19 08:21 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
    2014-09-19 08:21 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
    2014-09-19 08:21 - 2014-07-12 08:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2014-09-19 08:21 - 2014-07-12 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2014-09-19 08:21 - 2014-07-12 07:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-09-19 08:21 - 2014-07-04 13:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
    2014-09-19 08:21 - 2014-07-04 12:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2014-09-19 08:21 - 2014-07-04 12:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2014-09-19 08:21 - 2014-06-27 09:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2014-09-19 08:21 - 2014-06-26 03:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2014-09-19 08:21 - 2014-06-20 02:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-09-19 08:21 - 2014-06-19 05:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2014-09-19 08:21 - 2014-06-14 09:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2014-09-19 08:21 - 2014-06-14 08:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2014-09-19 08:21 - 2014-06-05 17:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2014-09-19 08:21 - 2014-06-05 13:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2014-09-19 08:21 - 2014-06-05 12:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2014-09-19 08:21 - 2014-05-31 08:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
    2014-09-19 08:21 - 2014-05-29 09:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2014-09-19 08:21 - 2014-05-29 08:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2014-09-19 08:21 - 2014-05-10 13:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2014-09-19 08:21 - 2014-05-10 11:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2014-09-19 08:21 - 2014-05-06 07:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
    2014-09-19 08:21 - 2014-05-06 03:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
    2014-09-19 08:21 - 2014-03-25 05:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
    2014-09-19 08:21 - 2014-03-25 05:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
    2014-09-19 08:21 - 2014-03-25 04:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
    2014-09-19 08:20 - 2014-07-24 18:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2014-09-19 08:20 - 2014-07-24 18:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-09-19 08:20 - 2014-07-24 18:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2014-09-19 08:20 - 2014-07-24 18:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2014-09-19 08:20 - 2014-07-24 16:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
    2014-09-19 08:20 - 2014-07-24 16:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
    2014-09-19 08:20 - 2014-07-24 14:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
    2014-09-19 08:20 - 2014-07-24 14:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
    2014-09-19 08:20 - 2014-07-24 14:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2014-09-19 08:20 - 2014-07-24 14:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
    2014-09-19 08:20 - 2014-07-24 14:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2014-09-19 08:20 - 2014-07-24 14:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-09-19 08:20 - 2014-07-24 14:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-09-19 08:20 - 2014-07-24 14:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
    2014-09-19 08:20 - 2014-07-24 14:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
    2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
    2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
    2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
    2014-09-19 08:20 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
    2014-09-19 08:20 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
    2014-09-19 08:20 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
    2014-09-19 08:20 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
    2014-09-19 08:20 - 2014-07-24 13:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-09-19 08:20 - 2014-07-24 13:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
    2014-09-19 08:20 - 2014-07-24 13:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
    2014-09-19 08:20 - 2014-07-24 13:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2014-09-19 08:20 - 2014-07-24 13:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
    2014-09-19 08:20 - 2014-07-24 13:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2014-09-19 08:20 - 2014-07-24 12:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2014-09-19 08:20 - 2014-07-24 12:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
    2014-09-19 08:20 - 2014-07-24 12:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
    2014-09-19 08:20 - 2014-07-24 12:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
    2014-09-19 08:20 - 2014-07-24 12:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
    2014-09-19 08:20 - 2014-07-24 12:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
    2014-09-19 08:20 - 2014-07-24 12:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
    2014-09-19 08:20 - 2014-07-24 12:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2014-09-19 08:20 - 2014-07-24 12:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2014-09-19 08:20 - 2014-07-24 12:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2014-09-19 08:20 - 2014-07-24 12:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2014-09-19 08:20 - 2014-07-24 12:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2014-09-19 08:20 - 2014-07-24 12:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
    2014-09-19 08:20 - 2014-07-24 12:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
    2014-09-19 08:20 - 2014-07-24 11:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2014-09-19 08:20 - 2014-07-24 11:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-09-19 08:20 - 2014-07-24 11:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2014-09-19 08:20 - 2014-07-24 11:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2014-09-19 08:20 - 2014-07-24 11:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2014-09-19 08:20 - 2014-07-24 11:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2014-09-19 08:20 - 2014-07-24 11:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2014-09-19 08:20 - 2014-07-24 11:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2014-09-19 08:20 - 2014-07-24 11:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2014-09-19 08:20 - 2014-07-24 11:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-09-19 08:20 - 2014-07-24 11:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
    2014-09-19 08:20 - 2014-07-24 11:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2014-09-19 08:20 - 2014-07-24 11:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-09-19 08:20 - 2014-07-24 11:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
    2014-09-19 08:20 - 2014-07-24 11:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2014-09-19 08:20 - 2014-07-24 11:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2014-09-19 08:20 - 2014-07-24 11:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-09-19 08:20 - 2014-07-24 11:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2014-09-19 08:20 - 2014-07-24 11:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
    2014-09-19 08:20 - 2014-07-24 11:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-09-19 08:20 - 2014-07-24 11:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-09-19 08:20 - 2014-07-24 11:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
    2014-09-19 08:20 - 2014-07-24 11:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-09-19 08:20 - 2014-07-24 11:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
    2014-09-19 08:20 - 2014-07-24 10:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2014-09-19 08:20 - 2014-07-24 10:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2014-09-19 08:20 - 2014-07-24 10:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2014-09-19 08:20 - 2014-07-24 10:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-09-19 08:20 - 2014-07-24 10:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-09-19 08:20 - 2014-07-24 10:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
    2014-09-19 08:20 - 2014-07-24 10:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2014-09-19 08:20 - 2014-07-12 08:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-09-19 08:20 - 2014-07-12 07:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-09-19 08:20 - 2014-07-10 02:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-09-19 08:20 - 2014-07-04 15:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2014-09-19 08:20 - 2014-07-04 13:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2014-09-19 08:20 - 2014-07-04 13:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
    2014-09-19 08:20 - 2014-07-04 13:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2014-09-19 08:20 - 2014-06-26 03:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2014-09-19 08:20 - 2014-06-07 15:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2014-09-19 08:20 - 2014-06-07 13:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2014-09-19 08:20 - 2014-05-31 07:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
    2014-09-19 08:20 - 2014-05-29 08:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-09-19 08:20 - 2014-05-29 07:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-09-19 08:20 - 2014-05-26 10:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2014-09-19 08:20 - 2014-03-25 04:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
    2014-09-19 01:07 - 2014-09-19 01:07 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\ptun0901.sys
    2014-09-17 18:24 - 2014-09-17 18:25 - 08786640 _____ () C:\Users\MajdiAref\Downloads\HSS-3.33-install-e-612-plain.exe
    2014-09-16 21:09 - 2014-09-16 21:12 - 25683863 ____H () C:\Users\MajdiAref\Downloads\384f7a5b67d480c117a58a7a955faa111377924842-544-400-600-h264.flv
    2014-09-16 21:03 - 2014-09-16 21:08 - 58314860 ____H () C:\Users\MajdiAref\Downloads\3cae5fe489bbd2c9e7e8dab8b61178101405786511-1280-720-1200-h264.flv
    2014-09-16 18:06 - 2014-08-23 10:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2014-09-16 18:06 - 2014-08-23 10:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2014-09-16 18:06 - 2014-08-23 09:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2014-09-16 18:06 - 2014-08-23 08:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
    2014-09-16 18:06 - 2014-08-23 07:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-09-16 18:06 - 2014-08-23 07:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-09-16 18:06 - 2014-08-23 07:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2014-09-16 18:06 - 2014-08-23 07:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-09-16 18:06 - 2014-08-23 07:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-09-12 19:20 - 2014-09-13 05:45 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-12 19:20 - 2014-09-12 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-12 19:19 - 2014-09-12 19:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-12 19:19 - 2014-09-12 19:20 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Program Files\iPod
    2014-09-12 19:02 - 2014-09-12 19:02 - 00001864 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-09-12 19:02 - 2014-09-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-09-12 19:02 - 2014-09-12 19:02 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-09-12 18:31 - 2014-09-05 05:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-09-12 18:31 - 2014-09-05 05:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-09-12 18:31 - 2014-09-05 03:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-09-12 18:30 - 2014-08-02 03:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2014-09-12 18:25 - 2014-08-16 05:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-09-12 18:25 - 2014-08-16 05:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-09-12 18:25 - 2014-08-16 05:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-09-12 18:25 - 2014-08-16 05:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-09-12 18:25 - 2014-08-16 04:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-09-12 18:25 - 2014-08-16 04:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-09-12 18:25 - 2014-08-16 04:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-09-12 18:25 - 2014-08-16 04:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-09-12 18:25 - 2014-08-16 04:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-09-12 18:25 - 2014-08-16 04:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-09-12 18:25 - 2014-08-16 04:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-09-12 18:25 - 2014-08-16 04:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-09-12 18:25 - 2014-08-16 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-09-12 18:25 - 2014-08-16 04:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-09-12 18:25 - 2014-08-16 04:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-09-12 18:25 - 2014-08-16 04:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-09-12 18:25 - 2014-08-16 04:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-09-12 18:25 - 2014-08-16 04:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-09-12 18:25 - 2014-08-16 04:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-09-12 18:25 - 2014-08-16 04:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-09-12 18:25 - 2014-08-16 04:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-09-12 18:25 - 2014-08-16 03:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-12 18:25 - 2014-08-16 03:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-09-12 18:25 - 2014-08-16 03:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-09-12 18:25 - 2014-08-16 03:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-09-12 18:25 - 2014-08-16 03:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-09-12 18:25 - 2014-08-16 03:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-09-12 18:25 - 2014-08-16 03:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-09-12 18:25 - 2014-08-16 03:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-09-12 18:25 - 2014-08-16 03:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-09-12 18:25 - 2014-08-16 03:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-09-12 18:25 - 2014-08-16 03:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-09-12 18:25 - 2014-08-16 03:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-09-12 18:25 - 2014-08-16 03:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-09-12 18:25 - 2014-08-16 03:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-09-12 18:21 - 2014-07-24 06:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2014-09-12 18:21 - 2014-07-24 06:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2014-09-12 09:39 - 2014-09-12 09:51 - 41945432 _____ (Apple Inc.) C:\Users\MajdiAref\Downloads\QuickTimeInstaller.exe
     
  13. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-11 20:55 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-11 20:51 - 2014-02-08 14:16 - 01726464 ___SH () C:\Users\MajdiAref\Desktop\Thumbs.db
    2014-10-11 20:47 - 2014-07-26 13:31 - 01790187 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-11 20:47 - 2014-07-20 11:28 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MAJDI-MajdiAref Majdi
    2014-10-11 20:47 - 2014-06-19 17:30 - 00000000 ____D () C:\Users\MajdiAref\Documents\Youcam
    2014-10-11 20:45 - 2014-02-11 22:16 - 00000000 ___DO () C:\Users\MajdiAref\SkyDrive
    2014-10-11 20:44 - 2013-11-16 18:45 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
    2014-10-11 20:43 - 2014-07-26 17:28 - 00017536 _____ () C:\WINDOWS\PFRO.log
    2014-10-11 20:43 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-11 20:43 - 2013-08-22 16:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
    2014-10-11 20:04 - 2014-02-22 09:50 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1B86E582-559B-4A88-861A-70771E874D22}
    2014-10-11 20:04 - 2014-02-05 20:30 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\CrashDumps
    2014-10-10 16:02 - 2014-02-05 18:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-979933412-960713541-3746131152-1003
    2014-10-10 15:29 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-10-10 15:20 - 2014-02-05 18:16 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Packages
    2014-10-10 11:49 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-10-09 17:57 - 2014-07-28 01:53 - 00017905 _____ () C:\WINDOWS\setupact.log
    2014-10-09 17:20 - 2013-11-14 15:36 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-10-09 10:41 - 2014-02-13 07:53 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2014-10-09 10:40 - 2014-02-13 07:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-10-08 17:30 - 2014-02-24 21:18 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\FLV and Media Player
    2014-10-07 12:42 - 2014-02-07 00:53 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Intel WiDi
    2014-10-07 11:36 - 2014-02-05 22:19 - 00802816 ___SH () C:\Users\MajdiAref\Downloads\Thumbs.db
    2014-10-04 22:27 - 2014-02-06 07:25 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Apple Computer
    2014-10-04 22:27 - 2014-02-06 07:24 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-10-04 11:20 - 2013-10-30 14:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
    2014-10-03 17:59 - 2014-07-25 11:26 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Microsoft Office Windows Activator(KMSpico 9.2.2 RC)
    2014-10-03 15:42 - 2014-02-16 00:12 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\uTorrent
    2014-10-03 09:48 - 2014-07-22 07:10 - 00000000 ____D () C:\WINDOWS\AutoKMS
    2014-10-02 08:05 - 2014-02-11 09:09 - 00000000 ____D () C:\Users\MajdiAref
    2014-10-02 07:37 - 2013-08-22 17:44 - 00493896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-09-27 17:28 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\tracing
    2014-09-27 09:10 - 2013-11-16 18:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2014-09-26 15:12 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
    2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
    2014-09-26 14:18 - 2013-11-14 15:24 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-09-26 14:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-09-26 10:15 - 2013-11-16 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-09-26 09:40 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-09-25 20:14 - 2012-08-04 03:02 - 00000000 ____D () C:\SWSetup
    2014-09-22 09:42 - 2014-04-12 12:16 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-09-20 13:27 - 2014-07-21 23:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-09-20 13:27 - 2014-07-21 23:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-09-14 02:48 - 2014-07-31 21:40 - 16875856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2014-09-14 02:48 - 2014-07-31 21:40 - 02838424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2014-09-14 02:48 - 2013-10-27 10:04 - 00984424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
    2014-09-14 02:48 - 2013-10-27 10:04 - 00867528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
    2014-09-14 02:48 - 2013-10-27 10:04 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2014-09-14 02:48 - 2013-10-27 10:04 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2014-09-14 02:48 - 2013-10-27 10:04 - 00026956 _____ () C:\WINDOWS\system32\nvinfo.pb
    2014-09-14 02:48 - 2013-10-27 10:03 - 03223120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 06890696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 03529872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 02557640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 01087688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 00934216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2014-09-14 00:53 - 2013-11-16 18:31 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2014-09-14 00:53 - 2013-11-16 18:31 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2014-09-12 23:07 - 2014-07-16 02:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-09-12 19:19 - 2014-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-12 18:26 - 2014-06-11 09:22 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-09-12 18:26 - 2014-06-11 08:44 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-09-12 18:26 - 2014-06-11 08:44 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-09-12 18:26 - 2014-06-11 08:44 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-09-12 18:26 - 2014-06-11 08:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-09-12 18:26 - 2014-05-09 14:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-09-12 18:26 - 2014-05-09 14:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-09-12 18:25 - 2014-06-11 09:22 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-09-12 18:25 - 2014-02-07 17:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-09-12 18:22 - 2014-02-07 17:24 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-09-11 18:37 - 2013-11-16 18:31 - 03961833 _____ () C:\WINDOWS\system32\nvcoproc.bin

    Some content of TEMP:
    ====================
    C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe
    C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-09 17:10

    ==================== End Of Log ============================
     
  14. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
    Ran by MajdiAref at 2014-10-11 20:55:47
    Running from C:\Users\MajdiAref\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
    Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
    Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
    CyberLink PowerDirector 10 (x32 Version: 10.0.6.3912 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    FLV and Media Player (3.2.0.3) (HKLM-x32\...\FLV and Media Player) (Version: 3.2.0.3 - Applian Technologies)
    Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
    Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
    HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
    HP Connected Music (HKLM-x32\...\HPPlay) (Version: 3.1.4 - Snowite)
    HP Connected Music (x32 Version: 3.1.4 - Snowite) Hidden
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
    Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
    Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
    Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.39 - Crintsoft) <==== ATTENTION
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
    NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
    NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
    Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
    Update for Microsoft en-us Dictionary (Version: 16.1.1053.1 - Microsoft Corporation) Hidden
    Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
    Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-979933412-960713541-3746131152-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MajdiAref\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    25-09-2014 17:11:35 HPSF Applying updates
    29-09-2014 16:23:32 Installed SpyHunter
    02-10-2014 04:23:27 Removed SpyHunter
    03-10-2014 12:43:32 Removed Java 7 Update 55
    06-10-2014 09:00:45 restore point before anti-rootkit

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 08:26 - 2014-08-31 09:53 - 00000859 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 Activation.guitar-pro.com

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0B98C83A-C443-460D-AD4F-8BF7F2FE46F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {10FFC833-D3AA-460B-83A3-8A8E8C7D5F46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {112DFBAE-4710-45D6-A681-6906FC477877} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-03] (Adobe Systems Incorporated)
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {35E76E62-308F-4CF1-8CBC-232D844B343D} - \4CEFD9B73D6C-1CRMOI2 No Task File <==== ATTENTION
    Task: {3A0ED85C-6279-4ED6-9415-6491CC23C70B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {3EC792DB-57C0-44A2-BDF0-FEF1F7063EB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {48AF596C-48F1-4FE0-83C7-121473CC2AFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {4A0C8D72-F704-4A91-83A6-143D9DA412E8} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {54CE5477-AEF7-4C65-BCE2-D6B6DB73150E} - \AutoKMSCustom No Task File <==== ATTENTION
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {6FF6B45E-C6CE-4808-A589-59C38C65B536} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {8570EFD0-EA55-4203-8E7C-2E97EAA962E7} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {86E83FCF-6674-43D8-96DC-7A10F40135B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {885458DF-A9BC-4E30-B044-B32EEB1AA086} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A213DEF8-18A1-4A88-8192-5FE7DDC1CB77} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {B3AFFD9C-4BB7-4B3B-A982-D71B81082769} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {C9D4983B-FD0C-4129-B57C-6D8B8AA52950} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {CC70C5F6-972D-4C93-AAA3-C27B442BA622} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MAJDI-MajdiAref Majdi => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D1326DEB-C707-487B-8A70-F9F3D8B6414E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
    Task: {D51FE05E-94F9-442B-B4B3-1B345396744D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-24] (Synaptics Incorporated)
    Task: {D6820819-26FC-47A7-B627-28F17C4863D5} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-979933412-960713541-3746131152-1003 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E0822FA1-E65A-4ABC-84E4-2B7B9B1A5812} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {EAA6A7AE-7D6B-4BEB-9222-96A7D3064A15} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {EBAE3A3E-B5B9-48D9-B19B-49684E88C80F} - System32\Tasks\HPCeeScheduleForMajdiAref => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {EF80AD18-1060-4938-8CD7-6586AC835883} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {F483CEEB-C55F-4B4E-8309-FB929AC0560E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F6EB94F5-A6A8-450B-9470-4782C0BC91A2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {FE41BD6F-3CC9-4E3C-8FE0-C3F5CFC56172} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForMajdiAref.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-27 10:03 - 2014-09-14 02:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-11-16 18:31 - 2014-09-14 00:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-02-13 13:35 - 2013-02-13 13:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-02-13 13:35 - 2013-02-13 13:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-02-07 12:19 - 2013-02-07 12:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-11-16 18:31 - 2013-02-16 03:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-10-03 18:26 - 2014-09-24 08:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2013-10-27 10:03 - 2014-09-14 02:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
    AlternateDataStreams: C:\Users\MajdiAref\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-979933412-960713541-3746131152-500 - Administrator - Disabled)
    Guest (S-1-5-21-979933412-960713541-3746131152-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-979933412-960713541-3746131152-1007 - Limited - Enabled)
    MajdiAref (S-1-5-21-979933412-960713541-3746131152-1003 - Administrator - Enabled) => C:\Users\MajdiAref

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (10/11/2014 08:53:17 PM) (Source: DCOM) (EventID: 10010) (User: MAJDI)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-07 10:14:40.181
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-10-05 11:49:41.079
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-10-02 11:57:23.693
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-09-27 18:20:31.011
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-09-14 18:04:53.233
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-09-01 21:01:56.617
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-28 06:43:44.455
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-23 14:03:48.074
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-08-16 11:00:16.188
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-07-28 13:08:06.571
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
    Percentage of memory in use: 13%
    Total physical RAM: 16316.02 MB
    Available physical RAM: 14156.45 MB
    Total Pagefile: 18748.02 MB
    Available Pagefile: 16571.57 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:471.41 GB) (Free:343.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (Data) (Fixed) (Total:439.45 GB) (Free:372.96 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-10-2014
    Ran by MajdiAref at 2014-10-12 09:52:38 Run:1
    Running from C:\Users\MajdiAref\Desktop
    Loaded Profile: MajdiAref (Available profiles: MajdiAref)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4db76ba7-9a4b-11e3-be82-00c2c61723b5} - "F:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4e6ea2ec-de56-11e3-bea4-00c2c61723b5} - "F:\Startme.exe"
    HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {c98283f1-f15b-11e3-bea6-0024211eaa99} - "F:\LaunchU3.exe" -a
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 iBurstU; \SystemRoot\system32\DRIVERS\iBux64.sys [X]
    C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe
    C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe
    Task: {35E76E62-308F-4CF1-8CBC-232D844B343D} - \4CEFD9B73D6C-1CRMOI2 No Task File <==== ATTENTION
    Task: {54CE5477-AEF7-4C65-BCE2-D6B6DB73150E} - \AutoKMSCustom No Task File <==== ATTENTION
    Task: {885458DF-A9BC-4E30-B044-B32EEB1AA086} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {A213DEF8-18A1-4A88-8192-5FE7DDC1CB77} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
    AlternateDataStreams: C:\Users\MajdiAref\SkyDrive:ms-properties

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db76ba7-9a4b-11e3-be82-00c2c61723b5}" => Key deleted successfully.
    "HKCR\CLSID\{4db76ba7-9a4b-11e3-be82-00c2c61723b5}" => Key not found.
    "HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e6ea2ec-de56-11e3-bea4-00c2c61723b5}" => Key deleted successfully.
    "HKCR\CLSID\{4e6ea2ec-de56-11e3-bea4-00c2c61723b5}" => Key not found.
    "HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98283f1-f15b-11e3-bea6-0024211eaa99}" => Key deleted successfully.
    "HKCR\CLSID\{c98283f1-f15b-11e3-bea6-0024211eaa99}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully.
    avchv => Service deleted successfully.
    esgiguard => Service deleted successfully.
    iBurstU => Service deleted successfully.
    C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe => Moved successfully.
    C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35E76E62-308F-4CF1-8CBC-232D844B343D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E76E62-308F-4CF1-8CBC-232D844B343D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4CEFD9B73D6C-1CRMOI2" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54CE5477-AEF7-4C65-BCE2-D6B6DB73150E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54CE5477-AEF7-4C65-BCE2-D6B6DB73150E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSCustom" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{885458DF-A9BC-4E30-B044-B32EEB1AA086}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{885458DF-A9BC-4E30-B044-B32EEB1AA086}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A213DEF8-18A1-4A88-8192-5FE7DDC1CB77}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A213DEF8-18A1-4A88-8192-5FE7DDC1CB77}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
    C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
    C:\Users\MajdiAref\SkyDrive => ":ms-properties" ADS removed successfully.

    ==== End of Fixlog ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  18. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Hello, I'm very grateful for your help!
    it's doing fine except when the laptop starts it seems slower than before but that's probably because of all the new programs install to remove the virus, I'll remove them as soon as we're done.
    I noticed in the ESET scan that there's an adware file I think it's what originated the problem.
    Results of screen317's Security Check version 0.99.88
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 15.0.0.152
    Mozilla Firefox (32.0.3)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 21-07-2014
    Ran by MajdiAref (administrator) on 14-10-2014 at 10:23:20
    Running from "C:\Users\MajdiAref\Downloads"
    Microsoft Windows 8.1 Single Language (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\OpenCandy\79C25640F4354D10BF3E0D616B26EB50\dlm.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\FoxPro_32.dll.vir Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\FoxPro_64.dll.vir Win64/Adware.Vonteera.A application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\onload.js.vir Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
    C:\Users\MajdiAref\AppData\Roaming\SPK\SPK.exe a variant of Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
    C:\Users\MajdiAref\Desktop\Dhaibi\downloads\bluetooth\game64_1.35.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
    C:\Users\MajdiAref\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
    C:\Users\MajdiAref\Downloads\KMSnano v22 Offline Office and Windows KMS Activator\nullam_facete_v22.zip a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
    C:\Users\MajdiAref\Downloads\KMSnano v22 Offline Office and Windows KMS Activator\nullam_facete_v22\KMSnano_setup.exe a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
    C:\Users\MajdiAref\Downloads\KMSnano v22.1 Offline Office and Windows KMS Activator\nullam_facete_v22.1.zip a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
    C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application deleted - quarantined
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  20. Majdi Aref

    Majdi Aref TS Rookie Topic Starter

    Thank you for your support I really appreciate it. I'll make sure to give recommendations to my friends and colleagues. Everything seems to be doing great!
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...