Solved Ads virus + plugin crash for firefox

M

Majdi Aref

Posts: 13   +0
Hello
I downloaded a few days ago a vpn called lepontier, then my homepage changed to arabyonline.com and ads kept going on every website I enter. I think I solved the issue using malwarebytes and hitmanpro but firefox shockwave and flash plugins keep on crashing whenever I enable them. in addition hitman pro keeps detecting cookies for ads. I can't find the source of this virus, I tried uninstalling the flashplayers and firefox but it didn't work. the log is attached and the hitmanpro log is pasted in this thread. please help as soon as possible.
thank you

Malware _____________________________________________________________________

C:\Users\MajdiAref\Downloads\SoftonicDownloader_for_ad-aware.exe -> Quarantined
Size . . . . . . . : 367,432 bytes
Age . . . . . . . : 0.6 days (2014-10-03 21:57:26)
Entropy . . . . . : 8.0
SHA-256 . . . . . : D10C17FF21ED5927F760D3E2DF24D8AF3B263B46EA30EE0E042CF9D08466C7AA
Product . . . . . : Application Installer
Publisher
Description . . . : Application Installer
Version . . . . . : 1.41.6.11
RSA Key Size . . . : 2048
LanguageID . . . . : 3082
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:Downloader.Win32.Agent.bxib
Fuzzy . . . . . . : 106.0
Forensic Cluster
-37.7s C:\Windows\Prefetch\BACKGROUNDTRANSFERHOST.EXE-0F7FB435.pf
-37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7gVtx[2].jpg
-37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7fgGD[2].jpg
-37.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\BB7gudM[2].jpg
-33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\TheBestInternetNews[3].gif
-33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\TheBestInternetNews[3].gif
-33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\TheBestInternetNews[4].gif
-33.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\TheBestInternetNews[4].gif
-32.1s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b2[10].jpg
-32.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bmainXAJI1STM.jpg
-31.9s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\b3RLN4HV7L.jpg
-31.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b12LD9389A.jpg
-31.7s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b6XXEIT9CD.jpg
-31.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b5XE692HID.jpg
-31.4s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\b8NW3Q5WQB.jpg
-31.2s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b7387ZA937.jpg
-31.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b12FWUR6PVB.jpg
-31.0s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\YJEXQ45D\b11902DC7P2.jpg
-30.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b4EDJCUWT7.jpg
-30.8s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\RL6RJ3VJ\b9NS3FXNLB.jpg
-30.6s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\BXPC51JR\b10FV82FCSX.jpg
-30.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bsocial13RRGN9MM.jpg
-30.5s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\VW8P3VMG\bsocial2DL2I96LV.jpg
-28.2s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bici\bi001003.sqm
-27.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\Notifications\945701e44ac911e4bec100c2c61723b5\1619359_10203127639771539_849080467_n[2].jpg
-25.9s C:\Users\MajdiAref\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\bici\bi000007.sqm
-25.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\2A2C98E8D9123DE7A43C7A340D1D9A375D605BD0
-22.8s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\3C1F3BD954D3048973938CA0D1470D3B953D244E
-1.6s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\7766a264-d5e2-4264-b3d4-8170a0a5bef6.dmp
-1.6s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\7766a264-d5e2-4264-b3d4-8170a0a5bef6.extra
-1.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\414627C7ABA0E70466AAD74FC3E2E98729C1C034
-0.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\56BB93E48A832D7B8B5C705D4E4CCD44592A6F29
0.0s C:\Users\MajdiAref\Downloads\SoftonicDownloader_for_ad-aware.exe
0.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BD5EAB5DB874F65B4C95C0BB1EE86AACD4522558
0.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\F95F6950EEF542C2C27431982CE34926D636F7E6
1.8s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\thumbnails\d89d49f45468d28a31b587d3f2d7200d.png
18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\31\8E5774564D63B913.dat
18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{D8F1A4F8-491E-4923-9071-8D7292318A3C}
18.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\universaldownloader-prefetch[1].htm
19.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\81fe5-8ea63[1].js
21.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[1].gif
24.1s C:\Windows\Prefetch\SOFTONICDOWNLOADER_FOR_AD-AWA-D59DAA24.pf
25.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\3IHT5OGP.txt
26.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[1].gif
31.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\campaign-100340,100860[1].htm
32.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\fad58-b3118[1].css
32.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\ad-aware-24-100x100[1].png
32.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\sd_100340_6d8d2[1].jpg
32.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\sd_100860_41d97[1].jpg
32.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\gradientbg[1].png
32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\sd_icon_100860_d73dd[1].png
32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\loading[1].gif
32.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\sprite[1].png
33.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\f[1].txt
33.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[1].txt
33.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\pubads_impl_51[1].js
33.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\container[1].htm
34.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\sd_100340_6d8d2[1].jpg
34.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\sd_100860_41d97[1].jpg
34.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[1].gif
34.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[2].gif
35.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[2].gif
35.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[2].gif
35.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[3].gif
35.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[1].gif
35.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[3].gif
35.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\SmartPlayerAPI[1].js
35.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\federated_f9[1]
35.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\1pix[1].gif
35.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\BrightcoveBootloader[1].swf
53.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[4].gif
68.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[3].gif
69.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[2].gif
69.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[5].gif
69.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[4].gif
69.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[4].gif
83.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[3].gif
83.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[6].gif
83.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[5].gif
83.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[6].gif
105.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[5].gif
105.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[4].gif
105.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[7].gif
105.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[6].gif
105.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[2].txt
106.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\f[1].txt
106.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\3085986924427351408[1].jpg
107.0s C:\Users\MajdiAref\Desktop\Adaware_Installer.exe
108.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\activeview[1].gif
125.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[7].gif
127.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[5].gif
128.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8F1BDD8D-6799-4F13-84CC-7F8855BACDA8}
128.3s C:\Users\MajdiAref\AppData\Local\Temp\2386c19c-abc8-4964-b179-3d94cb325e2b\
128.3s C:\Users\MajdiAref\AppData\Local\Temp\2386c19c-abc8-4964-b179-3d94cb325e2b\AdAwareWebInstaller.exe
128.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\44\62B57D259F47A684.dat
137.6s C:\Windows\Prefetch\ADAWARE_INSTALLER.EXE-FC4A004A.pf
157.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[7].gif
157.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\35\97DD89F60FBEAAC3.dat
157.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[8].gif
157.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[6].gif
157.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{64D8BFA6-DDC0-47AF-ABAB-F7495B544C8E}
157.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[8].gif
157.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\__utm[8].gif
157.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[9].gif
157.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\f[3].txt
157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\__utm[7].gif
157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\ATAAY4GR.htm
157.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\__utm[9].gif
158.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\BrightcovePlayer[1].swf
158.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\default_icon_7[1].gif
158.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\f56d6[1].png
159.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\tracker[1].htm
159.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\J3WODUU3.txt
159.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\__utm[10].gif
160.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\activeview[1].gif
164.3s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\crossdomain[1].xml
166.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\crossdomain[1].xml
166.4s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\QAX8YQOD.txt
167.1s C:\Windows\Prefetch\ADAWAREWEBINSTALLER.EXE-9404029C.pf
167.1s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\brightcove-sd[1].xml
167.6s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\AdvertisingModule[1].swf
170.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\IMA3[1].swf
172.5s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\Minimal[1].swf
173.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\PQ3XE57Q\BCMenu[1].swf
174.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\adsapi_3[1].swf
174.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\1pix[1].gif
174.8s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\MXZ7NXQV\1pix[2].gif
175.2s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\K09TT7CG\1pix[1].gif
175.7s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCache\IE\2PEP5DGC\adsapi_3_0_156[1].swf
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D5ACC30AA2616C97153A8F836AF72C74CE64FA2B
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\179917EDFD56EADBE0BD446B4E88E8DACF2625A1
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\EC4D75773F0639A5EB0343F8F66D76E71AD9CADC
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0F4878757559AFDA32C2330A39FF2EE9A9D5ADEE
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\07A44713066229352EA1E8ADB6A0D979BF4FE22D
191.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0D31427B7F14E02DDCE26641CE72814B0C8F7339
196.3s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\2D34A7FF560E2060D1B8AF0336B6795CE7BF870B
196.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\8B352912A8BA7EAF5804F72C19EEF166649A4CCE
202.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\42035AE0077374ABF300651CCBE6C5C3BB9326C3
202.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D1FAD5A7735A58754E34A099C38A34BBFC607AD4
203.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\9663029F8794E7BC70AD88553988BE520A64B346
203.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\C21908EF8C3AE04FF6DA7DC3F1B4898469453108
204.2s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\678F1DF3809CBCE6B2EC6BFD9C22D40BB13DDCAA
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BF5E079D2091BD3C6781EDAA85BC9D91C31DB274
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\5441BEB51A49C40D00CB5BE3860116B62B26800D
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A734BA8200891D28521E833FDF058AB62AE16AC1
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\23CD98ED6E90EB10E1596350F08A0E011B8664EA
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\968C9B2B4543E1EB68A7890E918927732EB84710
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\553FD4D64155B570FD5A346EB558D2F4CD4BC2D3
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\4EC9DFCC8FBB1699EFA11329A188FC441BC5F5FA
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\C40C0FE5D70507B3130E80880284EFBDF8AD6C36
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0164F07CB4D020F0AD0EA05AC1694294CAE31A7A
204.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\BAF1A9B02421C32C2D7E2A9453BEC78C74D40C45
207.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_d3e92c4a64d22ebec443e91ffff8c1dcc5deca8_3aa8f864_0d0fc8cf\
207.0s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_d3e92c4a64d22ebec443e91ffff8c1dcc5deca8_3aa8f864_0d0fc8cf\Report.wer
207.1s C:\Users\MajdiAref\AppData\Local\Temp\acro_rd_dir\FAPC8FE.tmp
208.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_18c1e3f53ff7e2d4b3bc8503c36dcdd35881dd1_3aa8f864_1273d022\
208.9s C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_FlashPlayerPlugi_18c1e3f53ff7e2d4b3bc8503c36dcdd35881dd1_3aa8f864_1273d022\Report.wer
209.0s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\a39b53cf-0b36-4a52-919b-b3bd17a6452a.dmp
209.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\E37E2962D16FFAF873D5C131DEA71424B08BFFE5
209.1s C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\a39b53cf-0b36-4a52-919b-b3bd17a6452a.extra
211.3s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\4F78544AE0089B0C2635F27BF4B8CBE0AA468CCD
211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\35AC7E90DB3C5B2245397AE6A0774911FE696D2D
211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\14CE51EE8F4204E2E0A1BC74294EF93B3E9D6768
211.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A747BFB2B51C19A808AB3EAF6990EBC95BD8D356
211.9s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\45F2EC2AB1225D863F33C9C991DF8A3EF2C9D3C7
212.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D7E5CB99622AC1CC3D0DBFA18299053FFD9B60FB
212.5s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A7053E207A367E4DB32152157D2A025906A1DD7D
212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D087BA3DA7068E8F3E5A35ADDFF7E65688BBD040
212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\25AC65AC9C5B3C94CB2CAC3852FC54F73B7372D5
212.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\AB50334B1C4619C48A0E45AF93092D64A44DA951
212.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\49F9D669E08A89F489496EFB48D57D03F75F6770
213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\E15F2EA2C8C6407C1625AF2E91EB61651E5BF91C
213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\FE2FB942077BA5489596ABB3A3ED13BC39E17236
213.0s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\DA6FF9DB829BDECB9ABEE22AD4398BD53987A71F
213.4s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\6D25ECB1E7AB4AD8DCEDC2730E99CA3F57D6B7FC
213.6s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\A4422480EF77D01C85B0E8F3010D5FA5D3AD280E
213.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\03AAAFDFAE5F1F3BC748A8A60C844385B5D1F52D
214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\3FFC84F6E2774041EFF5846F9FB8E939C4D85CAC
214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\0D887C10E54018D8481CB115C7A1B1857691AB6E
214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\7CB130A35C87BEFFC657EF400D2C15F9905056F5
214.1s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\5426B2CCF83C1FBE3EA428A71824404569AD4599
214.2s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\73583C9454AC92B36902E6099BF258A7B239D0BD
214.7s C:\Users\MajdiAref\AppData\Local\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cache2\entries\D04F7591F037F64B284A29B982D6F1ACED6D0D4F


Potential Unwanted Programs _________________________________________________

HKU\S-1-5-21-979933412-960713541-3746131152-1003\Software\Softonic\ (Softonic) -> Deleted

Cookies _____________________________________________________________________

C:\Users\MajdiAref\AppData\Local\Microsoft\Windows\INetCookies\EFN5LBMC.txt
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.360yield.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.kiosked.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ad.vikadsk.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.creative-serving.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.pubmatic.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ads.yahoo.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:adtech.de
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:adtechus.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:advertising.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:at.atwola.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:casalemedia.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:doubleclick.net
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:googleadservices.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:mediaplex.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:revsci.net
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:ru4.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:serving-sys.com
C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\cookies.sqlite:zedo.com


[/code]
 

Attachments

  • FRST.txt
    71.2 KB · Views: 0
Welcome aboard


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hello,
thank you for your help. however I have a problem. whenever I try to run DDS it tells me "DDS is not meant to run in compatibility mode the program shall now exit". I'm running windows 8.1 I think that's the reason why it's not working. what should I do?
 
DDS indeed won't run on Windows 8.1.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
Here are the files you requested :)
 

Attachments

  • mbar-log-2014-10-06 (12-13-23).txt
    2 KB · Views: 0
  • RKreport_DEL_10062014_115632(2).txt
    2.6 KB · Views: 0
  • scan log mbytes.txt
    1 KB · Views: 0
  • system-log.txt
    56.7 KB · Views: 0
sorry!
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.06.02

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17278
MajdiAref :: MAJDI [administrator]

06/10/2014 12:13:23 PM
mbar-log-2014-10-06 (12-13-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327256
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

RogueKiller V9.3.0.0 [Oct 6 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : MajdiAref [Admin rights]
Mode : Remove -- Date : 10/06/2014 11:56:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TunMirror ("C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe") -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TunMirror ("C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe") -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-979933412-960713541-3746131152-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-979933412-960713541-3746131152-1003\Software\Microsoft\Internet Explorer\Main | Start Page : -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 Activation.guitar-pro.com

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10062014_115505.log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05/10/2014
Scan Time: 11:04:46 AM
Logfile: scan log mbytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.05.03
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: MajdiAref

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327442
Time Elapsed: 17 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17278

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 17108590592, free: 12561211392

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17278

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 17108590592, free: 12577222656

Downloaded database version: v2014.10.06.02
Downloaded database version: v2014.09.19.01
Initializing...
======================
------------ Kernel report ------------
10/06/2014 12:13:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\system32\DRIVERS\Netwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPer.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\ISCTD64.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\btampm.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\System32\drivers\WinUSB.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe001ec3c0060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xffffe001eada4060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001ec3c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001ec3c0b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001ec3c0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001ec3c1600, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe001eadbb420, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe001eada4060, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1E1F4777

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 904710576
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 9f1e8867-97b1-4e68-8721-2cd5618d313e
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 904710576
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 9f1e8867-97b1-4e68-8721-2cd5618d313e
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3469db28-cc04-491c-87d9-776e27477593
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 350a5092-8965-4969-9be2-6e96621341d1
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 736d114c-201e-491d-9795-78a46f7e7098
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 2561a231-d939-44dd-83cc-3d3fcac58c96
FirstLBA 1615872 Last LBA 990238719
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 1a032094-e8cf-4abc-84ce-4c179af635cf
FirstLBA 990238720 Last LBA 990955519
Attributes 1
Partition Name

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c4d91df-4af4-4456-bcfd-e196542197d
FirstLBA 990955520 Last LBA 1912553471
Attributes 0
Partition Name Basic data partition

Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 6e638539-9f8d-4f95-bea9-2bab77212992
FirstLBA 1912555520 Last LBA 1953513471
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Here are the logs
# AdwCleaner v3.311 - Report created 11/10/2014 at 20:42:40
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Single Language (64 bits)
# Username : MajdiAref - MAJDI
# Running from : C:\Users\MajdiAref\Downloads\adwcleaner_3.311(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\prefs.js ]


*************************

AdwCleaner[R0].txt - [9278 octets] - [03/10/2014 09:03:22]
AdwCleaner[R1].txt - [259 octets] - [03/10/2014 10:25:57]
AdwCleaner[R2].txt - [992 octets] - [03/10/2014 10:33:26]
AdwCleaner[R3].txt - [1046 octets] - [03/10/2014 10:43:09]
AdwCleaner[R4].txt - [1172 octets] - [03/10/2014 10:55:19]
AdwCleaner[R5].txt - [1306 octets] - [03/10/2014 17:07:14]
AdwCleaner[R6].txt - [1496 octets] - [11/10/2014 20:41:26]
AdwCleaner[R7].txt - [1556 octets] - [11/10/2014 20:42:18]
AdwCleaner[S0].txt - [7912 octets] - [03/10/2014 09:04:40]
AdwCleaner[S1].txt - [1108 octets] - [03/10/2014 10:51:57]
AdwCleaner[S2].txt - [1234 octets] - [03/10/2014 11:04:07]
AdwCleaner[S3].txt - [1368 octets] - [03/10/2014 17:15:17]
AdwCleaner[S4].txt - [1479 octets] - [11/10/2014 20:42:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1539 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 8.1 Single Language x64
Ran by MajdiAref on 11/10/2014 at 20:51:10.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\MajdiAref\AppData\Roaming\mozilla\firefox\profiles\1w63kn5y.default-1412344396769\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/10/2014 at 20:52:54.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by MajdiAref (administrator) on MAJDI on 11-10-2014 20:55:03
Running from C:\Users\MajdiAref\Downloads
Loaded Profile: MajdiAref (Available profiles: MajdiAref)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\MajdiAref\Downloads\FRST64(1).exe
 
==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-02-22] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4db76ba7-9a4b-11e3-be82-00c2c61723b5} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4e6ea2ec-de56-11e3-bea4-00c2c61723b5} - "F:\Startme.exe"
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {c98283f1-f15b-11e3-bea6-0024211eaa99} - "F:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {802FD59E-DF6F-4669-9B65-DDC89CF38104} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Hosts: 127.0.0.1 Activation.guitar-pro.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: DownloadHelper - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Flagfox - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-10-03]
FF Extension: New Tab Homepage - C:\Users\MajdiAref\AppData\Roaming\Mozilla\Firefox\Profiles\1w63kn5y.default-1412344396769\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-10-03]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-10-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-03] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-02-22] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
S2 TunMirror; C:\Users\MajdiAref\AppData\Local\Temp\D8E7.tmp\TunMirror.exe [10752 2014-05-09] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-09-05] (Sony Mobile Communications)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-09-19] (The OpenVPN Project)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-06] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-10-11] ()
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iBurstU; \SystemRoot\system32\DRIVERS\iBux64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 20:55 - 2014-10-11 20:55 - 00018833 _____ () C:\Users\MajdiAref\Downloads\FRST.txt
2014-10-11 20:54 - 2014-10-11 20:54 - 02109952 _____ (Farbar) C:\Users\MajdiAref\Downloads\FRST64(1).exe
2014-10-11 20:52 - 2014-10-11 20:52 - 00000783 _____ () C:\Users\MajdiAref\Desktop\JRT.txt
2014-10-11 20:47 - 2014-10-11 20:47 - 01705755 _____ (Thisisu) C:\Users\MajdiAref\Downloads\JRT(1).exe
2014-10-11 20:46 - 2014-10-11 20:46 - 00001619 _____ () C:\Users\MajdiAref\Desktop\AdwCleaner[S4].txt
2014-10-11 20:45 - 2014-10-11 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-10-11 20:44 - 2014-10-11 20:44 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-10-11 20:40 - 2014-10-11 20:40 - 01375089 _____ () C:\Users\MajdiAref\Downloads\adwcleaner_3.311(1).exe
2014-10-09 18:06 - 2014-10-09 18:08 - 00744448 _____ () C:\Users\MajdiAref\Downloads\econ 415 chapter 2.ppt
2014-10-09 18:00 - 2014-10-09 18:00 - 00000000 ____D () C:\Users\MajdiAref\Documents\My Received Files
2014-10-09 10:41 - 2014-10-11 20:43 - 00000360 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMajdiAref.job
2014-10-09 10:41 - 2014-10-09 10:41 - 00003182 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMajdiAref
2014-10-08 16:54 - 2014-10-09 11:57 - 02064735 _____ () C:\Users\MajdiAref\Desktop\Internship Presentation.pptx
2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Intel_Corporation
2014-10-07 11:41 - 2014-10-07 11:41 - 00000434 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-10-06 12:42 - 2014-10-06 12:42 - 00002658 _____ () C:\Users\MajdiAref\Desktop\RKreport_DEL_10062014_115632(2).txt
2014-10-06 12:13 - 2014-10-06 12:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-06 12:04 - 2014-10-06 12:36 - 00000000 ____D () C:\Users\MajdiAref\Desktop\mbar
2014-10-06 11:59 - 2014-10-06 12:03 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MajdiAref\Downloads\mbar-1.07.0.1012.exe
2014-10-06 11:58 - 2014-10-06 11:58 - 00002658 _____ () C:\Users\MajdiAref\Desktop\RKreport_DEL_10062014_115632.log
2014-10-06 11:49 - 2014-10-06 11:49 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-06 11:49 - 2014-10-06 11:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-06 11:48 - 2014-10-06 11:49 - 04910680 _____ () C:\Users\MajdiAref\Downloads\RogueKiller.exe
2014-10-05 11:28 - 2014-10-05 11:28 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(4).com
2014-10-04 14:31 - 2014-10-04 14:32 - 02109440 _____ (Farbar) C:\Users\MajdiAref\Downloads\FRST64.exe
2014-10-04 14:23 - 2014-10-04 14:23 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(3).com
2014-10-04 14:19 - 2014-10-04 14:20 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(2).com
2014-10-04 14:14 - 2014-10-04 14:14 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds(1).com
2014-10-04 14:06 - 2014-10-04 14:06 - 00688992 _____ (Swearware) C:\Users\MajdiAref\Downloads\dds.com
2014-10-04 13:40 - 2014-10-04 13:40 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-10-04 11:19 - 2014-10-04 11:20 - 04991400 _____ (Adobe Systems Inc.) C:\Users\MajdiAref\Downloads\Shockwave_Installer_Slim.exe
2014-10-03 22:19 - 2014-10-03 22:19 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\LavasoftStatistics
2014-10-03 22:11 - 2014-10-03 22:11 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-03 21:59 - 2014-10-03 21:59 - 01707144 _____ () C:\Users\MajdiAref\Desktop\Adaware_Installer.exe
2014-10-03 19:03 - 2014-10-11 20:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-03 19:03 - 2014-10-03 19:03 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-03 18:58 - 2014-10-03 19:06 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Adobe
2014-10-03 18:27 - 2014-10-04 11:15 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Mozilla
2014-10-03 18:27 - 2014-10-03 18:27 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 18:27 - 2014-10-03 18:27 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-03 18:27 - 2014-10-03 18:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 18:26 - 2014-10-03 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 17:59 - 2014-10-03 19:14 - 00000334 _____ () C:\WINDOWS\system32\.crusader
2014-10-03 17:42 - 2014-10-03 17:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-03 17:42 - 2014-10-03 17:42 - 00001912 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-03 17:42 - 2014-10-03 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-03 17:42 - 2014-10-03 17:42 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-03 17:39 - 2014-10-03 17:42 - 11194928 _____ (SurfRight B.V.) C:\Users\MajdiAref\Downloads\HitmanPro_x64.exe
2014-10-03 17:19 - 2014-10-03 17:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-03 17:18 - 2014-10-03 17:19 - 01702068 _____ (Thisisu) C:\Users\MajdiAref\Downloads\JRT.exe
2014-10-03 16:00 - 2014-10-11 20:55 - 00000000 ____D () C:\FRST
2014-10-03 09:33 - 2014-10-11 20:44 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 09:33 - 2014-10-06 12:04 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-03 09:33 - 2014-10-03 09:33 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 09:33 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-03 09:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-03 09:17 - 2014-10-03 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MajdiAref\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-03 09:03 - 2014-10-11 20:42 - 00000000 ____D () C:\AdwCleaner
2014-10-03 09:02 - 2014-10-03 09:03 - 01375089 _____ () C:\Users\MajdiAref\Downloads\adwcleaner_3.311.exe
2014-10-03 00:53 - 2014-10-03 00:53 - 00000111 _____ () C:\Users\MajdiAref\AppData\Roaming\profiles.ini
2014-10-03 00:53 - 2014-10-03 00:53 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Crash Reports
2014-10-03 00:36 - 2014-10-03 00:36 - 00000000 ____D () C:\SUPERDelete
2014-09-29 19:24 - 2014-09-29 19:24 - 00000000 _____ () C:\autoexec.bat
2014-09-29 19:23 - 2014-10-02 07:26 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-29 19:18 - 2014-09-29 19:18 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\MajdiAref\Downloads\SpyHunter-Installer.exe
2014-09-29 07:33 - 2014-09-18 20:53 - 00030347 _____ () C:\Users\MajdiAref\Desktop\loan amotrization.xlsx
2014-09-27 19:45 - 2014-09-27 19:45 - 00041198 _____ () C:\Users\MajdiAref\Downloads\a.beautiful.mind.(2001).eng.1cd.(5178816).zip
2014-09-27 17:32 - 2014-09-27 17:32 - 00003130 _____ () C:\WINDOWS\System32\Tasks\{79C824BD-A4A1-4154-A5AC-ACAD5E34E02E}
2014-09-27 17:28 - 2014-09-27 17:28 - 00001877 _____ () C:\Users\MajdiAref\AppData\Roaming\VPNMasterFreeVPN.pbk
2014-09-27 17:27 - 2014-09-27 17:27 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\SPK
2014-09-27 17:27 - 2014-09-27 17:27 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Fixs
2014-09-27 09:10 - 2014-09-27 17:48 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-09-27 09:10 - 2014-09-27 09:10 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2014-09-26 15:01 - 2014-09-27 19:45 - 00000000 ____D () C:\Users\MajdiAref\Downloads\A Beautiful Mind (2001) [1080p]
2014-09-26 14:56 - 2014-09-27 18:09 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Ghandi (1982) [1080p]
2014-09-26 10:15 - 2014-09-26 10:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-09-26 10:15 - 2014-09-26 10:15 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-09-26 10:12 - 2014-09-14 02:48 - 31887680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 24552592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 20589536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 19954520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 18106152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 14026304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 13939272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 13157696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-09-26 10:12 - 2014-09-14 02:48 - 11392576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 11330776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 04287296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 04008592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434411.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434411.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00957584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00925896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00919240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00894096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00501064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00417096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-09-26 10:12 - 2014-09-14 02:48 - 00032576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-09-23 19:15 - 2014-09-24 05:35 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Amadeus (1984) Directors Cut
2014-09-20 11:42 - 2014-08-15 03:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-19 08:21 - 2014-07-30 04:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-19 08:21 - 2014-07-29 08:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-19 08:21 - 2014-07-24 18:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-19 08:21 - 2014-07-24 18:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-19 08:21 - 2014-07-24 18:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-19 08:21 - 2014-07-24 18:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-19 08:21 - 2014-07-24 18:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-19 08:21 - 2014-07-24 18:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-19 08:21 - 2014-07-24 18:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-19 08:21 - 2014-07-24 18:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-19 08:21 - 2014-07-24 18:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-19 08:21 - 2014-07-24 18:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-19 08:21 - 2014-07-24 18:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-19 08:21 - 2014-07-24 18:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-19 08:21 - 2014-07-24 18:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-19 08:21 - 2014-07-24 18:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-19 08:21 - 2014-07-24 18:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-19 08:21 - 2014-07-24 18:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-19 08:21 - 2014-07-24 18:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-19 08:21 - 2014-07-24 18:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-19 08:21 - 2014-07-24 18:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-19 08:21 - 2014-07-24 18:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-19 08:21 - 2014-07-24 18:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-19 08:21 - 2014-07-24 17:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-19 08:21 - 2014-07-24 17:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-19 08:21 - 2014-07-24 16:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-19 08:21 - 2014-07-24 16:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-19 08:21 - 2014-07-24 16:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-19 08:21 - 2014-07-24 16:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-19 08:21 - 2014-07-24 16:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-19 08:21 - 2014-07-24 16:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-19 08:21 - 2014-07-24 16:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-19 08:21 - 2014-07-24 16:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-19 08:21 - 2014-07-24 14:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-19 08:21 - 2014-07-24 14:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-19 08:21 - 2014-07-24 14:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-19 08:21 - 2014-07-24 14:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-19 08:21 - 2014-07-24 14:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-19 08:21 - 2014-07-24 14:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-19 08:21 - 2014-07-24 14:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-19 08:21 - 2014-07-24 14:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-19 08:21 - 2014-07-24 14:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-19 08:21 - 2014-07-24 13:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-19 08:21 - 2014-07-24 13:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-19 08:21 - 2014-07-24 13:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-19 08:21 - 2014-07-24 13:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-19 08:21 - 2014-07-24 13:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-19 08:21 - 2014-07-24 13:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-19 08:21 - 2014-07-24 13:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-19 08:21 - 2014-07-24 12:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-19 08:21 - 2014-07-24 12:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-19 08:21 - 2014-07-24 12:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-19 08:21 - 2014-07-24 12:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-19 08:21 - 2014-07-24 12:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-19 08:21 - 2014-07-24 12:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-19 08:21 - 2014-07-24 12:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-19 08:21 - 2014-07-24 12:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-19 08:21 - 2014-07-24 12:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-19 08:21 - 2014-07-24 12:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-19 08:21 - 2014-07-24 12:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-19 08:21 - 2014-07-24 12:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-19 08:21 - 2014-07-24 12:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-19 08:21 - 2014-07-24 11:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-19 08:21 - 2014-07-24 11:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-19 08:21 - 2014-07-24 11:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-19 08:21 - 2014-07-24 11:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-19 08:21 - 2014-07-24 11:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-19 08:21 - 2014-07-24 11:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-19 08:21 - 2014-07-24 11:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-19 08:21 - 2014-07-24 11:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-19 08:21 - 2014-07-24 11:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-19 08:21 - 2014-07-24 11:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-19 08:21 - 2014-07-24 11:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-19 08:21 - 2014-07-24 11:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-19 08:21 - 2014-07-24 11:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-19 08:21 - 2014-07-24 11:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-19 08:21 - 2014-07-24 11:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-19 08:21 - 2014-07-24 11:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-19 08:21 - 2014-07-24 11:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-19 08:21 - 2014-07-24 11:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-19 08:21 - 2014-07-24 11:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-19 08:21 - 2014-07-24 11:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-19 08:21 - 2014-07-24 11:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-19 08:21 - 2014-07-24 11:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-19 08:21 - 2014-07-24 11:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-19 08:21 - 2014-07-24 11:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-19 08:21 - 2014-07-24 11:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-19 08:21 - 2014-07-24 11:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-19 08:21 - 2014-07-24 10:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-19 08:21 - 2014-07-24 10:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-19 08:21 - 2014-07-24 10:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-19 08:21 - 2014-07-24 10:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-19 08:21 - 2014-07-24 10:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-19 08:21 - 2014-07-24 10:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-19 08:21 - 2014-07-24 10:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-19 08:21 - 2014-07-24 10:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-19 08:21 - 2014-07-24 10:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-19 08:21 - 2014-07-24 10:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-19 08:21 - 2014-07-24 10:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-19 08:21 - 2014-07-24 10:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-19 08:21 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-19 08:21 - 2014-07-24 07:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-19 08:21 - 2014-07-12 08:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-19 08:21 - 2014-07-12 07:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-19 08:21 - 2014-07-12 07:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-19 08:21 - 2014-07-04 13:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-19 08:21 - 2014-07-04 12:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-19 08:21 - 2014-07-04 12:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-19 08:21 - 2014-06-27 09:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-19 08:21 - 2014-06-26 03:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-19 08:21 - 2014-06-20 02:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-19 08:21 - 2014-06-19 05:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-19 08:21 - 2014-06-14 09:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-19 08:21 - 2014-06-14 08:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-19 08:21 - 2014-06-05 17:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-19 08:21 - 2014-06-05 13:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-19 08:21 - 2014-06-05 12:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-19 08:21 - 2014-05-31 08:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-19 08:21 - 2014-05-29 09:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-19 08:21 - 2014-05-29 08:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-19 08:21 - 2014-05-10 13:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-19 08:21 - 2014-05-10 11:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-19 08:21 - 2014-05-06 07:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-19 08:21 - 2014-05-06 03:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-19 08:21 - 2014-03-25 05:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-19 08:21 - 2014-03-25 05:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-19 08:21 - 2014-03-25 04:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-19 08:20 - 2014-07-24 18:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-19 08:20 - 2014-07-24 18:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-19 08:20 - 2014-07-24 18:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-19 08:20 - 2014-07-24 18:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-19 08:20 - 2014-07-24 16:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-19 08:20 - 2014-07-24 16:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-19 08:20 - 2014-07-24 14:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-19 08:20 - 2014-07-24 14:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-19 08:20 - 2014-07-24 14:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-19 08:20 - 2014-07-24 14:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-19 08:20 - 2014-07-24 14:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-19 08:20 - 2014-07-24 14:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-19 08:20 - 2014-07-24 14:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-19 08:20 - 2014-07-24 14:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-19 08:20 - 2014-07-24 14:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-19 08:20 - 2014-07-24 13:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-19 08:20 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-19 08:20 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-19 08:20 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-19 08:20 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-19 08:20 - 2014-07-24 13:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-19 08:20 - 2014-07-24 13:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-19 08:20 - 2014-07-24 13:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-19 08:20 - 2014-07-24 13:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-19 08:20 - 2014-07-24 13:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-19 08:20 - 2014-07-24 13:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-19 08:20 - 2014-07-24 12:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-19 08:20 - 2014-07-24 12:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-19 08:20 - 2014-07-24 12:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-19 08:20 - 2014-07-24 12:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-19 08:20 - 2014-07-24 12:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-19 08:20 - 2014-07-24 12:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-19 08:20 - 2014-07-24 12:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-19 08:20 - 2014-07-24 12:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-19 08:20 - 2014-07-24 12:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-19 08:20 - 2014-07-24 12:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-19 08:20 - 2014-07-24 12:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-19 08:20 - 2014-07-24 12:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-19 08:20 - 2014-07-24 12:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-19 08:20 - 2014-07-24 12:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-19 08:20 - 2014-07-24 11:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-19 08:20 - 2014-07-24 11:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-19 08:20 - 2014-07-24 11:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-19 08:20 - 2014-07-24 11:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-19 08:20 - 2014-07-24 11:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-19 08:20 - 2014-07-24 11:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-19 08:20 - 2014-07-24 11:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-19 08:20 - 2014-07-24 11:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-19 08:20 - 2014-07-24 11:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-19 08:20 - 2014-07-24 11:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 08:20 - 2014-07-24 11:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-19 08:20 - 2014-07-24 11:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-19 08:20 - 2014-07-24 11:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-19 08:20 - 2014-07-24 11:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-19 08:20 - 2014-07-24 11:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-19 08:20 - 2014-07-24 11:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-19 08:20 - 2014-07-24 11:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 08:20 - 2014-07-24 11:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-19 08:20 - 2014-07-24 11:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-19 08:20 - 2014-07-24 11:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-19 08:20 - 2014-07-24 11:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-19 08:20 - 2014-07-24 11:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-19 08:20 - 2014-07-24 11:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-19 08:20 - 2014-07-24 11:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-19 08:20 - 2014-07-24 10:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-19 08:20 - 2014-07-24 10:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-19 08:20 - 2014-07-24 10:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-19 08:20 - 2014-07-24 10:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-19 08:20 - 2014-07-24 10:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-19 08:20 - 2014-07-24 10:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-19 08:20 - 2014-07-24 10:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-19 08:20 - 2014-07-12 08:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-19 08:20 - 2014-07-12 07:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-19 08:20 - 2014-07-10 02:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-19 08:20 - 2014-07-04 15:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-19 08:20 - 2014-07-04 13:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-19 08:20 - 2014-07-04 13:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-19 08:20 - 2014-07-04 13:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-19 08:20 - 2014-06-26 03:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-19 08:20 - 2014-06-07 15:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-19 08:20 - 2014-06-07 13:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-19 08:20 - 2014-05-31 07:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-19 08:20 - 2014-05-29 08:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-19 08:20 - 2014-05-29 07:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-19 08:20 - 2014-05-26 10:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-19 08:20 - 2014-03-25 04:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-19 01:07 - 2014-09-19 01:07 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\ptun0901.sys
2014-09-17 18:24 - 2014-09-17 18:25 - 08786640 _____ () C:\Users\MajdiAref\Downloads\HSS-3.33-install-e-612-plain.exe
2014-09-16 21:09 - 2014-09-16 21:12 - 25683863 ____H () C:\Users\MajdiAref\Downloads\384f7a5b67d480c117a58a7a955faa111377924842-544-400-600-h264.flv
2014-09-16 21:03 - 2014-09-16 21:08 - 58314860 ____H () C:\Users\MajdiAref\Downloads\3cae5fe489bbd2c9e7e8dab8b61178101405786511-1280-720-1200-h264.flv
2014-09-16 18:06 - 2014-08-23 10:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-16 18:06 - 2014-08-23 10:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-16 18:06 - 2014-08-23 09:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-16 18:06 - 2014-08-23 08:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-16 18:06 - 2014-08-23 07:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-16 18:06 - 2014-08-23 07:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-16 18:06 - 2014-08-23 07:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-16 18:06 - 2014-08-23 07:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-16 18:06 - 2014-08-23 07:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-12 19:20 - 2014-09-13 05:45 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-12 19:20 - 2014-09-12 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-12 19:19 - 2014-09-12 19:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-12 19:19 - 2014-09-12 19:20 - 00000000 ____D () C:\Program Files\iTunes
2014-09-12 19:19 - 2014-09-12 19:19 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 19:02 - 2014-09-12 19:02 - 00001864 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-12 19:02 - 2014-09-12 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-12 19:02 - 2014-09-12 19:02 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-12 18:31 - 2014-09-05 05:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-12 18:31 - 2014-09-05 05:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-12 18:31 - 2014-09-05 03:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-12 18:30 - 2014-08-02 03:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-12 18:25 - 2014-08-16 05:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-12 18:25 - 2014-08-16 05:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-12 18:25 - 2014-08-16 05:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-12 18:25 - 2014-08-16 05:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-12 18:25 - 2014-08-16 04:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-12 18:25 - 2014-08-16 04:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-12 18:25 - 2014-08-16 04:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-12 18:25 - 2014-08-16 04:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-12 18:25 - 2014-08-16 04:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-12 18:25 - 2014-08-16 04:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-12 18:25 - 2014-08-16 04:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-12 18:25 - 2014-08-16 04:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-12 18:25 - 2014-08-16 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-12 18:25 - 2014-08-16 04:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-12 18:25 - 2014-08-16 04:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-12 18:25 - 2014-08-16 04:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-12 18:25 - 2014-08-16 04:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-12 18:25 - 2014-08-16 04:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-12 18:25 - 2014-08-16 04:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-12 18:25 - 2014-08-16 04:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-12 18:25 - 2014-08-16 04:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-12 18:25 - 2014-08-16 03:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 18:25 - 2014-08-16 03:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-12 18:25 - 2014-08-16 03:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-12 18:25 - 2014-08-16 03:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-12 18:25 - 2014-08-16 03:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-12 18:25 - 2014-08-16 03:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-12 18:25 - 2014-08-16 03:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-12 18:25 - 2014-08-16 03:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-12 18:25 - 2014-08-16 03:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-12 18:25 - 2014-08-16 03:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-12 18:25 - 2014-08-16 03:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-12 18:25 - 2014-08-16 03:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-12 18:25 - 2014-08-16 03:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-12 18:25 - 2014-08-16 03:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-12 18:21 - 2014-07-24 06:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-12 18:21 - 2014-07-24 06:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-12 09:39 - 2014-09-12 09:51 - 41945432 _____ (Apple Inc.) C:\Users\MajdiAref\Downloads\QuickTimeInstaller.exe
 
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 20:55 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-11 20:51 - 2014-02-08 14:16 - 01726464 ___SH () C:\Users\MajdiAref\Desktop\Thumbs.db
2014-10-11 20:47 - 2014-07-26 13:31 - 01790187 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-11 20:47 - 2014-07-20 11:28 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MAJDI-MajdiAref Majdi
2014-10-11 20:47 - 2014-06-19 17:30 - 00000000 ____D () C:\Users\MajdiAref\Documents\Youcam
2014-10-11 20:45 - 2014-02-11 22:16 - 00000000 ___DO () C:\Users\MajdiAref\SkyDrive
2014-10-11 20:44 - 2013-11-16 18:45 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-10-11 20:43 - 2014-07-26 17:28 - 00017536 _____ () C:\WINDOWS\PFRO.log
2014-10-11 20:43 - 2013-08-22 17:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-11 20:43 - 2013-08-22 16:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-11 20:04 - 2014-02-22 09:50 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1B86E582-559B-4A88-861A-70771E874D22}
2014-10-11 20:04 - 2014-02-05 20:30 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\CrashDumps
2014-10-10 16:02 - 2014-02-05 18:59 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-979933412-960713541-3746131152-1003
2014-10-10 15:29 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-10 15:20 - 2014-02-05 18:16 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Packages
2014-10-10 11:49 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-09 17:57 - 2014-07-28 01:53 - 00017905 _____ () C:\WINDOWS\setupact.log
2014-10-09 17:20 - 2013-11-14 15:36 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-09 10:41 - 2014-02-13 07:53 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-09 10:40 - 2014-02-13 07:52 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-08 17:30 - 2014-02-24 21:18 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\FLV and Media Player
2014-10-07 12:42 - 2014-02-07 00:53 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\Intel WiDi
2014-10-07 11:36 - 2014-02-05 22:19 - 00802816 ___SH () C:\Users\MajdiAref\Downloads\Thumbs.db
2014-10-04 22:27 - 2014-02-06 07:25 - 00000000 ____D () C:\Users\MajdiAref\AppData\Local\Apple Computer
2014-10-04 22:27 - 2014-02-06 07:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-04 11:20 - 2013-10-30 14:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-10-03 17:59 - 2014-07-25 11:26 - 00000000 ____D () C:\Users\MajdiAref\Downloads\Microsoft Office Windows Activator(KMSpico 9.2.2 RC)
2014-10-03 15:42 - 2014-02-16 00:12 - 00000000 ____D () C:\Users\MajdiAref\AppData\Roaming\uTorrent
2014-10-03 09:48 - 2014-07-22 07:10 - 00000000 ____D () C:\WINDOWS\AutoKMS
2014-10-02 08:05 - 2014-02-11 09:09 - 00000000 ____D () C:\Users\MajdiAref
2014-10-02 07:37 - 2013-08-22 17:44 - 00493896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-27 17:28 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-27 09:10 - 2013-11-16 18:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-26 15:12 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-09-26 14:19 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-09-26 14:18 - 2013-11-14 15:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-26 14:18 - 2013-08-22 18:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-26 14:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-26 10:15 - 2013-11-16 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-26 09:40 - 2012-07-26 10:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-25 20:14 - 2012-08-04 03:02 - 00000000 ____D () C:\SWSetup
2014-09-22 09:42 - 2014-04-12 12:16 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-20 13:27 - 2014-07-21 23:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-20 13:27 - 2014-07-21 23:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 02:48 - 2014-07-31 21:40 - 16875856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-09-14 02:48 - 2014-07-31 21:40 - 02838424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-09-14 02:48 - 2013-10-27 10:04 - 00984424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-09-14 02:48 - 2013-10-27 10:04 - 00867528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-09-14 02:48 - 2013-10-27 10:04 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-09-14 02:48 - 2013-10-27 10:04 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-09-14 02:48 - 2013-10-27 10:04 - 00026956 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-09-14 02:48 - 2013-10-27 10:03 - 03223120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 06890696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 03529872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 02557640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 01087688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 00934216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-09-14 00:53 - 2013-11-16 18:31 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-09-14 00:53 - 2013-11-16 18:31 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-09-12 23:07 - 2014-07-16 02:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-12 19:19 - 2014-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 18:26 - 2014-06-11 09:22 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-12 18:26 - 2014-06-11 08:44 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-12 18:26 - 2014-06-11 08:44 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-12 18:26 - 2014-06-11 08:44 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-12 18:26 - 2014-06-11 08:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-12 18:26 - 2014-05-09 14:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-12 18:26 - 2014-05-09 14:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-12 18:25 - 2014-06-11 09:22 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-12 18:25 - 2014-02-07 17:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 18:22 - 2014-02-07 17:24 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 18:37 - 2013-11-16 18:31 - 03961833 _____ () C:\WINDOWS\system32\nvcoproc.bin

Some content of TEMP:
====================
C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe
C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-09 17:10

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by MajdiAref at 2014-10-11 20:55:47
Running from C:\Users\MajdiAref\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.6.3912 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FLV and Media Player (3.2.0.3) (HKLM-x32\...\FLV and Media Player) (Version: 3.2.0.3 - Applian Technologies)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (HKLM-x32\...\HPPlay) (Version: 3.1.4 - Snowite)
HP Connected Music (x32 Version: 3.1.4 - Snowite) Hidden
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.39 - Crintsoft) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Update for Microsoft en-us Dictionary (Version: 16.1.1053.1 - Microsoft Corporation) Hidden
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-979933412-960713541-3746131152-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MajdiAref\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

25-09-2014 17:11:35 HPSF Applying updates
29-09-2014 16:23:32 Installed SpyHunter
02-10-2014 04:23:27 Removed SpyHunter
03-10-2014 12:43:32 Removed Java 7 Update 55
06-10-2014 09:00:45 restore point before anti-rootkit

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 08:26 - 2014-08-31 09:53 - 00000859 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 Activation.guitar-pro.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0B98C83A-C443-460D-AD4F-8BF7F2FE46F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {10FFC833-D3AA-460B-83A3-8A8E8C7D5F46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {112DFBAE-4710-45D6-A681-6906FC477877} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-03] (Adobe Systems Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35E76E62-308F-4CF1-8CBC-232D844B343D} - \4CEFD9B73D6C-1CRMOI2 No Task File <==== ATTENTION
Task: {3A0ED85C-6279-4ED6-9415-6491CC23C70B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EC792DB-57C0-44A2-BDF0-FEF1F7063EB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {48AF596C-48F1-4FE0-83C7-121473CC2AFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A0C8D72-F704-4A91-83A6-143D9DA412E8} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {54CE5477-AEF7-4C65-BCE2-D6B6DB73150E} - \AutoKMSCustom No Task File <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FF6B45E-C6CE-4808-A589-59C38C65B536} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8570EFD0-EA55-4203-8E7C-2E97EAA962E7} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {86E83FCF-6674-43D8-96DC-7A10F40135B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {885458DF-A9BC-4E30-B044-B32EEB1AA086} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A213DEF8-18A1-4A88-8192-5FE7DDC1CB77} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {B3AFFD9C-4BB7-4B3B-A982-D71B81082769} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C9D4983B-FD0C-4129-B57C-6D8B8AA52950} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CC70C5F6-972D-4C93-AAA3-C27B442BA622} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MAJDI-MajdiAref Majdi => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1326DEB-C707-487B-8A70-F9F3D8B6414E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {D51FE05E-94F9-442B-B4B3-1B345396744D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-24] (Synaptics Incorporated)
Task: {D6820819-26FC-47A7-B627-28F17C4863D5} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-979933412-960713541-3746131152-1003 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E0822FA1-E65A-4ABC-84E4-2B7B9B1A5812} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EAA6A7AE-7D6B-4BEB-9222-96A7D3064A15} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {EBAE3A3E-B5B9-48D9-B19B-49684E88C80F} - System32\Tasks\HPCeeScheduleForMajdiAref => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EF80AD18-1060-4938-8CD7-6586AC835883} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F483CEEB-C55F-4B4E-8309-FB929AC0560E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F6EB94F5-A6A8-450B-9470-4782C0BC91A2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FE41BD6F-3CC9-4E3C-8FE0-C3F5CFC56172} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMajdiAref.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-27 10:03 - 2014-09-14 02:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-16 18:31 - 2014-09-14 00:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-13 13:35 - 2013-02-13 13:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 13:35 - 2013-02-13 13:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-02-07 12:19 - 2013-02-07 12:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-16 18:31 - 2013-02-16 03:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-03 18:26 - 2014-09-24 08:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-27 10:03 - 2014-09-14 02:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\MajdiAref\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-979933412-960713541-3746131152-500 - Administrator - Disabled)
Guest (S-1-5-21-979933412-960713541-3746131152-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-979933412-960713541-3746131152-1007 - Limited - Enabled)
MajdiAref (S-1-5-21-979933412-960713541-3746131152-1003 - Administrator - Enabled) => C:\Users\MajdiAref

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/11/2014 08:53:17 PM) (Source: DCOM) (EventID: 10010) (User: MAJDI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-07 10:14:40.181
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-05 11:49:41.079
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-02 11:57:23.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-09-27 18:20:31.011
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-09-14 18:04:53.233
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-09-01 21:01:56.617
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-28 06:43:44.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-23 14:03:48.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-16 11:00:16.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-28 13:08:06.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16316.02 MB
Available physical RAM: 14156.45 MB
Total Pagefile: 18748.02 MB
Available Pagefile: 16571.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:471.41 GB) (Free:343.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:439.45 GB) (Free:372.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.2 KB · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-10-2014
Ran by MajdiAref at 2014-10-12 09:52:38 Run:1
Running from C:\Users\MajdiAref\Desktop
Loaded Profile: MajdiAref (Available profiles: MajdiAref)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4db76ba7-9a4b-11e3-be82-00c2c61723b5} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {4e6ea2ec-de56-11e3-bea4-00c2c61723b5} - "F:\Startme.exe"
HKU\S-1-5-21-979933412-960713541-3746131152-1003\...\MountPoints2: {c98283f1-f15b-11e3-bea6-0024211eaa99} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iBurstU; \SystemRoot\system32\DRIVERS\iBux64.sys [X]
C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe
C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe
Task: {35E76E62-308F-4CF1-8CBC-232D844B343D} - \4CEFD9B73D6C-1CRMOI2 No Task File <==== ATTENTION
Task: {54CE5477-AEF7-4C65-BCE2-D6B6DB73150E} - \AutoKMSCustom No Task File <==== ATTENTION
Task: {885458DF-A9BC-4E30-B044-B32EEB1AA086} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {A213DEF8-18A1-4A88-8192-5FE7DDC1CB77} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\MajdiAref\SkyDrive:ms-properties

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db76ba7-9a4b-11e3-be82-00c2c61723b5}" => Key deleted successfully.
"HKCR\CLSID\{4db76ba7-9a4b-11e3-be82-00c2c61723b5}" => Key not found.
"HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e6ea2ec-de56-11e3-bea4-00c2c61723b5}" => Key deleted successfully.
"HKCR\CLSID\{4e6ea2ec-de56-11e3-bea4-00c2c61723b5}" => Key not found.
"HKU\S-1-5-21-979933412-960713541-3746131152-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98283f1-f15b-11e3-bea6-0024211eaa99}" => Key deleted successfully.
"HKCR\CLSID\{c98283f1-f15b-11e3-bea6-0024211eaa99}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully.
avchv => Service deleted successfully.
esgiguard => Service deleted successfully.
iBurstU => Service deleted successfully.
C:\Users\MajdiAref\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\MajdiAref\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35E76E62-308F-4CF1-8CBC-232D844B343D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E76E62-308F-4CF1-8CBC-232D844B343D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4CEFD9B73D6C-1CRMOI2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54CE5477-AEF7-4C65-BCE2-D6B6DB73150E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54CE5477-AEF7-4C65-BCE2-D6B6DB73150E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSCustom" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{885458DF-A9BC-4E30-B044-B32EEB1AA086}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{885458DF-A9BC-4E30-B044-B32EEB1AA086}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A213DEF8-18A1-4A88-8192-5FE7DDC1CB77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A213DEF8-18A1-4A88-8192-5FE7DDC1CB77}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\Users\MajdiAref\SkyDrive => ":ms-properties" ADS removed successfully.

==== End of Fixlog ====
 
How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.[/*]
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b][/*]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
Hello, I'm very grateful for your help!
it's doing fine except when the laptop starts it seems slower than before but that's probably because of all the new programs install to remove the virus, I'll remove them as soon as we're done.
I noticed in the ESET scan that there's an adware file I think it's what originated the problem.
Results of screen317's Security Check version 0.99.88
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.152
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 21-07-2014
Ran by MajdiAref (administrator) on 14-10-2014 at 10:23:20
Running from "C:\Users\MajdiAref\Downloads"
Microsoft Windows 8.1 Single Language (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.AM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\OpenCandy\79C25640F4354D10BF3E0D616B26EB50\dlm.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\FoxPro_32.dll.vir Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\FoxPro_64.dll.vir Win64/Adware.Vonteera.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\MajdiAref\AppData\Roaming\VolIE\onload.js.vir Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Users\MajdiAref\AppData\Roaming\SPK\SPK.exe a variant of Win32/AdWare.Vonteera.J application cleaned by deleting - quarantined
C:\Users\MajdiAref\Desktop\Dhaibi\downloads\bluetooth\game64_1.35.apk a variant of Android/AdDisplay.AirPush.G potentially unwanted application deleted - quarantined
C:\Users\MajdiAref\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\MajdiAref\Downloads\KMSnano v22 Offline Office and Windows KMS Activator\nullam_facete_v22.zip a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
C:\Users\MajdiAref\Downloads\KMSnano v22 Offline Office and Windows KMS Activator\nullam_facete_v22\KMSnano_setup.exe a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
C:\Users\MajdiAref\Downloads\KMSnano v22.1 Offline Office and Windows KMS Activator\nullam_facete_v22.1.zip a variant of MSIL/HackTool.IdleKMS.A potentially unsafe application deleted - quarantined
C:\Windows\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application deleted - quarantined
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you for your support I really appreciate it. I'll make sure to give recommendations to my friends and colleagues. Everything seems to be doing great!
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back