Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with adf.ly & cdn.cloudwm.com; chrome keeps redirecting..


  • This topic is locked This topic is locked
29 replies to this topic

#1 Sweiss

Sweiss

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 17 July 2014 - 04:18 PM

laptop got infected somehow with a stubborn adwares/malwares (adf.ly & cdn.cloudwm.com).***Google chrome keeps redirecting me to adf.ly website and or cdn.cloudwm.com***

I have tried to remove them using the following programs: -

1- spybot search and destroy

2- adwcleaner

3- combofix

4- junkware removal tool

5- microsoft malicious removal tool

*Microsoft security essential tool is enabled before and after this problem...

 

After trying almost all of the free adware programs, i tried the system restore option, even tried to run in safe mode but the system didnt allow me to do so and stated : 

System Restore failed to extract the file (C:\) from the restore point. An unspecified error occurred during System Restore. (0x8000ffff).

 

DDs. and combofix log reports are illustrated below respectively:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.65.2
Run by Raed at 23:54:24 on 2014-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6126.3375 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Isis\isis.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WLANExt.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
mRun: [PeachtreePrefetcher.exe] "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [Isis] C:\Program Files (x86)\Isis\isis.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Raed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: Interfaces\{0710AB12-C476-4BBA-89C6-6D7C43333CC4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6E1BCF8B-B60D-4BEE-85AD-592E5A085652} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{94675EC1-C702-4674-8F47-73850309A46D} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{B4D15817-F188-4362-B857-3528C56C2A67} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CC801F7F-0624-4BD9-9A59-71D1E5F1AF4E} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{D7709BDC-7DB0-46D7-9D99-7CD5D76AA05D} : DHCPNameServer = 212.77.192.60 212.77.192.59
TCP: Interfaces\{D7709BDC-7DB0-46D7-9D99-7CD5D76AA05D}\1486D6564602D4F68697 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\1486D6564602D4F68697 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\14E64627F69646140543138383 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\55D6E696168602D4F62696C6560275966496 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\F42716E67656F533365656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB484E6F-4633-4B67-8B3C-71415A9E9BAC} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E7C85074-F9EB-4051-9B3C-807E7AB9C73C} : NameServer = 212.77.192.59 212.77.192.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\
FF - ExtSQL: 2014-07-07 11:07; hd_streamer@iMedia; C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\hd_streamer@iMedia
FF - ExtSQL: !HIDDEN! 2014-05-06 04:09; quick_start@gmail.com; C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\quick_start@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-3-31 54984]
R1 isis;isis;C:\Windows\System32\drivers\isis.sys [2014-7-15 47408]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-17 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-17 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-19 1631008]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2007-9-5 455968]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-5-4 1153368]
R2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2014-3-4 2541688]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 SRSHDAudioService;SRS HDAudio Lab Service;C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-8-24 12648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-15 413128]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-21 2656280]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2011-10-21 42096]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-9-23 654552]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-9-27 29696]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-7-2 85504]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-17 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-17 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-15 40392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-10-21 38096]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2014-3-4 41368]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-3-19 42184]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [2013-7-2 218624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cpuz136;cpuz136;C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [2013-12-22 25320]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-7-17 22704]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-7-2 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-7-2 13952]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-7-2 256000]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-5-6 1436424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-1 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-2-20 98560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-21 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-10-21 307304]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2011-8-1 513824]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-21 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-25 1255736]
S4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2014-2-28 292736]
S4 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-12-16 105448]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-17 20:12:18 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-07-17 20:12:16 110080 ----a-r- C:\Users\Raed\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-07-17 20:12:16 110080 ----a-r- C:\Users\Raed\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-07-17 20:12:16 110080 ----a-r- C:\Users\Raed\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-07-17 20:12:14 -------- d-----w- C:\sh4ldr
2014-07-17 20:12:14 -------- d-----w- C:\Program Files\Enigma Software Group
2014-07-17 20:11:30 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-17 17:12:54 -------- d-----w- C:\Users\Raed\AppData\Roaming\ParetoLogic
2014-07-17 17:12:54 -------- d-----w- C:\Users\Raed\AppData\Roaming\DriverCure
2014-07-17 17:12:38 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-07-17 17:12:35 -------- d-----w- C:\ProgramData\ParetoLogic
2014-07-17 17:12:35 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-07-17 16:21:24 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-17 16:09:02 98816 ----a-w- C:\Windows\sed.exe
2014-07-17 16:09:02 256000 ----a-w- C:\Windows\PEV.exe
2014-07-17 16:09:02 208896 ----a-w- C:\Windows\MBR.exe
2014-07-17 16:08:58 -------- d-----w- C:\ComboFix
2014-07-17 15:38:13 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB522A74-2B62-409D-BDF6-B18E0C9573FA}\mpengine.dll
2014-07-17 13:33:33 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-07-17 13:09:44 -------- d-----w- C:\Program Files (x86)\GUMBA79.tmp
2014-07-17 13:09:18 -------- d-----w- C:\Users\Raed\AppData\Local\Apps
2014-07-17 13:09:17 -------- d-----w- C:\Users\Raed\AppData\Local\Deployment
2014-07-17 12:18:21 -------- d-----w- C:\Windows\ERUNT
2014-07-17 12:08:19 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-17 12:07:35 -------- d-----w- C:\AdwCleaner
2014-07-17 11:17:13 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-17 11:16:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-17 11:16:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-17 11:16:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-17 11:16:27 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-17 11:16:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 10:22:44 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-17 10:08:42 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-07-17 10:08:39 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-07-17 10:08:39 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-07-17 08:50:03 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-15 12:51:04 47408 ----a-w- C:\Windows\System32\drivers\isis.sys
2014-07-14 16:13:05 -------- d-----w- C:\Program Files (x86)\Isis
2014-07-11 08:49:35 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12876EE4-D795-46F5-B26A-64F05B031362}\gapaengine.dll
2014-06-29 02:25:14 -------- d-----w- C:\Users\Raed\AppData\Local\Realmware
2014-06-29 02:24:44 -------- d-----w- C:\Program Files\Realmware
2014-06-28 01:26:20 2580552 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-06-20 03:02:27 -------- d-----w- C:\Users\Raed\AppData\Local\Origin
2014-06-20 03:00:25 -------- d-----w- C:\ProgramData\Origin
2014-06-20 03:00:22 -------- d-----w- C:\Program Files (x86)\Origin
2014-06-17 21:25:16 -------- d-----w- C:\Users\Raed\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2014-07-17 10:46:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-17 10:46:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-15 23:46:23 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-07-15 23:46:23 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-15 23:45:55 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-15 11:21:58 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex1
2014-07-04 01:21:19 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex2
2014-06-28 03:22:17 76152 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-06-15 01:42:16 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex3
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-20 01:25:38 2560968 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-05-19 23:10:44 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-06 04:17:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-06 03:07:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-04 21:32:03 66560 ----a-w- C:\Windows\SysWow64\s2dtconv.dll
2014-05-04 21:32:03 24576 ----a-w- C:\Windows\SysWow64\Sbtrvd32.dll
2014-04-28 11:44:16 396480 ----a-w- C:\Windows\System32\PsExec.exe
.
============= FINISH: 23:55:16.75 ===============
 
 
 
ComboFix 14-07-17.03 - Raed 17/07/2014  19:10:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6126.3237 [GMT 3:00]
Running from: c:\users\Raed\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Raed\Desktop\Adware-Removal-Tool-v3.9.1.exe
c:\users\Raed\Desktop\Internet Explorer.lnk
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 16:18 . 2014-07-17 16:18 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-07-17 16:18 . 2014-07-17 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 15:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB522A74-2B62-409D-BDF6-B18E0C9573FA}\mpengine.dll
2014-07-17 15:33 . 2014-07-17 15:33 -------- d-----w- c:\windows\LastGood
2014-07-17 13:33 . 2014-07-17 13:33 -------- d-----w- c:\program files (x86)\Anvisoft
2014-07-17 13:09 . 2014-07-17 13:11 -------- d-----w- c:\program files (x86)\GUMBA79.tmp
2014-07-17 13:09 . 2014-07-17 13:09 -------- d-----w- c:\users\Raed\AppData\Local\Apps
2014-07-17 13:09 . 2014-07-17 13:09 -------- d-----w- c:\users\Raed\AppData\Local\Deployment
2014-07-17 12:18 . 2014-07-17 12:18 -------- d-----w- c:\windows\ERUNT
2014-07-17 12:08 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-17 12:07 . 2014-07-17 15:15 -------- d-----w- C:\AdwCleaner
2014-07-17 11:17 . 2014-07-17 16:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 11:16 . 2014-07-17 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-17 11:16 . 2014-07-17 11:16 -------- d-----w- c:\programdata\Malwarebytes
2014-07-17 11:16 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-17 11:16 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-17 11:16 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-17 10:23 . 2014-07-17 10:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-17 10:22 . 2014-07-17 10:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-17 10:08 . 2014-07-17 14:52 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-07-17 10:08 . 2014-07-17 10:08 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-07-17 10:08 . 2014-07-17 10:08 -------- d-----w- c:\program files\Common Files\Microsoft
2014-07-17 08:50 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-15 12:51 . 2014-07-15 12:51 47408 ----a-w- c:\windows\system32\drivers\isis.sys
2014-07-14 16:13 . 2014-07-14 16:13 -------- d-----w- c:\program files (x86)\Isis
2014-07-11 08:49 . 2014-05-01 23:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12876EE4-D795-46F5-B26A-64F05B031362}\gapaengine.dll
2014-06-29 02:25 . 2014-06-29 02:25 -------- d-----w- c:\users\Raed\AppData\Local\Realmware
2014-06-29 02:24 . 2014-06-29 02:24 -------- d-----w- c:\program files\Realmware
2014-06-28 01:26 . 2012-01-18 13:15 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-06-20 03:02 . 2014-06-20 03:02 -------- d-----w- c:\users\Raed\AppData\Local\Origin
2014-06-20 03:00 . 2014-07-16 07:37 -------- d-----w- c:\programdata\Origin
2014-06-20 03:00 . 2014-07-15 23:43 -------- d-----w- c:\program files (x86)\Origin
2014-06-17 21:25 . 2014-07-03 20:55 -------- d-----w- c:\users\Raed\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 10:46 . 2012-03-30 10:17 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-17 10:46 . 2012-02-23 17:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-15 23:46 . 2012-02-24 12:34 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-15 23:46 . 2012-02-24 07:16 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-15 23:45 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-07-15 11:21 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex1
2014-07-04 01:21 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex2
2014-06-28 03:22 . 2012-02-24 07:16 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-26 14:40 . 2012-02-26 06:53 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-15 01:42 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex3
2014-06-08 09:13 . 2014-06-12 00:53 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 09:08 . 2014-06-12 00:53 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-20 02:44 . 2014-06-15 19:42 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-06-15 19:42 52056 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2014-06-15 19:40 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-06-15 19:40 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-06-15 19:40 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-06-15 19:40 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2014-06-15 19:40 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-06-15 19:40 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-06-15 19:40 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-06-15 19:40 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-06-15 19:40 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-06-15 19:40 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-06-15 19:40 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-06-15 19:40 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-06-15 19:40 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-06-15 19:40 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-06-15 19:40 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-06-15 19:40 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-06-15 19:40 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-06-15 19:40 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-06-15 19:40 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-15 19:40 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-06-15 19:40 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-06-15 19:40 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-15 19:40 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-06-15 19:40 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-06-15 19:40 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-06-15 19:40 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-06-15 19:40 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-06-15 19:40 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 01:25 . 2014-06-15 19:42 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-06-15 19:42 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-06-15 19:42 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-06-15 19:42 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-06-15 19:42 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-06-15 19:42 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-06-15 19:43 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-05-14 23:49 . 2014-06-15 19:42 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-06 04:40 . 2014-05-14 00:51 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-06 04:17 . 2014-05-14 00:51 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-06 03:07 . 2014-05-14 00:51 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 03:00 . 2014-05-14 00:51 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-04 21:32 . 2013-09-27 05:13 66560 ----a-w- c:\windows\SysWow64\s2dtconv.dll
2014-05-04 21:32 . 2013-09-27 05:13 24576 ----a-w- c:\windows\SysWow64\Sbtrvd32.dll
2014-05-01 23:35 . 2013-04-23 21:26 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-28 11:44 . 2014-06-15 18:57 396480 ----a-w- c:\windows\system32\PsExec.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2014-03-08 11:03 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2014-03-08 1517224]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-09-23 3125976]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2014-03-08 4110992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PeachtreePrefetcher.exe"="c:\progra~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-09-15 32768]
"Isis"="c:\program files (x86)\Isis\isis.exe" [2014-07-15 330544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Raed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslffd4b1b8;MpKslffd4b1b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DAE782-43B8-4A08-85B6-2CD86AF035DB}\MpKslffd4b1b8.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DAE782-43B8-4A08-85B6-2CD86AF035DB}\MpKslffd4b1b8.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [x]
R3 cpuz136;cpuz136;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
R4 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 isis;isis;c:\windows\system32\drivers\isis.sys;c:\windows\SYSNATIVE\drivers\isis.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 13:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:46]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
TCP: Interfaces\{6E1BCF8B-B60D-4BEE-85AD-592E5A085652}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{94675EC1-C702-4674-8F47-73850309A46D}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{CC801F7F-0624-4BD9-9A59-71D1E5F1AF4E}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{E7C85074-F9EB-4051-9B3C-807E7AB9C73C}: NameServer = 212.77.192.59 212.77.192.60
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\
FF - ExtSQL: 2014-07-07 11:07; hd_streamer@iMedia; c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\hd_streamer@iMedia
FF - ExtSQL: !HIDDEN! 2014-05-06 04:09; quick_start@gmail.com; c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\quick_start@gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-17  19:21:16
ComboFix-quarantined-files.txt  2014-07-17 16:21
.
Pre-Run: 268,027,437,056 bytes free
Post-Run: 270,369,538,048 bytes free
.
- - End Of File - - D88B88C38D8A0CC7EF7F40EC70D3B0F9
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 22 July 2014 - 04:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541351 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 23 July 2014 - 07:30 AM

Hello,

 

Im not quite sure whether i still need help or not; though I have not tried to remove the virus/malware by myself after i received an advice from one of your staff stating not to modify or try and wait for the advice from your side; my chrome browser seems to me now running properly!!!! Few days ago it kept redirecting me to adf.ly website and another website named cdn.cloudwm.com.

 

To summarize it:

- Before asking your help I have tried 5 or 6 adware and malware removers programs including combofix as mentioned above.

- All of them failed to remove this kind of virus/malware as i kept redirected to the aforesaid websites; hence i asked for your help.

- Nothing done after that rather than waiting a response.

- Im still afraid to use google chrome to enter bank accounts for instance but Im surprisingly got no more redirected to those websites!!! though didnt try to remove them later!!!.

 

New DDs logs are included...

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.65.2
Run by Raed at 15:12:41 on 2014-07-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6126.4093 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\TODDSrv.exe
C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
uRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
mRun: [PeachtreePrefetcher.exe] "C:\PROGRA~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [Isis] C:\Program Files (x86)\Isis\isis.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Raed\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: Interfaces\{0710AB12-C476-4BBA-89C6-6D7C43333CC4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6E1BCF8B-B60D-4BEE-85AD-592E5A085652} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{94675EC1-C702-4674-8F47-73850309A46D} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{B4D15817-F188-4362-B857-3528C56C2A67} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CC801F7F-0624-4BD9-9A59-71D1E5F1AF4E} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{D7709BDC-7DB0-46D7-9D99-7CD5D76AA05D} : DHCPNameServer = 212.77.192.60 212.77.192.59
TCP: Interfaces\{D7709BDC-7DB0-46D7-9D99-7CD5D76AA05D}\1486D6564602D4F68697 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\1486D6564602D4F68697 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\14E64627F69646140543138383 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\55D6E696168602D4F62696C6560275966496 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}\F42716E67656F533365656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DB484E6F-4633-4B67-8B3C-71415A9E9BAC} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E7C85074-F9EB-4051-9B3C-807E7AB9C73C} : NameServer = 212.77.192.59 212.77.192.60
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\
FF - ExtSQL: 2014-07-07 11:07; hd_streamer@iMedia; C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\hd_streamer@iMedia
FF - ExtSQL: !HIDDEN! 2014-05-06 04:09; quick_start@gmail.com; C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\quick_start@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-3-31 54984]
R1 isis;isis;C:\Windows\System32\drivers\isis.sys [2014-7-15 47408]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-17 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-17 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-19 1631008]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2007-9-5 455968]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-5-4 1153368]
R2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2014-3-4 2541688]
R2 SRSHDAudioService;SRS HDAudio Lab Service;C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2011-8-24 12648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-15 413128]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-21 2656280]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2011-10-21 42096]
R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-9-23 654552]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-9-27 29696]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-7-2 85504]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-3 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-17 122584]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-15 40392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-10-21 38096]
R3 QIOMem;Generic IO & Memory Access;C:\Windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2014-3-4 41368]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-3-19 42184]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [2013-7-2 218624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-7-2 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-7-2 13952]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2013-7-2 256000]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-5-6 1436424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-1 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-17 63704]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-2-20 98560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-10-21 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-10-21 307304]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2011-8-1 513824]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-10-21 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-25 1255736]
S4 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2014-2-28 292736]
S4 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-12-16 105448]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-23 08:34:20 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C17B112F-97C4-40F0-8352-478C72A9881B}\mpengine.dll
2014-07-22 08:07:31 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{550D3249-F0E8-45B3-99A0-1132A10F3873}\gapaengine.dll
2014-07-22 08:06:53 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-17 20:11:30 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-17 17:12:54 -------- d-----w- C:\Users\Raed\AppData\Roaming\ParetoLogic
2014-07-17 17:12:54 -------- d-----w- C:\Users\Raed\AppData\Roaming\DriverCure
2014-07-17 17:12:38 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2014-07-17 17:12:35 -------- d-----w- C:\ProgramData\ParetoLogic
2014-07-17 17:12:35 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2014-07-17 16:21:24 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-17 16:09:02 98816 ----a-w- C:\Windows\sed.exe
2014-07-17 16:09:02 256000 ----a-w- C:\Windows\PEV.exe
2014-07-17 16:09:02 208896 ----a-w- C:\Windows\MBR.exe
2014-07-17 16:08:58 -------- d-----w- C:\ComboFix
2014-07-17 13:33:33 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-07-17 13:09:44 -------- d-----w- C:\Program Files (x86)\GUMBA79.tmp
2014-07-17 13:09:18 -------- d-----w- C:\Users\Raed\AppData\Local\Apps
2014-07-17 13:09:17 -------- d-----w- C:\Users\Raed\AppData\Local\Deployment
2014-07-17 12:18:21 -------- d-----w- C:\Windows\ERUNT
2014-07-17 12:08:19 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-17 12:07:35 -------- d-----w- C:\AdwCleaner
2014-07-17 11:17:13 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-17 11:16:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-17 11:16:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-17 11:16:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-17 11:16:27 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-17 11:16:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 10:22:44 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-17 10:08:42 290304 ----a-w- C:\Windows\SysWow64\subinacl.exe
2014-07-17 10:08:39 -------- d-----w- C:\Program Files\Common Files\Microsoft
2014-07-17 10:08:39 -------- d-----w- C:\Program Files\Adware-Removal-Tool
2014-07-15 12:51:04 47408 ----a-w- C:\Windows\System32\drivers\isis.sys
2014-07-14 16:13:05 -------- d-----w- C:\Program Files (x86)\Isis
2014-06-29 02:25:14 -------- d-----w- C:\Users\Raed\AppData\Local\Realmware
2014-06-29 02:24:44 -------- d-----w- C:\Program Files\Realmware
2014-06-28 01:26:20 2580552 ----a-w- C:\Windows\SysWow64\pbsvc.exe
.
==================== Find3M  ====================
.
2014-07-22 14:01:23 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-07-22 14:01:23 297088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-07-22 14:01:14 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-07-21 08:15:06 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex2
2014-07-17 10:46:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-17 10:46:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-28 03:22:17 76152 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-06-15 01:42:16 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex3
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-20 01:25:42 6769096 ----a-w- C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42 3514144 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39 927520 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-05-20 01:25:38 2560968 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-05-19 23:10:44 601432 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-05-14 23:49:42 3774821 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-06 04:17:53 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-06 03:07:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-04 21:32:03 66560 ----a-w- C:\Windows\SysWow64\s2dtconv.dll
2014-05-04 21:32:03 24576 ----a-w- C:\Windows\SysWow64\Sbtrvd32.dll
2014-04-28 11:44:16 396480 ----a-w- C:\Windows\System32\PsExec.exe
.
============= FINISH: 15:12:54.01 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 23/02/2012 02:59:32 PM
System Uptime: 23/07/2014 02:00:47 PM (1 hours ago)
.
Motherboard: Intel Corp. |  | Base Board Product Name
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz | CPU1 | 1694/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 349 GiB total, 253.639 GiB free.
D: is FIXED (NTFS) - 350 GiB total, 321.345 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslffd4b1b8
Device ID: ROOT\LEGACY_MPKSLFFD4B1B8\0000
Manufacturer: 
Name: MpKslffd4b1b8
PNP Device ID: ROOT\LEGACY_MPKSLFFD4B1B8\0000
Service: MpKslffd4b1b8
.
==== System Restore Points ===================
.
RP388: 13/07/2014 03:28:16 PM - Windows Update
RP389: 17/07/2014 11:49:27 AM - Windows Update
RP390: 17/07/2014 01:21:54 PM - Installed Java 7 Update 65
RP391: 17/07/2014 05:46:36 PM - Configured TRORMCLauncher
RP392: 17/07/2014 06:30:02 PM - Windows Update
RP393: 17/07/2014 08:33:55 PM - Restore Operation
RP394: 17/07/2014 11:11:35 PM - Installed SpyHunter
RP395: 18/07/2014 12:47:14 AM - Removed SpyHunter
RP396: 20/07/2014 10:14:01 PM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 13 Plugin
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.9) MUI
Atheros Bluetooth Filter Driver Package
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
µTorrent
Battlefield 3™
BF3 Settings Editor
Bing Desktop
Bluetooth Stack for Windows by Toshiba
CCleaner
Conexant HD Audio
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Crystal Reports 2008 Runtime
D3DX10
DAEMON Tools Ultra
DAP Plug-in for 64 Bit IE
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Accelerator Plus (DAP)
Dropbox
Facebook Video Calling 2.0.0.447
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback
Intel® Management Engine Components
Java 7 Update 65
Java Auto Updater
Java™ 6 Update 20
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Media Player Classic - Home Cinema v. 1.3.1249.0
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
NVIDIA 3D Vision Driver 337.88
NVIDIA Control Panel 337.88
NVIDIA Graphics Driver 337.88
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA Network Service
NVIDIA Stereoscopic 3D Driver
Origin
Overwolf
Peachtree Accounting 2009
Peachtree Complete Accounting 2009
PeachTree Signature Ready Forms
Pervasive PSQL v10 Workgroup (32-bit)
PlayReady PC Runtime amd64
PunkBuster Services
Puran Defrag 7.7
Qtel Mobile Broadband
Razer Game Booster
Realtek USB 2.0 Reader Driver
Renesas Electronics USB 3.0 Host Controller Driver
Sage Software Integration Services
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
Skype™ 6.14
SpeedBit Video Accelerator
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 3 Client
TechPowerUp GPU-Z
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
23/07/2014 03:05:56 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
23/07/2014 02:54:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
23/07/2014 02:01:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Qtel Mobile Broadband. OUC service to connect.
23/07/2014 02:01:13 PM, Error: Service Control Manager [7000]  - The Qtel Mobile Broadband. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
19/07/2014 06:51:51 PM, Error: Service Control Manager [7034]  - The SpeedBit Update service terminated unexpectedly.  It has done this 1 time(s).
17/07/2014 09:00:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
17/07/2014 09:00:00 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
17/07/2014 08:59:58 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
17/07/2014 08:59:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
17/07/2014 08:59:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/07/2014 08:59:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17/07/2014 08:59:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Tosrfcom Wanarpv6
17/07/2014 08:59:37 PM, Error: Service Control Manager [7001]  - The SRS HDAudio Lab Service service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2973337).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2966583).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2800095).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2973351).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2973201).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2972280).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2965788).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2961072).
17/07/2014 07:34:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2962872).
17/07/2014 07:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Update for Windows 7 for x64-based Systems (KB2952664).
17/07/2014 07:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2971850).
17/07/2014 07:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2957509).
17/07/2014 07:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2957189).
17/07/2014 07:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB2939576).
17/07/2014 07:29:43 PM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The pipe has been ended.
17/07/2014 07:29:40 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.
17/07/2014 07:18:28 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
17/07/2014 07:17:20 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
17/07/2014 07:07:08 PM, Error: Service Control Manager [7034]  - The VideoAcceleratorService service terminated unexpectedly.  It has done this 1 time(s).
17/07/2014 05:35:05 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
17/07/2014 05:35:05 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
17/07/2014 05:32:42 PM, Error: Microsoft-Windows-Eventlog [23]  - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Diagnosis-Scheduled/Operational.
.
==== End Of File ===========================
 


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 AM

Posted 27 July 2014 - 04:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:11 PM

Posted 28 July 2014 - 02:28 AM

Sorry for the delay. Do you still require assistance? Please, do not run tools such as ComboFix without an expert's supervision.

Edited by Valinorum, 28 July 2014 - 02:30 AM.
Typo

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#6 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 28 July 2014 - 08:38 PM

Hi,

 

It's been 12 days since my first post; Im not quite sure whether i still need help or not; though I have not tried to remove the virus/malware by myself after i received an advice from one of your staff stating not to modify or try and wait for an advice that I haven't received YET; my chrome browser ARE NO more redirecting me to adf.ly website and another website named cdn.cloudwm.com!!

 

To summarize it:

- Before asking your help I have tried 5 or 6 adware and malware removers (spybot search and destroy, adwcleaner, combofix, junkware removal tool, microsoft malicious removal tool) *Microsoft security essential tool is enabled before and after this problem....All of them failed as chrome still got me redirected to the aforesaid websites; hence i asked for your help.

- Nothing done after that rather than waiting a response.

- Im still afraid to use google chrome to enter bank accounts for instance.

 

If you help me to make sure that I have no malware/adwares installed on my computer that would be appreciated..



#7 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:11 PM

Posted 28 July 2014 - 11:51 PM

Hi Sweiss, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Before we begin, I apologise for the delay. Sometimes we get overwhelmed by the users due to limited number of helper. I applaud your descriptive post which will aid to our speedy result.
 

Before asking your help I have tried 5 or 6 adware and malware removers (spybot search and destroy, adwcleaner, combofix, junkware removal tool, microsoft malicious removal tool) *Microsoft security essential tool is enabled before and after this problem....All of them failed as chrome still got me redirected to the aforesaid websites; hence i asked for your help.

Never run ComboFix without an experts supervision. It is an extremely powerful tool with needs proper caution. Please post the following Logs --
C:\Combofix.txt
C:\AdwCleaner\Adwcleaner[S*].txt
Junkware Removal Tool log is located in your Desktop named as Jrt.txt
 

If you help me to make sure that I have no malware/adwares installed on my computer that would be appreciated..

I am looking forward to put a smile on your face. :)

 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • FRST Log(s) --
      • FRST.txt
      • Adition.txt
    • AdwCleaner Log
    • ComboFix.txt
    • Junkware Removal Tool Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#8 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 July 2014 - 07:09 AM

Hi,
 
I couldn't find Junkware Removal Tool log; i may have deleted it, i didnt think you would need the log (please advice whether you need me to re-install the program and run it).
 
The other log requirements are enclosed herewith respectively in multiple posts ( i was unable to post in 1 post):
----------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Raed (administrator) on QTEL on 29-07-2014 14:18:13
Running from C:\Users\Raed\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
() C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(SRS Labs, Inc.) C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe [32768 2008-09-15] (Sage Software, Inc.)
HKLM-x32\...\Run: [Isis] => C:\Program Files (x86)\Isis\isis.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2958044183-866935480-2546363471-1000\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe [1517224 2014-03-08] (SPEEDbit)
HKU\S-1-5-21-2958044183-866935480-2546363471-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3125976 2013-09-23] (Disc Soft Ltd)
HKU\S-1-5-21-2958044183-866935480-2546363471-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4110992 2014-03-08] (Speedbit Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Raed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{6E1BCF8B-B60D-4BEE-85AD-592E5A085652}: [NameServer]212.77.192.59 212.77.192.60
Tcpip\..\Interfaces\{94675EC1-C702-4674-8F47-73850309A46D}: [NameServer]212.77.192.59 212.77.192.60
Tcpip\..\Interfaces\{CC801F7F-0624-4BD9-9A59-71D1E5F1AF4E}: [NameServer]212.77.192.59 212.77.192.60
Tcpip\..\Interfaces\{DABB6F22-406D-49AA-89D5-865B93CB5869}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DB484E6F-4633-4B67-8B3C-71415A9E9BAC}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{E7C85074-F9EB-4051-9B3C-807E7AB9C73C}: [NameServer]212.77.192.59 212.77.192.60
 
FireFox:
========
FF ProfilePath: C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Raed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-03-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-29]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2012-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2012-02-24]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: 
CHR DefaultSearchProvider: 
CHR DefaultSearchURL: 
CHR Extension: (Google Docs) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-07-17]
CHR Extension: (Skype Click to Call) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (Gmail) - C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2012-02-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [654552 2013-09-23] (Disc Soft Ltd)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-02-16] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software)
S2 Qtel Mobile Broadband. RunOuc; C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [218624 2013-07-02] () [File not signed]
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2541688 2014-03-04] (Speedbit Ltd.)
R2 SRSHDAudioService; C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [12648 2011-08-24] (SRS Labs, Inc.)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2014-03-08] (SPEEDbit)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-09-27] (Disc Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2013-07-02] (Huawei Technologies Co., Ltd.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [54984 2014-03-19] (AnchorFree Inc.)
R1 isis; C:\Windows\System32\drivers\isis.sys [47408 2014-07-15] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-03-04] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [513824 2011-08-01] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 MpKslffd4b1b8; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9DAE782-43B8-4A08-85B6-2CD86AF035DB}\MpKslffd4b1b8.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0E5AC20F34E22766647F33F66F1E4D55
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btfilter.sys 2347ABBD13BADA65826FDAB4CAAFE357
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\CHDRT64.sys 66847C979893A11CFCC2280E772D7EA1
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dfx11_1x64.sys 51D50A9A72C18E4629891BF381D123BA
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtscsibus.sys C9914A74045A6D23DB7252FA3985DE25
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys D83EB7ADE99D99A4CD6568AC1261D35E
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 55E0EDA185869F7EA67EA97FD0655B39
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hssdrv6.sys F9D90E50BE65F4435E1B32D514511F90
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys C2212C930D7A6CC21972B9882683D271
C:\Windows\System32\DRIVERS\ewusbmdm.sys 6E05228393CD614B983568EC40C262C3
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\drivers\isis.sys 1943C9B595CF2F72D8026FADA9D7E7F8
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys EBED8B3FF4A823C1A6EEBEED7B29353F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 0EBC9D13CD96C15B1B18D8678A609E4B
C:\Windows\System32\DRIVERS\nusb3xhc.sys 7BDEC000D56D485021D9C1E63C2F81CA
C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415
C:\Windows\System32\DRIVERS\nvlddmkm.sys 0AC797F70F2F3E5B69A34FF2F63496F3
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 75034A4D7C02327D150B617571D4196A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 91111CEBBDE8015E822C46120ED9537C
C:\Windows\System32\DRIVERS\point64.sys 520D48ECB54A33821C95EE496A4235AF
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\QIOMem.sys C8FCB4899F8B70CC34E0D9876A80963C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 135A64530D7699AD48F29D73A658DD11
C:\Windows\System32\Drivers\RTSUVSTOR.sys E5DC911D0FEB72CAFF2BBDD6E7C3672F
C:\Windows\System32\DRIVERS\RTL8187B.sys 945AB249D12CBE044782430C6013AA1A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys 0ED427A413F2D256A7396E40516212CF
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\drivers\SRS_AE_amd64.sys 46BE3584FE0F72D3430E669225ACCB40
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys F5B46DF59FEAA48A442AED7EEB754D4B
C:\Windows\System32\DRIVERS\taphss.sys F33FDC72298DF4BF9813A55D21F4EB31
C:\Windows\System32\DRIVERS\taphss6.sys DE7179BCF4F557C5CB9C07F90CB3337C
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Toshidpt.sys 755E5CA34D6186FC0E1430CD47E6E97C
C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583
C:\Windows\System32\DRIVERS\tosrfbd.sys D15CFD7DE375B33042CF1F6E34DEE198
C:\Windows\System32\Drivers\tosrfbnp.sys 90F0B1745ABF13F44C2A6ED79F7CE9FB
C:\Windows\System32\Drivers\tosrfcom.sys 9E4E65EA51E34647340BD6007467AC54
C:\Windows\System32\DRIVERS\tosrfec.sys F5E3AC4CBCD154EE80849B21887FD0B0
C:\Windows\System32\DRIVERS\Tosrfhid.sys 7D2467D3EB9BAA4B69AE4A28C83DE57A
C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2
C:\Windows\System32\drivers\tosrfsnd.sys 7052B10E54B48AF12BD5606596A8E039
C:\Windows\System32\DRIVERS\tosrfusb.sys 7A0048693F98460FF537BE31C741B927
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2C6BC21B2D5B58D8B1D638C1704CB494
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 14:18 - 2014-07-29 14:18 - 00044359 _____ () C:\Users\Raed\Downloads\FRST.txt
2014-07-29 14:18 - 2014-07-29 14:18 - 00000000 ____D () C:\FRST
2014-07-29 14:12 - 2014-07-29 14:12 - 02093568 _____ (Farbar) C:\Users\Raed\Downloads\FRST64.exe
2014-07-23 15:13 - 2014-07-23 15:13 - 00017797 _____ () C:\Users\Raed\Desktop\attach.txt
2014-07-23 15:13 - 2014-07-23 15:12 - 00025804 _____ () C:\Users\Raed\Desktop\dds.txt
2014-07-23 15:03 - 2014-07-23 15:04 - 00688992 ____R (Swearware) C:\Users\Raed\Downloads\dds (1).com
2014-07-18 01:49 - 2014-07-18 01:49 - 00347816 _____ (Microsoft Corporation) C:\Users\Raed\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-07-17 23:12 - 2014-07-17 23:12 - 00000000 _____ () C:\autoexec.bat
2014-07-17 23:11 - 2014-07-18 00:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-17 20:12 - 2014-07-18 00:48 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\ParetoLogic
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\DriverCure
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-07-17 19:21 - 2014-07-17 19:21 - 00053284 _____ () C:\ComboFix.txt
2014-07-17 19:09 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 19:09 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 19:09 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 19:09 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 19:09 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 19:09 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 19:09 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 19:09 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 19:08 - 2014-07-17 19:21 - 00000000 ____D () C:\ComboFix
2014-07-17 19:07 - 2014-07-17 19:21 - 00000000 ____D () C:\Qoobox
2014-07-17 19:07 - 2014-07-17 19:19 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 19:05 - 2014-07-17 19:06 - 05221938 ____R (Swearware) C:\Users\Raed\Downloads\ComboFix.exe
2014-07-17 16:33 - 2014-07-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-17 16:11 - 2014-07-17 16:11 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 16:11 - 2014-07-17 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-17 16:09 - 2014-07-17 16:11 - 00000000 ____D () C:\Program Files (x86)\GUMBA79.tmp
2014-07-17 16:09 - 2014-07-17 16:09 - 00000000 ____D () C:\Users\Raed\AppData\Local\Deployment
2014-07-17 16:09 - 2014-07-17 16:09 - 00000000 ____D () C:\Users\Raed\AppData\Local\Apps\2.0
2014-07-17 15:18 - 2014-07-17 15:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-17 15:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-17 15:07 - 2014-07-17 18:15 - 00000000 ____D () C:\AdwCleaner
2014-07-17 14:17 - 2014-07-29 13:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 14:16 - 2014-07-17 14:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 14:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 14:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 14:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 14:15 - 2014-07-17 14:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Raed\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 13:22 - 2014-07-17 13:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 13:22 - 2014-07-17 13:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 13:08 - 2014-07-17 17:52 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-17 13:08 - 2014-07-17 13:08 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-15 15:51 - 2014-07-15 15:51 - 00047408 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-14 19:13 - 2014-07-18 15:20 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-08 12:57 - 2014-07-07 23:23 - 04009167 _____ () C:\Users\Raed\Downloads\ServicesRepair.exe
2014-07-08 12:52 - 2014-07-08 12:52 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-06-29 05:25 - 2014-06-29 05:25 - 00000000 ____D () C:\Users\Raed\AppData\Local\Realmware
2014-06-29 05:24 - 2014-06-29 05:24 - 03276413 _____ (Realmware) C:\Users\Raed\Downloads\BF3SE-2.3.exe
2014-06-29 05:24 - 2014-06-29 05:24 - 00001216 _____ () C:\Users\Public\Desktop\BF3 Settings Editor.lnk
2014-06-29 05:24 - 2014-06-29 05:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realmware BF3 Tools
2014-06-29 05:24 - 2014-06-29 05:24 - 00000000 ____D () C:\Program Files\Realmware
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-29 14:18 - 2014-07-29 14:18 - 00044359 _____ () C:\Users\Raed\Downloads\FRST.txt
2014-07-29 14:18 - 2014-07-29 14:18 - 00000000 ____D () C:\FRST
2014-07-29 14:14 - 2011-08-03 13:41 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 14:12 - 2014-07-29 14:12 - 02093568 _____ (Farbar) C:\Users\Raed\Downloads\FRST64.exe
2014-07-29 14:02 - 2009-07-14 07:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 14:02 - 2009-07-14 07:45 - 00025120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 13:58 - 2011-10-21 06:09 - 01258243 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 13:56 - 2014-07-17 14:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-29 13:55 - 2012-10-26 00:17 - 00000000 ___RD () C:\Users\Raed\Dropbox
2014-07-29 13:55 - 2012-10-26 00:14 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\Dropbox
2014-07-29 13:55 - 2012-02-24 02:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-29 13:54 - 2014-06-17 04:14 - 00011191 _____ () C:\Windows\setupact.log
2014-07-29 13:54 - 2011-10-21 06:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-29 13:54 - 2011-08-03 13:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 13:54 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 06:55 - 2012-03-30 13:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 18:01 - 2014-06-20 06:00 - 00000000 ____D () C:\ProgramData\Origin
2014-07-28 15:21 - 2012-02-24 15:34 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-28 15:21 - 2012-02-24 10:16 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-28 15:21 - 2012-02-24 10:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-28 14:18 - 2012-02-24 10:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex1
2014-07-28 03:39 - 2014-06-20 06:00 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-27 16:17 - 2012-04-13 20:46 - 00001986 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-07-27 16:17 - 2011-08-03 13:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-07-24 12:44 - 2012-10-26 00:17 - 00001018 _____ () C:\Users\Raed\Desktop\Dropbox.lnk
2014-07-24 12:44 - 2012-10-26 00:15 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 15:13 - 2014-07-23 15:13 - 00017797 _____ () C:\Users\Raed\Desktop\attach.txt
2014-07-23 15:12 - 2014-07-23 15:13 - 00025804 _____ () C:\Users\Raed\Desktop\dds.txt
2014-07-23 15:04 - 2014-07-23 15:03 - 00688992 ____R (Swearware) C:\Users\Raed\Downloads\dds (1).com
2014-07-21 11:15 - 2012-02-24 10:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex2
2014-07-20 15:57 - 2012-03-04 15:06 - 00000000 ____D () C:\Users\Raed\Documents\Outlook Files
2014-07-18 15:20 - 2014-07-14 19:13 - 00000000 ____D () C:\Program Files (x86)\Isis
2014-07-18 11:27 - 2013-05-13 20:17 - 00795170 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-18 01:49 - 2014-07-18 01:49 - 00347816 _____ (Microsoft Corporation) C:\Users\Raed\Downloads\MicrosoftFixit.ProgramInstallUninstall.Run.exe
2014-07-18 01:00 - 2011-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-18 00:48 - 2014-07-17 23:11 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-18 00:48 - 2014-07-17 20:12 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-07-17 23:12 - 2014-07-17 23:12 - 00000000 _____ () C:\autoexec.bat
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\ParetoLogic
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Users\Raed\AppData\Roaming\DriverCure
2014-07-17 20:12 - 2014-07-17 20:12 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-07-17 19:27 - 2014-06-20 07:12 - 00009364 _____ () C:\Windows\PFRO.log
2014-07-17 19:21 - 2014-07-17 19:21 - 00053284 _____ () C:\ComboFix.txt
2014-07-17 19:21 - 2014-07-17 19:08 - 00000000 ____D () C:\ComboFix
2014-07-17 19:21 - 2014-07-17 19:07 - 00000000 ____D () C:\Qoobox
2014-07-17 19:19 - 2014-07-17 19:07 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 19:18 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 19:06 - 2014-07-17 19:05 - 05221938 ____R (Swearware) C:\Users\Raed\Downloads\ComboFix.exe
2014-07-17 18:37 - 2012-02-23 16:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-17 18:15 - 2014-07-17 15:07 - 00000000 ____D () C:\AdwCleaner
2014-07-17 17:52 - 2014-07-17 13:08 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-17 16:33 - 2014-07-17 16:33 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-17 16:11 - 2014-07-17 16:11 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 16:11 - 2014-07-17 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-17 16:11 - 2014-07-17 16:09 - 00000000 ____D () C:\Program Files (x86)\GUMBA79.tmp
2014-07-17 16:11 - 2012-02-23 13:18 - 00000000 ____D () C:\Users\Raed\AppData\Local\Google
2014-07-17 16:10 - 2011-08-03 13:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-17 16:09 - 2014-07-17 16:09 - 00000000 ____D () C:\Users\Raed\AppData\Local\Deployment
2014-07-17 16:09 - 2014-07-17 16:09 - 00000000 ____D () C:\Users\Raed\AppData\Local\Apps\2.0
2014-07-17 16:09 - 2011-08-03 13:41 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-17 16:09 - 2011-08-03 13:41 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-17 15:18 - 2014-07-17 15:18 - 00000000 ____D () C:\Windows\ERUNT
2014-07-17 15:09 - 2013-09-27 08:14 - 00000955 _____ () C:\Users\Public\Desktop\Peachtree Knowledge Center.lnk
2014-07-17 15:09 - 2013-09-27 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-07-17 15:09 - 2012-11-22 13:39 - 00001032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-17 15:09 - 2012-11-22 13:39 - 00001020 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-17 14:16 - 2014-07-17 14:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 14:16 - 2014-07-17 14:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 14:16 - 2014-07-17 14:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Raed\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 13:46 - 2012-03-30 13:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-17 13:46 - 2012-03-30 13:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-17 13:46 - 2012-02-23 20:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 13:39 - 2013-10-20 05:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 13:22 - 2014-07-17 13:22 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 13:22 - 2014-07-17 13:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 13:22 - 2011-08-03 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 13:22 - 2011-08-03 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 13:22 - 2011-08-03 13:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 13:08 - 2014-07-17 13:08 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-17 13:08 - 2014-03-08 14:07 - 00001301 _____ () C:\Users\Raed\Desktop\My DAP Downloads.lnk
2014-07-16 09:51 - 2013-08-19 01:46 - 00000258 __RSH () C:\Users\Raed\ntuser.pol
2014-07-16 09:51 - 2012-02-23 15:59 - 00000000 ____D () C:\Users\Raed
2014-07-16 02:38 - 2009-07-14 08:13 - 00785888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 15:51 - 2014-07-15 15:51 - 00047408 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\isis.sys
2014-07-15 11:27 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 01:42 - 2014-02-20 14:19 - 00000000 ____D () C:\Users\Raed\AppData\Local\Overwolf
2014-07-08 12:52 - 2014-07-08 12:52 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-07-07 23:23 - 2014-07-08 12:57 - 04009167 _____ () C:\Users\Raed\Downloads\ServicesRepair.exe
2014-06-29 05:25 - 2014-06-29 05:25 - 00000000 ____D () C:\Users\Raed\AppData\Local\Realmware
2014-06-29 05:24 - 2014-06-29 05:24 - 03276413 _____ (Realmware) C:\Users\Raed\Downloads\BF3SE-2.3.exe
2014-06-29 05:24 - 2014-06-29 05:24 - 00001216 _____ () C:\Users\Public\Desktop\BF3 Settings Editor.lnk
2014-06-29 05:24 - 2014-06-29 05:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realmware BF3 Tools
2014-06-29 05:24 - 2014-06-29 05:24 - 00000000 ____D () C:\Program Files\Realmware
 
Some content of TEMP:
====================
C:\Users\Raed\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmve4x.dll
C:\Users\Raed\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {1d7295b0-bdae-11e0-a510-60eb699491e9}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {1d7295b2-bdae-11e0-a510-60eb699491e9}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {1d7295b0-bdae-11e0-a510-60eb699491e9}
nx                      OptIn
increaseuserva          3072
 
Windows Boot Loader
-------------------
identifier              {1d7295b2-bdae-11e0-a510-60eb699491e9}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{1d7295b3-bdae-11e0-a510-60eb699491e9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{1d7295b3-bdae-11e0-a510-60eb699491e9}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {1d7295b0-bdae-11e0-a510-60eb699491e9}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {1d7295b3-bdae-11e0-a510-60eb699491e9}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2014-07-29 06:20
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Raed at 2014-07-29 14:19:06
Running from C:\Users\Raed\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.0.0.0159 - Disc Soft Ltd)
DAP Plug-in for 64 Bit IE (HKLM\...\{FB5688A1-05A2-4E9F-A5E7-872D71A6AAD6}) (Version: 9706.0.31 - SpeedBit)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - ) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 18.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.2 (x86 en-US)) (Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 18.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NeroKwikMedia Help (CHM) (x32 Version: 10.6.10900 - Nero AG) Hidden
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{FE8E927E-8099-4C6B-A337-1CAB00E213C7}) (Version: 0.50.310 - Overwolf)
Peachtree Accounting 2009 (x32 Version: 16.00.02 - Sage Software, Inc.) Hidden
Peachtree Complete Accounting 2009 (HKLM-x32\...\InstallShield_{43591480-A322-48C4-9C33-88CC1B84D6EF}) (Version: 16.00.02 - Sage Software, Inc.)
PeachTree Signature Ready Forms (x32 Version: 6.3.0 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 Workgroup (32-bit) (HKLM-x32\...\{0A3238D7-AB32-4E15-B717-F3E3F18B4A8C}) (Version: 10.0.204.000 - Pervasive Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Puran Defrag 7.7 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
Qtel Mobile Broadband (HKLM-x32\...\Qtel Mobile Broadband) (Version: 21.003.27.03.183 - Huawei Technologies Co.,Ltd)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
Sage Software Integration Services (HKLM-x32\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpeedBit Video Accelerator (HKLM-x32\...\SpeedBit Video Accelerator) (Version: 3380(build_3064) - SpeedBit Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2958044183-866935480-2546363471-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
17-07-2014 08:49:27 Windows Update
17-07-2014 10:21:54 Installed Java 7 Update 65
17-07-2014 14:46:36 Configured TRORMCLauncher
17-07-2014 15:30:02 Windows Update
17-07-2014 17:33:55 Restore Operation
17-07-2014 20:11:35 Installed SpyHunter
17-07-2014 21:47:14 Removed SpyHunter
20-07-2014 19:14:01 Windows Update
24-07-2014 09:54:08 Windows Update
27-07-2014 18:02:12 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0589DCF8-F140-4D76-B831-2577E150DC83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {08134CDA-A11C-4145-9914-DB9D76E228E8} - System32\Tasks\SBWUpdateTask_Logon_ce5d8818-00FF7A6396BF => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2014-03-08] (Speedbit Ltd.)
Task: {1C8054A9-49DA-490F-A265-D88D1E400FF3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {1FBA5F23-4D23-4C9A-BD5A-36CE65FA98C6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {28C08ABD-C0D3-4AA0-9B3F-B4016042B89C} - System32\Tasks\{C5F6DE4B-1A22-4FA6-A0F3-2B58678C7FEE} => C:\Program Files (x86)\Origin\Origin.exe [2014-07-25] (Electronic Arts)
Task: {45C01C6B-DFFD-4661-A64E-67448C51D296} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {4ADAC99C-C4A5-47C8-A000-53FDA86021DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {4E070352-6FEA-4AC6-9631-74B97A9BEB15} - \DTReg No Task File <==== ATTENTION
Task: {5309D354-9213-4CEE-9092-7FB80D7FB78E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {61E3F696-5571-4FCB-AEBC-702F4929C831} - System32\Tasks\SBWUpdateTask_Time_ce5d8818-00FF33AD3B45 => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2014-03-08] (Speedbit Ltd.)
Task: {68A887A9-1AF8-4422-80DE-A3FFAD6A4CF6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {6B73FF64-A493-4BF8-AE80-6A18B46AB6A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {6F6884CD-13A0-480A-9F3F-ED7678EA1C68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03] (Google Inc.)
Task: {75F83E68-502F-4BF4-AEA6-242C331613F5} - System32\Tasks\{5E5E2634-88CC-402C-8989-DA53566A6188} => C:\Program Files (x86)\Sage Software\Peachtree\peachw.exe [2008-09-15] (Sage Software, Inc.)
Task: {8D15429B-72B5-4B2C-A1F1-855DDA252DAB} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {90486EDA-AAC3-404F-8987-73656B1CAA48} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B2673648-189A-4575-A56E-388BF08B0635} - System32\Tasks\SBW_UpdateTask_Time_313431313931313231322d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0
Task: {D3C47D8B-1976-471D-AF6D-AA0F748F0656} - System32\Tasks\SBWUpdateTask_Time_ce5d8818-00FF7A6396BF => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2014-03-08] (Speedbit Ltd.)
Task: {E12A5540-D1CC-43B3-9361-9AA99A8AED73} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {EF5B6AAB-6167-4297-BD63-C8CE9EE49D16} - System32\Tasks\SBWUpdateTask_Logon_ce5d8818-00FF33AD3B45 => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2014-03-08] (Speedbit Ltd.)
Task: {FB8FCE09-1427-4A9A-AED7-4F61BB0E8EED} - System32\Tasks\{5A70EB7B-2DB9-4FFF-87FA-F04F5BE6AFD9} => C:\Program Files (x86)\Origin\Origin.exe [2014-07-25] (Electronic Arts)
Task: {FF13AB9E-A3BC-4F72-917D-EEA055E6888C} - System32\Tasks\{2D957F89-6C80-4091-B378-F19EDC5B20C2} => C:\Program Files (x86)\Sage Software\Peachtree\peachw.exe [2008-09-15] (Sage Software, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-15 22:42 - 2014-05-20 04:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-24 10:16 - 2014-06-28 06:22 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2007-09-05 11:25 - 2007-09-05 11:25 - 00455968 _____ () C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2012-02-23 22:06 - 2013-07-02 23:11 - 00218624 _____ () C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe
2007-09-05 12:15 - 2007-09-05 12:15 - 00230688 _____ () C:\Program Files (x86)\Pervasive Software\PSQL\bin\W3COMSRV.DLL
2012-02-24 02:23 - 2012-02-24 02:23 - 00053248 _____ () C:\Program Files (x86)\DAP\zlib.dll
2014-03-08 14:06 - 2014-03-08 14:06 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2012-07-16 14:42 - 2012-07-16 14:42 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2014-03-08 14:06 - 2014-03-08 14:06 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-03-08 14:06 - 2014-03-08 14:06 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-03-08 14:06 - 2014-03-08 14:06 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-03-08 14:06 - 2014-03-08 14:06 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2012-02-23 22:06 - 2012-02-23 22:05 - 00011362 _____ () C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\mingwm10.dll
2012-02-23 22:06 - 2012-02-23 22:05 - 00043008 _____ () C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2012-02-23 22:06 - 2012-02-23 22:05 - 02415104 _____ () C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\QtCore4.dll
2012-02-23 22:06 - 2012-02-23 22:05 - 01148416 _____ () C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\QtNetwork4.dll
2014-07-29 13:55 - 2014-07-29 13:55 - 00043008 _____ () c:\users\raed\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjmve4x.dll
2013-10-19 02:55 - 2013-10-19 02:55 - 25100288 _____ () C:\Users\Raed\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-04 11:36 - 2014-03-04 11:36 - 01011320 _____ () C:\Program Files\Common Files\SpeedBit\SBUpdate\sbci32.dll
2014-07-17 16:10 - 2014-07-15 12:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 16:10 - 2014-07-15 12:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 16:10 - 2014-07-15 12:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 16:10 - 2014-07-15 12:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 16:10 - 2014-07-15 12:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-01-03 09:59 - 2014-02-10 20:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BingDesktopUpdate => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: DefaultTabUpdate => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: psqlWGE => 2
MSCONFIG\Services: RapiMgr => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: VideoAcceleratorService => 2
MSCONFIG\Services: WcesComm => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk => C:\Windows\pss\Toshiba Places Icon Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Raed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Raed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Raed^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: DAP10 => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: MpKslffd4b1b8
Description: MpKslffd4b1b8
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslffd4b1b8
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2014 01:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/29/2014 04:22:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2014 03:35:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/27/2014 07:40:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/27/2014 03:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: sbei64.dll, version: 0.0.0.0, time stamp: 0x53159099
Exception code: 0xc000041d
Fault offset: 0x0000000000020be8
Faulting process id: 0x120c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (07/27/2014 03:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: sbei64.dll, version: 0.0.0.0, time stamp: 0x53159099
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x120c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (07/27/2014 03:32:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: sbei64.dll, version: 0.0.0.0, time stamp: 0x53159099
Exception code: 0xc000041d
Fault offset: 0x0000000000020be8
Faulting process id: 0x1798
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (07/27/2014 03:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x53180888
Faulting module name: sbei64.dll, version: 0.0.0.0, time stamp: 0x53159099
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x1798
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (07/27/2014 00:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2014 10:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/29/2014 01:57:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (07/29/2014 01:56:04 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (07/29/2014 01:55:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Qtel Mobile Broadband. OUC service failed to start due to the following error: 
%%1053
 
Error: (07/29/2014 01:55:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Qtel Mobile Broadband. OUC service to connect.
 
Error: (07/29/2014 01:54:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/29/2014 01:54:48 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/29/2014 01:54:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/29/2014 07:00:17 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/29/2014 06:55:47 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (07/29/2014 06:55:45 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
 
Microsoft Office Sessions:
=========================
Error: (07/29/2014 01:55:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/29/2014 04:22:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2014 03:35:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/27/2014 07:40:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/27/2014 03:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1704153180888sbei64.dll0.0.0.053159099c000041d0000000000020be8120c01cfa996d33ae96fC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll468234b0-158b-11e4-890a-e0ca9484cf92
 
Error: (07/27/2014 03:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1704153180888sbei64.dll0.0.0.053159099c00000050000000000020be8120c01cfa996d33ae96fC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll440dc968-158b-11e4-890a-e0ca9484cf92
 
Error: (07/27/2014 03:32:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1704153180888sbei64.dll0.0.0.053159099c000041d0000000000020be8179801cfa9958b45d65eC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll04b20587-158a-11e4-890a-e0ca9484cf92
 
Error: (07/27/2014 03:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1704153180888sbei64.dll0.0.0.053159099c00000050000000000020be8179801cfa9958b45d65eC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\SpeedBit\SBUpdate\sbei64.dll0295ad29-158a-11e4-890a-e0ca9484cf92
 
Error: (07/27/2014 00:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2014 10:02:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-17 19:17:20.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-17 19:17:20.470
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 05:29:22.200
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 05:29:21.997
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 04:27:19.353
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 04:27:19.227
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 04:01:54.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 04:01:54.491
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 03:23:14.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-12 03:23:14.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 


#9 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 July 2014 - 07:14 AM

Adware Cleaner LOGS:

 

# AdwCleaner v3.215 - Report created 17/07/2014 at 15:09:00
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Raed - QTEL
# Running from : C:\Users\Raed\Downloads\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
[#] Service Deleted : SystemkService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\VauDDix
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Addon Enabler
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\Linkey
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\SearchPredict
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\Universal Updater
Folder Deleted : C:\Program Files (x86)\Video Performer
Folder Deleted : C:\Program Files (x86)\VauDDix
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\fbwuser\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Raed\AppData\Local\41
Folder Deleted : C:\Users\Raed\AppData\Local\apn
Folder Deleted : C:\Users\Raed\AppData\Local\torch
Folder Deleted : C:\Users\Raed\AppData\Local\webplayer
Folder Deleted : C:\Users\Raed\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Raed\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Raed\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Raed\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Raed\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Raed\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Raed\AppData\Roaming\Settings Manager
Folder Deleted : C:\Users\Raed\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Raed\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb
Folder Deleted : C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
Folder Deleted : C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijcfgaoobhfoifkooedkdokopgbmcdjh
Folder Deleted : C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijcfgaoobhfoifkooedkdokopgbmcdjh
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijcfgaoobhfoifkooedkdokopgbmcdjh
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelkeckmfgjcelfagogfkfjkicmlhdnj
Folder Deleted : C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelkeckmfgjcelfagogfkfjkicmlhdnj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelkeckmfgjcelfagogfkfjkicmlhdnj
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
Folder Deleted : C:\Users\fbwuser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
File Deleted : C:\Users\Raed\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\Raed\Desktop\My Video Downloads.lnk
File Deleted : C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\invalidprefs.js
File Deleted : C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\searchplugins\bingp.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\default-search.xml
File Deleted : C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\searchplugins\speedbit.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\webssearches.xml
File Deleted : C:\Windows\System32\Tasks\DTReg
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Peachtree Knowledge Center.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_truecaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_truecaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
[ File : C:\Users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CE5D00FF384F5987&affID=128235&tsp=5219
Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1399338554&from=amt&uid=TOSHIBAXMK7575GSX_81UUC1X5TXX81UUC1X5T&q={searchTerms}
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=121&itype=a&ver=12692&tm=339&src=ds&p={searchTerms}
Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
Deleted [Extension] : djcpfkccckpeeghiklnhienllljccglb
Deleted [Extension] : ledcpigomgblcmofccnacobhmcdkpiea
 
*************************
 
AdwCleaner[R0].txt - [23122 octets] - [17/07/2014 15:07:44]
AdwCleaner[S0].txt - [21602 octets] - [17/07/2014 15:09:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21663 octets] ##########
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
 
# AdwCleaner v3.215 - Report created 17/07/2014 at 18:15:02
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Raed - QTEL
# Running from : C:\Users\Raed\Downloads\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Raed\Desktop\Sync Folder.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Raed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
Deleted [Search Provider] : hxxp://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [23122 octets] - [17/07/2014 15:07:44]
AdwCleaner[R1].txt - [1348 octets] - [17/07/2014 18:11:24]
AdwCleaner[S0].txt - [21836 octets] - [17/07/2014 15:09:00]
AdwCleaner[S1].txt - [1271 octets] - [17/07/2014 18:15:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1331 octets] ##########
 

Combfix Log:

 

ComboFix 14-07-17.03 - Raed 17/07/2014  19:10:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6126.3237 [GMT 3:00]
Running from: c:\users\Raed\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\fbwuser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\fbwuser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Raed\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\Cu7S3dkr.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aoeneobocohicglhbkhhalhbgkeodgkj\1.0\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nfampijongbmnkmkcgkcgcjkkcfdgbpo\1.3\NbgqBf.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\B4ZhmYYzBJs.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\background.html
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\content.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\lsdb.js
c:\users\Raed\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\104\manifest.json
c:\users\Raed\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Raed\Desktop\Adware-Removal-Tool-v3.9.1.exe
c:\users\Raed\Desktop\Internet Explorer.lnk
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 16:18 . 2014-07-17 16:18 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-07-17 16:18 . 2014-07-17 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 15:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB522A74-2B62-409D-BDF6-B18E0C9573FA}\mpengine.dll
2014-07-17 15:33 . 2014-07-17 15:33 -------- d-----w- c:\windows\LastGood
2014-07-17 13:33 . 2014-07-17 13:33 -------- d-----w- c:\program files (x86)\Anvisoft
2014-07-17 13:09 . 2014-07-17 13:11 -------- d-----w- c:\program files (x86)\GUMBA79.tmp
2014-07-17 13:09 . 2014-07-17 13:09 -------- d-----w- c:\users\Raed\AppData\Local\Apps
2014-07-17 13:09 . 2014-07-17 13:09 -------- d-----w- c:\users\Raed\AppData\Local\Deployment
2014-07-17 12:18 . 2014-07-17 12:18 -------- d-----w- c:\windows\ERUNT
2014-07-17 12:08 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-17 12:07 . 2014-07-17 15:15 -------- d-----w- C:\AdwCleaner
2014-07-17 11:17 . 2014-07-17 16:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-17 11:16 . 2014-07-17 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-17 11:16 . 2014-07-17 11:16 -------- d-----w- c:\programdata\Malwarebytes
2014-07-17 11:16 . 2014-05-12 04:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-17 11:16 . 2014-05-12 04:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-17 11:16 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-17 10:23 . 2014-07-17 10:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-17 10:22 . 2014-07-17 10:22 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-17 10:08 . 2014-07-17 14:52 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-07-17 10:08 . 2014-07-17 10:08 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-07-17 10:08 . 2014-07-17 10:08 -------- d-----w- c:\program files\Common Files\Microsoft
2014-07-17 08:50 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-15 12:51 . 2014-07-15 12:51 47408 ----a-w- c:\windows\system32\drivers\isis.sys
2014-07-14 16:13 . 2014-07-14 16:13 -------- d-----w- c:\program files (x86)\Isis
2014-07-11 08:49 . 2014-05-01 23:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12876EE4-D795-46F5-B26A-64F05B031362}\gapaengine.dll
2014-06-29 02:25 . 2014-06-29 02:25 -------- d-----w- c:\users\Raed\AppData\Local\Realmware
2014-06-29 02:24 . 2014-06-29 02:24 -------- d-----w- c:\program files\Realmware
2014-06-28 01:26 . 2012-01-18 13:15 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-06-20 03:02 . 2014-06-20 03:02 -------- d-----w- c:\users\Raed\AppData\Local\Origin
2014-06-20 03:00 . 2014-07-16 07:37 -------- d-----w- c:\programdata\Origin
2014-06-20 03:00 . 2014-07-15 23:43 -------- d-----w- c:\program files (x86)\Origin
2014-06-17 21:25 . 2014-07-03 20:55 -------- d-----w- c:\users\Raed\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 10:46 . 2012-03-30 10:17 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-17 10:46 . 2012-02-23 17:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-15 23:46 . 2012-02-24 12:34 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-15 23:46 . 2012-02-24 07:16 297088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-15 23:45 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-07-15 11:21 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex1
2014-07-04 01:21 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex2
2014-06-28 03:22 . 2012-02-24 07:16 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-06-26 14:40 . 2012-02-26 06:53 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-15 01:42 . 2012-02-24 07:16 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.ex3
2014-06-08 09:13 . 2014-06-12 00:53 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-08 09:08 . 2014-06-12 00:53 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-20 02:44 . 2014-06-15 19:42 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-06-15 19:42 52056 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2014-06-15 19:40 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-06-15 19:40 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-06-15 19:40 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-06-15 19:40 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2014-06-15 19:40 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-06-15 19:40 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-06-15 19:40 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-06-15 19:40 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-06-15 19:40 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-06-15 19:40 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-06-15 19:40 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-06-15 19:40 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-06-15 19:40 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-06-15 19:40 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-06-15 19:40 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-06-15 19:40 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-06-15 19:40 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-06-15 19:40 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-06-15 19:40 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-15 19:40 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-06-15 19:40 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-06-15 19:40 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-06-15 19:40 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-06-15 19:40 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-06-15 19:40 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-06-15 19:40 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-06-15 19:40 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2014-06-15 19:40 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 01:25 . 2014-06-15 19:42 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-06-15 19:42 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-06-15 19:42 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-06-15 19:42 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-06-15 19:42 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-06-15 19:42 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-06-15 19:43 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-05-14 23:49 . 2014-06-15 19:42 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-06 04:40 . 2014-05-14 00:51 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-06 04:17 . 2014-05-14 00:51 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-06 03:07 . 2014-05-14 00:51 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-06 03:00 . 2014-05-14 00:51 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-04 21:32 . 2013-09-27 05:13 66560 ----a-w- c:\windows\SysWow64\s2dtconv.dll
2014-05-04 21:32 . 2013-09-27 05:13 24576 ----a-w- c:\windows\SysWow64\Sbtrvd32.dll
2014-05-01 23:35 . 2013-04-23 21:26 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-28 11:44 . 2014-06-15 18:57 396480 ----a-w- c:\windows\system32\PsExec.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2014-03-08 11:03 442472 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2014-03-08 1517224]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-09-23 3125976]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2014-03-08 4110992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PeachtreePrefetcher.exe"="c:\progra~2\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-09-15 32768]
"Isis"="c:\program files (x86)\Isis\isis.exe" [2014-07-15 330544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Raed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Raed\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslffd4b1b8;MpKslffd4b1b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DAE782-43B8-4A08-85B6-2CD86AF035DB}\MpKslffd4b1b8.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9DAE782-43B8-4A08-85B6-2CD86AF035DB}\MpKslffd4b1b8.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [x]
R3 cpuz136;cpuz136;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R4 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
R4 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 isis;isis;c:\windows\system32\drivers\isis.sys;c:\windows\SYSNATIVE\drivers\isis.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SBUpd;SpeedBit Update;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe;c:\program files\Common Files\SpeedBit\SBUpdate\sbu.exe [x]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 SBUpdd;SpeedBit UpdateD;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys;c:\program files\Common Files\SpeedBit\SBUpdate\sbw.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-17 13:10 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:46]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Raed\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
TCP: Interfaces\{6E1BCF8B-B60D-4BEE-85AD-592E5A085652}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{94675EC1-C702-4674-8F47-73850309A46D}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{CC801F7F-0624-4BD9-9A59-71D1E5F1AF4E}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{E7C85074-F9EB-4051-9B3C-807E7AB9C73C}: NameServer = 212.77.192.59 212.77.192.60
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\
FF - ExtSQL: 2014-07-07 11:07; hd_streamer@iMedia; c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\hd_streamer@iMedia
FF - ExtSQL: !HIDDEN! 2014-05-06 04:09; quick_start@gmail.com; c:\users\Raed\AppData\Roaming\Mozilla\Firefox\Profiles\yutwlxea.default\extensions\quick_start@gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-17  19:21:16
ComboFix-quarantined-files.txt  2014-07-17 16:21
.
Pre-Run: 268,027,437,056 bytes free
Post-Run: 270,369,538,048 bytes free
.
- - End Of File - - D88B88C38D8A0CC7EF7F40EC70D3B0F9


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:11 PM

Posted 29 July 2014 - 09:08 AM

I couldn't find Junkware Removal Tool log; i may have deleted it, i didnt think you would need the log (please advice whether you need me to re-install the program and run it).

No problem. I just wanted to see what actions it may have taken in your machine but the current logs will suffice.


The other log requirements are enclosed herewith respectively in multiple posts ( i was unable to post in 1 post):

Multiple posts are both fine and recommended should you fail to post the logs in one reply. :)

Please copy FRST.exe to your Desktop. Also, always download or move the tools to your Desktop unless told otherwise.


PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

 
  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #3 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Java 6 Update 20
 
  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Task: {45C01C6B-DFFD-4661-A64E-67448C51D296} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
      Task: {4E070352-6FEA-4AC6-9631-74B97A9BEB15} - \DTReg No Task File <==== ATTENTION
      AlternateDataStreams: C:\ProgramData\TEMP:373E1720
      AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
      AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
      AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
      ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
      SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
      SearchScopes: HKLM-x32 - DefaultScope value is missing.
      SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
      SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://go.speedbit.com/search.aspx?s=E38b&q={searchTerms}
      Hosts: Hosts file not detected in the default directory
      S3 catchme; \??\C:\ComboFix\catchme.sys [X]
      Folder: c:\program files\Adware-Removal-Tool
      CMD: ipconfig /flusdns
      Reboot:
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Required Log(s):
    • FRST Log(s) --
      • FRST Fix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 July 2014 - 11:25 AM

Hi,
 
- I have copied and pasted the FRST.exe to my desktop; All the downloads are saved in Raed/downloads (thats the default of windows 7).
I have unistalled punkbuster as requested and shall re-install after we finish as i require this service to play battlefield3.
- I didnt unistall utorrent for the fact that i havent used this program for over a year and I'm completely aware of the risks of having such programs; I wouldnt use it now so dont worry about it.
- Java 6 update 20 is unistalled.
- Regarding step 4: I have opened a notepad, copied and pasted the above attached contents you posted in your reply inside the notepad, named the file fixlist.txt and saved the type as ALL FILES, saved it on desktop, Encoding is ANSI. please advice if this step is done properly and how the created file (fixlist.txt) will be used?
 
xx Couldnt post the fix log in this post; i'll try to post in the next post or attach it if its ok xx.


#12 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 July 2014 - 11:47 AM

The log is attached; tried several times to post!!!Attached File  Fixlog.txt   385.47KB   3 downloads



#13 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:11 PM

Posted 29 July 2014 - 12:09 PM

Can you perform another fix with FRST with the following script for Fixlist.txt. The procedure is the same as above. Just replace the Fixlist.txt with the following codes. Also, while performing the fix, make sure that you run FRST.exe as an administrator.
Start
c:\program files\Adware-Removal-Tool
Hosts:
CMD: ipconfig /flushdns
Reboot:
End

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#14 Sweiss

Sweiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 29 July 2014 - 12:30 PM

Done...

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Raed at 2014-07-29 20:25:43 Run:2
Running from C:\Users\Raed\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
c:\program files\Adware-Removal-Tool
Hosts:
CMD: ipconfig /flushdns
Reboot:
End
*****************
 
c:\program files\Adware-Removal-Tool => Moved successfully.
Could not reset Hosts.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:11 PM

Posted 30 July 2014 - 04:35 AM

  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users