Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tried anti-spywares and anti-malwares but the ads keep popping up


  • Please log in to reply
20 replies to this topic

#1 diyaa

diyaa

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 03 March 2015 - 07:29 PM

Hello, 

Its been over a month that ads were popping up on all my browsers and pc was slow, so I downloaded a number of anti malwares such as Malwarebytes Anti-malware, Spybot search and destroy, Adwcleaner and Hitman pro... they all found corrupted files and PUPs and fixed them too - but the thing is the browser x y z 'coupon' ads keep popping up in the browser and it runs slow. Even my pc runs slow at times. 

 

I have checked everything, control panel programs, services, startup items... on fixing and quarantining the files through anti-malwares the system starts working fine but each time when I turn on the pc it's like those bugs come back. So, the pc runs slow, I run anti malwares, clean them up, pc's working fine, I shutdown, turn it on again - and then the whole cycle repeats. These anti-malwares keep finding small files or tracks of the spyware but I am sick now. How can I put a stop to this once and for all ?



BC AdBot (Login to Remove)

 


#2 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 03 March 2015 - 07:30 PM

(I also delete random extensions from Chrome each time, but the next time another random extension pops up. This is crazy...)



#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 06 March 2015 - 03:55 PM

Hi diyaa

Let's get a better look at your system and see if we can determine the cause.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#4 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 March 2015 - 06:54 PM

Thanks for replying, here are the results:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Diyaa (administrator) on DIYAA-PC on 08-03-2015 04:45:13
Running from C:\Users\Diyaa\Downloads
Loaded Profiles: Diyaa (Available profiles: Diyaa & Farhan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Run: [Google Update] => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-11] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Run: [GoogleChromeAutoLaunch_2329B6963BF3F3890EF20A8DD9D7554E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\MountPoints2: {0f190beb-a594-11e4-bf86-60eb69b01b1a} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicyUsers\S-1-5-21-2873424350-1244858358-1215729984-1003\User: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB28D988-A0F3-42D9-A16D-C3F8E2B9F6F4}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @talk.google.com/O1DPlugin -> C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Diyaa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Diyaa\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-08-14]
FF HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Diyaa\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Diyaa\AppData\Roaming\IDM\idmmzcc5 [2014-12-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.shiachat.com/", "hxxp://www.hum.tv/schedule.php", "hxxp://tv.burrp.com/channel/star-movies/59/", "hxxp://tv.burrp.com/channel/hbo/8/", "hxxp://tv.burrp.com/channel/Star%20World/23/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (WhatsChrome) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2015-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (SimaurtCComparree) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf [2015-01-13]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-01-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18]
CHR Extension: (Picasa) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-01-18]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [756120 2013-08-08] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
U0 onjuxi; C:\Windows\System32\drivers\wktpfb.sys [79064 2015-03-08] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 04:45 - 2015-03-08 04:45 - 00018467 _____ () C:\Users\Diyaa\Downloads\FRST.txt
2015-03-08 04:44 - 2015-03-08 04:45 - 00000000 ____D () C:\FRST
2015-03-08 04:43 - 2015-03-08 04:43 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wktpfb.sys
2015-03-08 03:58 - 2015-03-08 04:00 - 02094592 _____ (Farbar) C:\Users\Diyaa\Downloads\FRST64.exe
2015-03-04 01:42 - 2015-01-09 08:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 01:42 - 2015-01-09 08:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 01:42 - 2015-01-09 08:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 01:42 - 2015-01-09 07:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 21:12 - 2015-03-03 06:02 - 00182696 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-27 07:31 - 2015-01-09 04:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-27 07:31 - 2015-01-09 04:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 01:39 - 2015-03-04 04:52 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\DMCache
2015-02-27 01:26 - 2015-02-27 01:26 - 00008319 _____ () C:\Users\Diyaa\Downloads\Night At The Museum Secret Of The Tomb (2014) [720p] YIFY - YTS.torrent
2015-02-23 07:48 - 2015-02-23 07:48 - 00001349 _____ () C:\Users\Diyaa\Desktop\adwcleaner.lnk
2015-02-23 07:32 - 2015-03-04 00:40 - 00000000 ____D () C:\AdwCleaner
2015-02-23 01:57 - 2015-02-23 01:57 - 05920981 _____ () C:\Users\Diyaa\Downloads\lal-masjid.mp4
2015-02-23 01:13 - 2015-02-23 01:13 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\VirtualStore
2015-02-23 00:17 - 2015-03-07 18:49 - 00000020 _____ () C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\PwrMgr
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieUserList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieSiteList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieBrowserModeList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\Macromedia
2015-02-22 06:40 - 2015-02-22 06:40 - 00111904 _____ () C:\Users\Farhan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Farhan\AppData\Local\Lenovo
2015-02-22 06:39 - 2015-02-22 06:39 - 00001417 _____ () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-22 06:39 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\Adobe
2015-02-22 06:39 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan\AppData\Local\VirtualStore
2015-02-22 06:38 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan
2015-02-22 06:38 - 2015-02-22 06:38 - 00417374 __RSH () C:\Users\Farhan\ntuser.pol
2015-02-22 06:38 - 2015-02-22 06:38 - 00000020 ___SH () C:\Users\Farhan\ntuser.ini
2015-02-22 06:38 - 2015-01-30 03:09 - 00000000 ____D () C:\Users\Farhan\AppData\Local\Microsoft Help
2015-02-22 06:38 - 2014-08-18 18:22 - 00002104 _____ () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-22 06:38 - 2009-07-14 09:54 - 00000000 ___RD () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-22 06:38 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-22 05:55 - 2015-02-22 05:55 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-22 05:55 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-02-22 04:43 - 2015-03-07 14:58 - 00000632 __RSH () C:\Users\Diyaa\ntuser.pol
2015-02-21 16:13 - 2015-02-27 05:08 - 00002250 _____ () C:\Users\Diyaa\Desktop\HitmanPro.lnk
2015-02-21 16:10 - 2015-02-21 16:10 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-21 16:04 - 2015-02-22 03:08 - 00006012 _____ () C:\Windows\system32\.crusader
2015-02-21 15:55 - 2015-02-21 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-17 20:02 - 2015-02-21 14:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-17 20:02 - 2015-02-18 04:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-17 20:02 - 2015-02-17 20:02 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-17 20:02 - 2015-02-17 20:02 - 00001383 _____ () C:\Users\Public\Desktop\Spybot.lnk
2015-02-17 20:02 - 2015-02-17 20:02 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-17 20:02 - 2015-02-17 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-17 20:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-17 19:25 - 2015-02-17 19:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Diyaa\spybot-2.4.exe
2015-02-17 19:05 - 2015-01-23 09:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 19:05 - 2015-01-23 09:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 19:05 - 2015-01-23 08:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 19:05 - 2015-01-23 08:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 23:29 - 2015-01-14 10:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 23:29 - 2015-01-14 10:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 23:29 - 2015-01-12 08:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 23:29 - 2015-01-12 08:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 23:29 - 2015-01-12 07:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 23:29 - 2015-01-12 07:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 23:29 - 2015-01-12 07:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 23:29 - 2015-01-12 07:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 23:29 - 2015-01-12 07:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 23:29 - 2015-01-12 07:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 23:29 - 2015-01-12 07:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 23:29 - 2015-01-12 07:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 23:29 - 2015-01-12 07:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 23:29 - 2015-01-12 07:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 23:29 - 2015-01-12 07:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 23:29 - 2015-01-12 07:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 23:29 - 2015-01-12 07:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 23:29 - 2015-01-12 07:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 23:29 - 2015-01-12 07:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 23:29 - 2015-01-12 06:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 23:29 - 2015-01-12 06:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 23:29 - 2015-01-12 06:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 23:29 - 2015-01-12 06:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 23:29 - 2015-01-12 06:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 23:29 - 2015-01-12 06:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 23:29 - 2015-01-12 06:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 23:29 - 2015-01-12 06:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 23:29 - 2015-01-12 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 23:29 - 2015-01-12 06:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 23:29 - 2015-01-12 06:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 23:29 - 2015-01-12 06:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 23:29 - 2015-01-12 06:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 23:29 - 2015-01-12 06:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 23:29 - 2015-01-12 06:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 23:29 - 2015-01-12 05:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 23:29 - 2015-01-12 05:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 23:28 - 2015-01-12 08:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 23:28 - 2015-01-12 07:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 23:28 - 2015-01-12 07:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 23:28 - 2015-01-12 07:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 23:28 - 2015-01-12 07:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 23:28 - 2015-01-12 07:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 23:28 - 2015-01-12 07:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 23:28 - 2015-01-12 07:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 23:28 - 2015-01-12 07:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 23:28 - 2015-01-12 07:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 23:28 - 2015-01-12 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 23:28 - 2015-01-12 06:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 23:28 - 2015-01-12 06:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 23:28 - 2015-01-12 06:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 23:28 - 2015-01-12 06:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 23:28 - 2015-01-12 06:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 23:27 - 2015-01-15 13:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 23:27 - 2015-01-15 09:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 23:26 - 2015-01-15 13:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 23:26 - 2015-01-15 13:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 23:26 - 2015-01-15 13:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 23:26 - 2015-01-15 13:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 23:26 - 2015-01-15 13:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 23:26 - 2015-01-15 13:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 23:26 - 2015-01-15 13:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-15 23:26 - 2015-01-15 13:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 23:26 - 2015-01-15 13:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-15 23:26 - 2015-01-15 13:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 23:26 - 2015-01-15 12:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-15 23:26 - 2015-01-15 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 23:26 - 2015-01-15 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-15 23:26 - 2015-01-15 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 23:26 - 2015-01-15 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-15 23:26 - 2015-01-15 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-15 22:59 - 2015-01-13 08:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 22:59 - 2015-01-13 07:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 22:55 - 2014-12-12 10:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-15 22:55 - 2014-12-12 10:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-15 22:55 - 2014-07-07 07:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-15 22:55 - 2014-07-07 07:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-15 22:55 - 2014-07-07 06:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-15 22:55 - 2014-07-07 06:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-15 22:50 - 2014-11-26 08:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 22:50 - 2014-11-26 08:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 22:33 - 2014-12-08 08:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 22:33 - 2014-12-08 07:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 22:24 - 2015-01-14 11:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 22:24 - 2015-01-14 11:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-15 22:24 - 2015-01-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-15 22:24 - 2015-01-14 11:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-15 22:24 - 2015-01-14 10:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-15 22:24 - 2015-01-14 10:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-15 22:24 - 2015-01-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-15 22:18 - 2015-01-09 07:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 04:42 - 2014-08-18 19:49 - 00000000 ____D () C:\Windows\en
2015-03-08 04:02 - 2014-09-11 02:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA.job
2015-03-08 03:55 - 2014-08-01 22:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 03:53 - 2014-09-11 02:40 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core.job
2015-03-08 03:53 - 2014-08-01 22:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 03:49 - 2014-09-20 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 03:40 - 2015-01-29 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 03:39 - 2014-08-02 10:15 - 01185570 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 03:39 - 2009-07-14 09:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 03:39 - 2009-07-14 09:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:58 - 2014-08-01 22:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-07 16:24 - 2015-01-29 20:40 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Diyaa-PC-Diyaa Diyaa-PC
2015-03-07 14:58 - 2014-11-21 20:14 - 00000468 ____H () C:\Windows\Tasks\Sustainer-S-324994261.job
2015-03-07 14:58 - 2014-08-01 22:23 - 00000000 ____D () C:\Users\Diyaa
2015-03-06 18:02 - 2015-01-30 04:39 - 00002576 _____ () C:\Windows\setupact.log
2015-03-06 18:02 - 2009-07-14 10:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 14:49 - 2014-08-05 09:45 - 00000000 ____D () C:\Users\Diyaa\Desktop\diyaa110
2015-03-04 19:37 - 2014-08-05 12:28 - 00000000 ___RD () C:\Users\Diyaa\Dropbox
2015-03-04 19:11 - 2014-08-05 12:21 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Dropbox
2015-03-04 19:10 - 2014-08-05 12:28 - 00001017 _____ () C:\Users\Diyaa\Desktop\Dropbox.lnk
2015-03-04 19:10 - 2014-08-05 12:27 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-04 04:53 - 2014-12-25 02:38 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-04 04:53 - 2010-11-21 08:47 - 00088266 _____ () C:\Windows\PFRO.log
2015-03-04 04:53 - 2009-07-14 10:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 04:51 - 2014-12-25 02:38 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\IDM
2015-03-04 04:18 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\tracing
2015-02-28 02:06 - 2009-07-14 10:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 07:30 - 2014-08-08 19:41 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\uTorrent
2015-02-27 07:30 - 2014-08-04 06:47 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\vlc
2015-02-27 05:08 - 2015-01-29 20:12 - 00002010 _____ () C:\Users\Public\Desktop\MBAM.lnk
2015-02-24 03:17 - 2010-11-21 08:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 07:15 - 2014-08-21 16:39 - 00000000 ___RD () C:\2b0278bdbbbffe6b7252715e
2015-02-23 03:34 - 2014-12-25 02:38 - 00000000 ____D () C:\Users\Diyaa\Downloads\Compressed
2015-02-22 05:56 - 2014-08-18 18:20 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\Windows Live
2015-02-22 05:55 - 2014-08-18 19:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-22 05:55 - 2014-08-18 19:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-22 05:52 - 2014-08-01 23:00 - 00029080 _____ () C:\Windows\DirectX.log
2015-02-22 04:43 - 2009-07-14 08:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-22 03:44 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-22 03:15 - 2014-08-01 22:24 - 00001417 _____ () C:\Users\Diyaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-22 01:28 - 2015-01-29 19:32 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\SmartView2
2015-02-21 14:23 - 2015-01-30 22:42 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Skype
2015-02-18 17:16 - 2015-01-28 00:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-18 17:15 - 2015-01-28 00:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 14:21 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\rescache
2015-02-18 04:52 - 2009-07-14 07:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-17 18:28 - 2009-07-14 09:45 - 00434888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 18:25 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-16 03:12 - 2014-10-11 21:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 03:05 - 2014-10-11 21:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 19:58 - 2009-07-14 10:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-15 02:57 - 2014-09-11 02:40 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA
2015-02-15 02:57 - 2014-09-11 02:40 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core
2015-02-15 02:50 - 2014-08-01 22:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 02:49 - 2014-08-01 22:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 20:04 - 2014-10-29 12:42 - 00030359 _____ () C:\Users\Diyaa\Desktop\sc.txt
2015-02-06 16:51 - 2014-09-20 13:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 16:50 - 2014-09-20 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 16:50 - 2014-09-20 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-02-23 00:17 - 2015-03-07 18:49 - 0000020 _____ () C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
 
Files to move or delete:
====================
C:\Users\Diyaa\spybot-2.4.exe
 
 
Some content of TEMP:
====================
C:\Users\Diyaa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshw_pv.dll
C:\Users\Diyaa\AppData\Local\Temp\Quarantine.exe
C:\Users\Diyaa\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-07 16:06
 
==================== End Of Log ============================

Addition.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Diyaa (administrator) on DIYAA-PC on 08-03-2015 04:45:13
Running from C:\Users\Diyaa\Downloads
Loaded Profiles: Diyaa (Available profiles: Diyaa & Farhan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Run: [Google Update] => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-11] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Run: [GoogleChromeAutoLaunch_2329B6963BF3F3890EF20A8DD9D7554E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.)
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\MountPoints2: {0f190beb-a594-11e4-bf86-60eb69b01b1a} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicyUsers\S-1-5-21-2873424350-1244858358-1215729984-1003\User: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB28D988-A0F3-42D9-A16D-C3F8E2B9F6F4}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @talk.google.com/O1DPlugin -> C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2873424350-1244858358-1215729984-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Diyaa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Diyaa\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2014-08-14]
FF HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Diyaa\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Diyaa\AppData\Roaming\IDM\idmmzcc5 [2014-12-25]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.shiachat.com/", "hxxp://www.hum.tv/schedule.php", "hxxp://tv.burrp.com/channel/star-movies/59/", "hxxp://tv.burrp.com/channel/hbo/8/", "hxxp://tv.burrp.com/channel/Star%20World/23/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (WhatsChrome) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2015-02-21]
CHR Extension: (Adblock Plus) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-17]
CHR Extension: (SimaurtCComparree) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf [2015-01-13]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-01-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (Google Wallet) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18]
CHR Extension: (Picasa) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-01-18]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-03-02]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2014-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [756120 2013-08-08] (Tunngle.net GmbH) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
U0 onjuxi; C:\Windows\System32\drivers\wktpfb.sys [79064 2015-03-08] (Malwarebytes Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 04:45 - 2015-03-08 04:45 - 00018467 _____ () C:\Users\Diyaa\Downloads\FRST.txt
2015-03-08 04:44 - 2015-03-08 04:45 - 00000000 ____D () C:\FRST
2015-03-08 04:43 - 2015-03-08 04:43 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wktpfb.sys
2015-03-08 03:58 - 2015-03-08 04:00 - 02094592 _____ (Farbar) C:\Users\Diyaa\Downloads\FRST64.exe
2015-03-04 01:42 - 2015-01-09 08:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 01:42 - 2015-01-09 08:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 01:42 - 2015-01-09 08:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 01:42 - 2015-01-09 07:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 21:12 - 2015-03-03 06:02 - 00182696 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-27 07:31 - 2015-01-09 04:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-27 07:31 - 2015-01-09 04:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 01:39 - 2015-03-04 04:52 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\DMCache
2015-02-27 01:26 - 2015-02-27 01:26 - 00008319 _____ () C:\Users\Diyaa\Downloads\Night At The Museum Secret Of The Tomb (2014) [720p] YIFY - YTS.torrent
2015-02-23 07:48 - 2015-02-23 07:48 - 00001349 _____ () C:\Users\Diyaa\Desktop\adwcleaner.lnk
2015-02-23 07:32 - 2015-03-04 00:40 - 00000000 ____D () C:\AdwCleaner
2015-02-23 01:57 - 2015-02-23 01:57 - 05920981 _____ () C:\Users\Diyaa\Downloads\lal-masjid.mp4
2015-02-23 01:13 - 2015-02-23 01:13 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\VirtualStore
2015-02-23 00:17 - 2015-03-07 18:49 - 00000020 _____ () C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
2015-02-22 07:23 - 2015-02-22 07:23 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\PwrMgr
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieUserList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieSiteList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 __SHD () C:\Users\Farhan\AppData\Local\EmieBrowserModeList
2015-02-22 06:41 - 2015-02-22 06:41 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\Macromedia
2015-02-22 06:40 - 2015-02-22 06:40 - 00111904 _____ () C:\Users\Farhan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Farhan\AppData\Local\Lenovo
2015-02-22 06:39 - 2015-02-22 06:39 - 00001417 _____ () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-22 06:39 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan\AppData\Roaming\Adobe
2015-02-22 06:39 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan\AppData\Local\VirtualStore
2015-02-22 06:38 - 2015-02-22 06:39 - 00000000 ____D () C:\Users\Farhan
2015-02-22 06:38 - 2015-02-22 06:38 - 00417374 __RSH () C:\Users\Farhan\ntuser.pol
2015-02-22 06:38 - 2015-02-22 06:38 - 00000020 ___SH () C:\Users\Farhan\ntuser.ini
2015-02-22 06:38 - 2015-01-30 03:09 - 00000000 ____D () C:\Users\Farhan\AppData\Local\Microsoft Help
2015-02-22 06:38 - 2014-08-18 18:22 - 00002104 _____ () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-22 06:38 - 2009-07-14 09:54 - 00000000 ___RD () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-22 06:38 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Farhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-22 05:55 - 2015-02-22 05:55 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-22 05:55 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-02-22 04:43 - 2015-03-07 14:58 - 00000632 __RSH () C:\Users\Diyaa\ntuser.pol
2015-02-21 16:13 - 2015-02-27 05:08 - 00002250 _____ () C:\Users\Diyaa\Desktop\HitmanPro.lnk
2015-02-21 16:10 - 2015-02-21 16:10 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-21 16:04 - 2015-02-22 03:08 - 00006012 _____ () C:\Windows\system32\.crusader
2015-02-21 15:55 - 2015-02-21 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-17 20:02 - 2015-02-21 14:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-17 20:02 - 2015-02-18 04:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-17 20:02 - 2015-02-17 20:02 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-17 20:02 - 2015-02-17 20:02 - 00001383 _____ () C:\Users\Public\Desktop\Spybot.lnk
2015-02-17 20:02 - 2015-02-17 20:02 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-17 20:02 - 2015-02-17 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-17 20:02 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-17 19:25 - 2015-02-17 19:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Diyaa\spybot-2.4.exe
2015-02-17 19:05 - 2015-01-23 09:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 19:05 - 2015-01-23 09:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 19:05 - 2015-01-23 08:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 19:05 - 2015-01-23 08:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 23:29 - 2015-01-14 10:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 23:29 - 2015-01-14 10:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 23:29 - 2015-01-12 08:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 23:29 - 2015-01-12 08:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-15 23:29 - 2015-01-12 07:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-15 23:29 - 2015-01-12 07:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 23:29 - 2015-01-12 07:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-15 23:29 - 2015-01-12 07:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-15 23:29 - 2015-01-12 07:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-15 23:29 - 2015-01-12 07:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 23:29 - 2015-01-12 07:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-15 23:29 - 2015-01-12 07:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 23:29 - 2015-01-12 07:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-15 23:29 - 2015-01-12 07:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-15 23:29 - 2015-01-12 07:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-15 23:29 - 2015-01-12 07:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 23:29 - 2015-01-12 07:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 23:29 - 2015-01-12 07:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 23:29 - 2015-01-12 07:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 23:29 - 2015-01-12 06:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-15 23:29 - 2015-01-12 06:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 23:29 - 2015-01-12 06:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 23:29 - 2015-01-12 06:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 23:29 - 2015-01-12 06:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 23:29 - 2015-01-12 06:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 23:29 - 2015-01-12 06:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 23:29 - 2015-01-12 06:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-15 23:29 - 2015-01-12 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 23:29 - 2015-01-12 06:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 23:29 - 2015-01-12 06:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 23:29 - 2015-01-12 06:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 23:29 - 2015-01-12 06:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 23:29 - 2015-01-12 06:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 23:29 - 2015-01-12 06:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 23:29 - 2015-01-12 05:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 23:29 - 2015-01-12 05:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 23:28 - 2015-01-12 08:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 23:28 - 2015-01-12 07:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 23:28 - 2015-01-12 07:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 23:28 - 2015-01-12 07:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 23:28 - 2015-01-12 07:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 23:28 - 2015-01-12 07:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 23:28 - 2015-01-12 07:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 23:28 - 2015-01-12 07:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 23:28 - 2015-01-12 07:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-15 23:28 - 2015-01-12 07:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 23:28 - 2015-01-12 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-15 23:28 - 2015-01-12 06:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 23:28 - 2015-01-12 06:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-15 23:28 - 2015-01-12 06:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 23:28 - 2015-01-12 06:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-15 23:28 - 2015-01-12 06:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 23:27 - 2015-01-15 13:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 23:27 - 2015-01-15 09:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 23:26 - 2015-01-15 13:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 23:26 - 2015-01-15 13:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 23:26 - 2015-01-15 13:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 23:26 - 2015-01-15 13:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 23:26 - 2015-01-15 13:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 23:26 - 2015-01-15 13:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 23:26 - 2015-01-15 13:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-15 23:26 - 2015-01-15 13:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 23:26 - 2015-01-15 13:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-15 23:26 - 2015-01-15 13:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 23:26 - 2015-01-15 12:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-15 23:26 - 2015-01-15 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 23:26 - 2015-01-15 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-15 23:26 - 2015-01-15 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 23:26 - 2015-01-15 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-15 23:26 - 2015-01-15 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 23:19 - 2015-01-10 11:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-15 23:19 - 2015-01-10 11:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-15 22:59 - 2015-01-13 08:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 22:59 - 2015-01-13 07:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 22:55 - 2014-12-12 10:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-15 22:55 - 2014-12-12 10:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-15 22:55 - 2014-07-07 07:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-15 22:55 - 2014-07-07 07:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-15 22:55 - 2014-07-07 06:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-15 22:55 - 2014-07-07 06:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-15 22:50 - 2014-11-26 08:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 22:50 - 2014-11-26 08:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 22:33 - 2014-12-08 08:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 22:33 - 2014-12-08 07:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 22:24 - 2015-01-14 11:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 22:24 - 2015-01-14 11:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-15 22:24 - 2015-01-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-15 22:24 - 2015-01-14 11:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-15 22:24 - 2015-01-14 10:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-15 22:24 - 2015-01-14 10:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-15 22:24 - 2015-01-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-15 22:18 - 2015-01-09 07:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 04:42 - 2014-08-18 19:49 - 00000000 ____D () C:\Windows\en
2015-03-08 04:02 - 2014-09-11 02:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA.job
2015-03-08 03:55 - 2014-08-01 22:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 03:53 - 2014-09-11 02:40 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core.job
2015-03-08 03:53 - 2014-08-01 22:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 03:49 - 2014-09-20 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 03:40 - 2015-01-29 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 03:39 - 2014-08-02 10:15 - 01185570 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 03:39 - 2009-07-14 09:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 03:39 - 2009-07-14 09:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:58 - 2014-08-01 22:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-07 16:24 - 2015-01-29 20:40 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Diyaa-PC-Diyaa Diyaa-PC
2015-03-07 14:58 - 2014-11-21 20:14 - 00000468 ____H () C:\Windows\Tasks\Sustainer-S-324994261.job
2015-03-07 14:58 - 2014-08-01 22:23 - 00000000 ____D () C:\Users\Diyaa
2015-03-06 18:02 - 2015-01-30 04:39 - 00002576 _____ () C:\Windows\setupact.log
2015-03-06 18:02 - 2009-07-14 10:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 14:49 - 2014-08-05 09:45 - 00000000 ____D () C:\Users\Diyaa\Desktop\diyaa110
2015-03-04 19:37 - 2014-08-05 12:28 - 00000000 ___RD () C:\Users\Diyaa\Dropbox
2015-03-04 19:11 - 2014-08-05 12:21 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Dropbox
2015-03-04 19:10 - 2014-08-05 12:28 - 00001017 _____ () C:\Users\Diyaa\Desktop\Dropbox.lnk
2015-03-04 19:10 - 2014-08-05 12:27 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-04 04:53 - 2014-12-25 02:38 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-04 04:53 - 2010-11-21 08:47 - 00088266 _____ () C:\Windows\PFRO.log
2015-03-04 04:53 - 2009-07-14 10:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 04:51 - 2014-12-25 02:38 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\IDM
2015-03-04 04:18 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\tracing
2015-02-28 02:06 - 2009-07-14 10:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 07:30 - 2014-08-08 19:41 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\uTorrent
2015-02-27 07:30 - 2014-08-04 06:47 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\vlc
2015-02-27 05:08 - 2015-01-29 20:12 - 00002010 _____ () C:\Users\Public\Desktop\MBAM.lnk
2015-02-24 03:17 - 2010-11-21 08:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 07:15 - 2014-08-21 16:39 - 00000000 ___RD () C:\2b0278bdbbbffe6b7252715e
2015-02-23 03:34 - 2014-12-25 02:38 - 00000000 ____D () C:\Users\Diyaa\Downloads\Compressed
2015-02-22 05:56 - 2014-08-18 18:20 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\Windows Live
2015-02-22 05:55 - 2014-08-18 19:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-22 05:55 - 2014-08-18 19:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-22 05:52 - 2014-08-01 23:00 - 00029080 _____ () C:\Windows\DirectX.log
2015-02-22 04:43 - 2009-07-14 08:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-22 03:44 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-02-22 03:15 - 2014-08-01 22:24 - 00001417 _____ () C:\Users\Diyaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-22 01:28 - 2015-01-29 19:32 - 00000000 ____D () C:\Users\Diyaa\AppData\Local\SmartView2
2015-02-21 14:23 - 2015-01-30 22:42 - 00000000 ____D () C:\Users\Diyaa\AppData\Roaming\Skype
2015-02-18 17:16 - 2015-01-28 00:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-18 17:15 - 2015-01-28 00:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 14:21 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\rescache
2015-02-18 04:52 - 2009-07-14 07:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-17 18:28 - 2009-07-14 09:45 - 00434888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-17 18:25 - 2009-07-14 08:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-16 03:12 - 2014-10-11 21:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 03:05 - 2014-10-11 21:28 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-15 19:58 - 2009-07-14 10:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-15 02:57 - 2014-09-11 02:40 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA
2015-02-15 02:57 - 2014-09-11 02:40 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core
2015-02-15 02:50 - 2014-08-01 22:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-15 02:49 - 2014-08-01 22:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 20:04 - 2014-10-29 12:42 - 00030359 _____ () C:\Users\Diyaa\Desktop\sc.txt
2015-02-06 16:51 - 2014-09-20 13:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 16:50 - 2014-09-20 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 16:50 - 2014-09-20 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-02-23 00:17 - 2015-03-07 18:49 - 0000020 _____ () C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
 
Files to move or delete:
====================
C:\Users\Diyaa\spybot-2.4.exe
 
 
Some content of TEMP:
====================
C:\Users\Diyaa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshw_pv.dll
C:\Users\Diyaa\AppData\Local\Temp\Quarantine.exe
C:\Users\Diyaa\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-07 16:06
 

 

==================== End Of Log ============================


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 07 March 2015 - 08:26 PM

Hi diyaa

Unfortunately you posted the FRST.txt twice.
I still need the addition.txt to complete the first fix.
Please take a look here:

Running from C:\Users\Diyaa\Downloads

The addition.txt should be there, please post it in your next reply.

Thanks

BBPP6nz.png


#6 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 08 March 2015 - 11:34 AM

ooopss!!! I wasted so much space pasting that twice  :blink: ...

 

here is Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Diyaa at 2015-03-08 04:46:12
Running from C:\Users\Diyaa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Canon MP Navigator 3.1 (HKLM-x32\...\MP Navigator 3.1) (Version:  - )
Canon MP140 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series) (Version:  - )
Command & Conquer - Red Alert 2 -WiReD- (remove only) (HKLM-x32\...\{D9C0A513-2CE3-444B-A401-A545020E942E}) (Version:  - )
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.3 - Lenovo Group Limited)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-02-2015 04:25:44 Windows Update
18-02-2015 17:12:54 Windows Update
21-02-2015 16:03:24 Checkpoint by HitmanPro
21-02-2015 16:04:33 Checkpoint by HitmanPro
22-02-2015 03:08:03 Checkpoint by HitmanPro
22-02-2015 05:50:18 Windows Live Essentials
22-02-2015 05:51:07 Installed DirectX
22-02-2015 05:52:08 Installed DirectX
22-02-2015 05:53:03 Installed DirectX
22-02-2015 05:54:50 WLSetup
24-02-2015 18:08:17 Windows Update
27-02-2015 07:31:21 Windows Update
03-03-2015 23:14:30 Windows Update
04-03-2015 03:00:13 Windows Update
07-03-2015 20:42:06 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 02:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04FE9479-CB33-4004-8760-8392A7FC6977} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {082CF46A-7690-44CD-B302-A4F48C955D25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1A0263F8-1436-46B7-877C-FA918837F99F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {1D8E50D2-1743-43FA-AF13-0595C2B149B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-01] (Google Inc.)
Task: {272CE8EF-1331-44B7-B197-9AC7F94DDC7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-01] (Google Inc.)
Task: {789AA194-6285-4096-B29F-77771AE35C62} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-09-10] (Lenovo Group Limited)
Task: {7E787AA8-614C-40DA-9BBB-94907D5E6649} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Diyaa-PC-Diyaa Diyaa-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-01-21] (Microsoft Corporation)
Task: {B812A890-E77A-4BCE-B670-2D61B9703743} - System32\Tasks\Sustainer-S-324994261 => c:\programdata\trusted publisher\sustainer\Sustainer.exe <==== ATTENTION
Task: {BB278F37-CB8E-4BD9-BFF9-0F8EA8560982} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-11] (Google Inc.)
Task: {BF224A66-DE69-48F9-A128-442F159A420A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C1845108-0D8B-4518-95A3-36C71880D4E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CC11F7C1-6371-4680-8C5C-1741FABF93E0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {EBF7D2AD-BC9D-4339-A403-A59EBA679AA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {F566D280-BF16-48B1-864E-84B9A132A905} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core.job => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA.job => C:\Users\Diyaa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Sustainer-S-324994261.job => c:\programdata\trusted publisher\sustainer\Sustainer.exeN/schedule /profile c:\programdata\trusted publisher\sustainer\324994261.ini <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-22 04:03 - 2014-09-10 06:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-17 20:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-17 20:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-17 20:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-07 18:57 - 2015-02-28 06:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-07 18:57 - 2015-02-28 06:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-07 18:57 - 2015-02-28 06:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
2015-03-07 18:57 - 2015-02-28 06:56 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Diyaa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 57e40902 => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^Users^Diyaa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoogleChromeAutoLaunch_2329B6963BF3F3890EF20A8DD9D7554E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
MSCONFIG\startupreg: YouCam Service6 => "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2873424350-1244858358-1215729984-500 - Administrator - Disabled)
Diyaa (S-1-5-21-2873424350-1244858358-1215729984-1000 - Administrator - Enabled) => C:\Users\Diyaa
Farhan (S-1-5-21-2873424350-1244858358-1215729984-1003 - Limited - Enabled) => C:\Users\Farhan
Guest (S-1-5-21-2873424350-1244858358-1215729984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2873424350-1244858358-1215729984-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2015 04:39:19 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 11:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 10:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 09:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 08:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 07:43:04 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 06:43:01 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 05:42:52 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 04:28:35 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (03/07/2015 03:31:00 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (03/07/2015 07:20:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (03/07/2015 03:31:00 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (03/07/2015 02:57:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/06/2015 03:22:38 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0412079B-B86A-4AD9-B4CC-3030A44FF0CF} because another computer on the network has the same name.  The server could not start.
 
Error: (03/04/2015 11:06:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:05:04 PM on ‎3/‎4/‎2015 was unexpected.
 
Error: (03/04/2015 11:01:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
 
Error: (03/04/2015 11:01:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
 
Error: (03/04/2015 11:01:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (03/04/2015 11:00:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {80E4B5A5-677B-4483-9E61-7F9644D66C2B}
 
Error: (03/04/2015 11:00:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
 
Microsoft Office Sessions:
=========================
Error: (03/08/2015 04:39:19 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 11:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 10:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 09:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 08:43:02 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 07:43:04 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 06:43:01 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 05:42:52 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 04:28:35 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (03/07/2015 03:31:00 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 63%
Total physical RAM: 1908.55 MB
Available physical RAM: 701.79 MB
Total Pagefile: 4058.1 MB
Available Pagefile: 1628.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:228.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F8C11040)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 08 March 2015 - 12:33 PM

Hi diyaa

ooopss!!! I wasted so much space pasting that twice

You'd be surprised how often that happens. :)

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1

Recommendation.
We stopped recommending Spybot Search and Destroy quite awhile ago due to poor detection rates.
I recommend you uninstall the program.


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Diyaa\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


Step 3
You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.


In your next reply, please submit:
Fixlog.txt
Also let me know which Anti Virus you installed.

Thanks.

Attached Files


BBPP6nz.png


#8 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 March 2015 - 03:45 PM

:) Thankyou for the advice. I find that antivirus itself slows down the pc so I try to do without them. 

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Diyaa at 2015-03-12 01:25:45 Run:1
Running from C:\Users\Diyaa\Downloads
Loaded Profiles: Diyaa (Available profiles: Diyaa & Farhan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\...\MountPoints2: {0f190beb-a594-11e4-bf86-60eb69b01b1a} - F:\AutoRun.exe
GroupPolicyUsers\S-1-5-21-2873424350-1244858358-1215729984-1003\User: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (WhatsChrome) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2015-02-21]
CHR Extension: (SimaurtCComparree) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf [2015-01-13]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-01-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-07 14:58 - 2014-11-21 20:14 - 00000468 ____H () C:\Windows\Tasks\Sustainer-S-324994261.job
C:\Users\Diyaa\spybot-2.4.exe
C:\Users\Diyaa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshw_pv.dll
C:\Users\Diyaa\AppData\Local\Temp\Quarantine.exe
C:\Users\Diyaa\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Diyaa\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {B812A890-E77A-4BCE-B670-2D61B9703743} - System32\Tasks\Sustainer-S-324994261 => c:\programdata\trusted publisher\sustainer\Sustainer.exe <==== ATTENTION
Task: C:\Windows\Tasks\Sustainer-S-324994261.job => c:\programdata\trusted publisher\sustainer\Sustainer.exeN/schedule /profile c:\programdata\trusted publisher\sustainer\324994261.ini <==== ATTENTION
c:\programdata\trusted publisher\sustainer
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKU\S-1-5-21-2873424350-1244858358-1215729984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f190beb-a594-11e4-bf86-60eb69b01b1a}" => Key deleted successfully.
HKCR\CLSID\{0f190beb-a594-11e4-bf86-60eb69b01b1a} => Key not found. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2873424350-1244858358-1215729984-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan => Moved successfully.
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf => Moved successfully.
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki => Moved successfully.
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
IntcAzAudAddService => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\Tasks\Sustainer-S-324994261.job => Moved successfully.
C:\Users\Diyaa\spybot-2.4.exe => Moved successfully.
C:\Users\Diyaa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpshw_pv.dll => Moved successfully.
C:\Users\Diyaa\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Diyaa\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2873424350-1244858358-1215729984-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B812A890-E77A-4BCE-B670-2D61B9703743}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B812A890-E77A-4BCE-B670-2D61B9703743}" => Key deleted successfully.
C:\Windows\System32\Tasks\Sustainer-S-324994261 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sustainer-S-324994261" => Key deleted successfully.
C:\Windows\Tasks\Sustainer-S-324994261.job not found.
"c:\programdata\trusted publisher\sustainer" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 413.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 01:26:21 ====
 
did it work ?


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 11 March 2015 - 05:58 PM

Hi diyaa
 

did it work ?

If you are referring to the fix I gave.... yes the fix worked.
But only you can tell me if you are still experiencing this:

but the thing is the browser x y z 'coupon' ads keep popping up in the browser and it runs slow. Even my pc runs slow at times.


There are a few other things I'd like to address, but we'll need a different set of reports for that.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
  • Under the Extra Registry section, make sure that Use SafeList is selected.
  • .

    .
    Otllatest.png

    Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      scan-fix.png
      .
    • Click the Run Scan button.

      runscan.png
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
    Thanks

BBPP6nz.png


#10 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 12 March 2015 - 03:44 PM

I didn't get a 'coupon' ad today... looks like it worked  :thumbsup:

 

OTL.txt:

 

OTL logfile created on: 3/13/2015 12:45:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Diyaa\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 70.46% Memory free
3.73 Gb Paging File | 2.65 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 226.25 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
 
Computer Name: DIYAA-PC | User Name: Diyaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Diyaa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv.sys (Visicom Media Inc.)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (Visicom Media Inc.)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (clwvd6) -- C:\Windows\SysNative\drivers\clwvd6.sys (CyberLink Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Diyaa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Diyaa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files (x86)\WordWeb\WCaptureMoz [2014/08/14 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Diyaa\AppData\Roaming\IDM\idmmzcc5 [2014/12/25 02:38:51 | 000,000,000 | ---D | M]
 
[2014/05/21 12:23:56 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2015/03/12 01:25:52 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_2329B6963BF3F3890EF20A8DD9D7554E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB28D988-A0F3-42D9-A16D-C3F8E2B9F6F4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB28D988-A0F3-42D9-A16D-C3F8E2B9F6F4}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Diyaa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Diyaa\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: GoogleChromeAutoLaunch_2329B6963BF3F3890EF20A8DD9D7554E - hkey= - key= - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
MsConfig:64bit - StartUpReg: IDMan - hkey= - key= - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SDTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: WordWeb - hkey= - key= - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
MsConfig:64bit - StartUpReg: YouCam Service6 - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/03/12 00:32:54 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/03/12 00:32:54 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/03/12 00:32:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/03/12 00:32:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/03/12 00:32:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/03/12 00:32:54 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/03/12 00:32:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/03/12 00:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/03/12 00:28:08 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2015/03/12 00:28:08 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2015/03/12 00:28:08 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2015/03/12 00:28:07 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2015/03/12 00:28:06 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015/03/12 00:28:06 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2015/03/12 00:28:06 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2015/03/12 00:28:05 | 011,411,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015/03/12 00:28:05 | 005,554,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/12 00:28:05 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015/03/12 00:28:04 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/03/12 00:28:04 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2015/03/12 00:28:04 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2015/03/12 00:28:02 | 003,973,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/03/12 00:28:02 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2015/03/12 00:28:02 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2015/03/12 00:28:00 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/03/12 00:28:00 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2015/03/12 00:28:00 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2015/03/12 00:28:00 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015/03/12 00:28:00 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2015/03/12 00:28:00 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015/03/12 00:27:59 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015/03/12 00:27:59 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2015/03/12 00:27:59 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2015/03/12 00:27:59 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015/03/12 00:27:59 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2015/03/12 00:27:58 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2015/03/12 00:27:58 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2015/03/12 00:27:57 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015/03/12 00:27:57 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2015/03/12 00:27:56 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015/03/12 00:27:56 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2015/03/12 00:27:56 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2015/03/12 00:27:56 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/03/12 00:27:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2015/03/12 00:27:55 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/03/12 00:27:55 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2015/03/12 00:27:55 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015/03/12 00:27:55 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/03/12 00:27:55 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2015/03/12 00:27:55 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2015/03/12 00:27:55 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2015/03/12 00:27:54 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2015/03/12 00:27:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2015/03/12 00:27:53 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2015/03/12 00:27:53 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015/03/12 00:27:53 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2015/03/12 00:27:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/03/12 00:27:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015/03/12 00:27:53 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015/03/12 00:27:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2015/03/12 00:27:52 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015/03/12 00:27:52 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2015/03/12 00:27:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2015/03/12 00:27:52 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2015/03/12 00:27:52 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/03/12 00:27:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/03/12 00:27:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015/03/12 00:27:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015/03/12 00:27:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2015/03/12 00:27:52 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2015/03/12 00:27:52 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2015/03/12 00:27:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2015/03/12 00:27:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015/03/12 00:27:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015/03/12 00:27:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015/03/12 00:27:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015/03/12 00:27:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2015/03/12 00:27:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015/03/12 00:27:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015/03/12 00:27:48 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015/03/12 00:27:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015/03/12 00:27:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/03/12 00:27:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/03/12 00:27:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015/03/12 00:27:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015/03/12 00:21:30 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015/03/12 00:21:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015/03/12 00:21:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015/03/12 00:20:41 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015/03/12 00:20:41 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2015/03/12 00:04:06 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/03/12 00:04:04 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/03/12 00:04:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/03/12 00:04:04 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/03/12 00:04:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/03/12 00:04:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/03/12 00:04:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/03/12 00:04:03 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/03/12 00:04:03 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/03/12 00:04:03 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/03/12 00:04:03 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/03/12 00:04:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/03/12 00:04:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/03/11 23:45:17 | 001,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/03/11 23:45:15 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/03/11 23:40:08 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015/03/11 23:40:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015/03/08 04:44:33 | 000,000,000 | ---D | C] -- C:\FRST
[2015/03/04 01:42:14 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perftrack.dll
[2015/03/04 01:42:14 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powertracker.dll
[2015/03/02 21:12:32 | 000,182,696 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2015/02/27 01:39:41 | 000,000,000 | ---D | C] -- C:\Users\Diyaa\AppData\Roaming\DMCache
[2015/02/23 07:32:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/23 01:13:27 | 000,000,000 | ---D | C] -- C:\Users\Diyaa\AppData\Local\VirtualStore
[2015/02/22 05:55:14 | 000,058,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2015/02/22 05:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2015/02/22 05:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2015/02/21 16:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/21 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/02/17 20:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/02/17 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/02/17 19:05:28 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/02/17 19:05:27 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/17 19:05:27 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/02/17 15:30:04 | 001,691,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FM20.DLL
[2015/02/15 23:29:04 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/15 23:29:04 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/02/15 23:29:04 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/02/15 23:29:04 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/15 23:29:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/02/15 23:29:04 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/02/15 23:29:04 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/02/15 23:29:04 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/02/15 23:29:03 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/02/15 23:29:03 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/02/15 23:29:02 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/15 23:29:02 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/15 23:29:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/02/15 23:29:01 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/02/15 23:29:01 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/15 23:29:01 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/02/15 23:29:01 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/02/15 23:29:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/02/15 23:29:01 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/02/15 23:29:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/02/15 23:29:00 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/15 23:29:00 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/15 23:28:59 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/02/15 23:28:59 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/02/15 23:28:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/02/15 23:28:58 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/02/15 23:28:58 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/02/15 23:28:58 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/15 23:28:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/15 23:28:57 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/15 23:28:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/02/15 23:28:56 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/15 22:50:49 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/15 22:33:53 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/15 22:33:53 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2015/03/13 00:49:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/03/13 00:24:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/13 00:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000UA.job
[2015/03/12 23:55:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/03/12 21:07:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/12 21:06:54 | 000,000,632 | RHS- | M] () -- C:\Users\Diyaa\ntuser.pol
[2015/03/12 21:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/12 21:06:07 | 1500,942,336 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/12 03:47:18 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/03/12 03:47:18 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/03/12 03:46:43 | 000,434,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/03/12 03:02:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2873424350-1244858358-1215729984-1000Core.job
[2015/03/12 01:33:29 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2015/03/12 01:25:52 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/03/10 23:31:10 | 000,000,020 | ---- | M] () -- C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
[2015/03/07 18:58:25 | 000,002,283 | ---- | M] () -- C:\Users\Diyaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/03/07 18:58:24 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/03/06 10:42:35 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/03/06 10:42:35 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/03/06 10:42:33 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/03/06 10:42:29 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/03/06 10:42:27 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/03/06 10:41:31 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/03/06 10:39:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/03/06 10:38:57 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/03/06 10:36:56 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/03/06 10:09:31 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/03/06 10:07:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/03/06 10:07:43 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/03/06 10:06:20 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/03/04 19:10:44 | 000,001,017 | ---- | M] () -- C:\Users\Diyaa\Desktop\Dropbox.lnk
[2015/03/03 06:02:12 | 000,182,696 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2015/02/28 02:06:29 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/28 02:06:29 | 000,662,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/28 02:06:29 | 000,122,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/27 05:08:32 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\MBAM.lnk
[2015/02/27 05:08:11 | 000,002,250 | ---- | M] () -- C:\Users\Diyaa\Desktop\HitmanPro.lnk
[2015/02/23 07:48:46 | 000,001,349 | ---- | M] () -- C:\Users\Diyaa\Desktop\adwcleaner.lnk
[2015/02/22 03:14:58 | 000,001,441 | ---- | M] () -- C:\Users\Diyaa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/02/22 03:08:29 | 000,006,012 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/02/20 09:41:01 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/02/20 09:40:59 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/02/20 09:40:56 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/02/20 09:40:55 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/02/20 09:13:49 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/02/20 09:13:43 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/02/20 08:29:16 | 000,372,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/02/20 08:09:16 | 000,299,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/02/17 20:02:33 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot.lnk
[2015/02/17 15:30:04 | 001,691,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FM20.DLL
 
========== Files Created - No Company Name ==========
 
[2015/03/12 01:32:52 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2015/02/23 07:48:46 | 000,001,349 | ---- | C] () -- C:\Users\Diyaa\Desktop\adwcleaner.lnk
[2015/02/23 00:17:05 | 000,000,020 | ---- | C] () -- C:\Users\Diyaa\AppData\Roaming\appdataFr3.bin
[2015/02/22 04:43:35 | 000,000,632 | RHS- | C] () -- C:\Users\Diyaa\ntuser.pol
[2015/02/21 16:13:04 | 000,002,250 | ---- | C] () -- C:\Users\Diyaa\Desktop\HitmanPro.lnk
[2015/02/21 16:04:55 | 000,006,012 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/02/17 20:02:33 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot.lnk
[2014/08/18 19:44:31 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/08/17 20:11:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2014/08/14 15:41:01 | 002,927,360 | ---- | C] () -- C:\Windows\wweb32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 09:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 10:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 10:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 06:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 08:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 06:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/21 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\Canon
[2015/03/10 21:09:57 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\DMCache
[2015/03/04 19:11:11 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\Dropbox
[2015/03/10 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\IDM
[2014/08/19 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\PwrMgr
[2014/08/17 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\Tunngle
[2015/02/27 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\Diyaa\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2015/03/12 21:06:07 | 1500,942,336 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/12 21:06:15 | 2001,260,544 | -HS- | M] () -- C:\pagefile.sys
[2015/01/16 23:54:45 | 000,005,316 | ---- | M] () -- C:\QcOSD.txt
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009/07/14 09:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/01/14 10:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2015/02/28 06:56:32 | 000,809,288 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/01/12 06:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/01/12 06:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/01/12 06:48:50 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/01/14 10:47:41 | 000,813,744 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE
 
< End of report >

Extras.txt:

 

OTL Extras logfile created on: 3/13/2015 12:45:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Diyaa\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 70.46% Memory free
3.73 Gb Paging File | 2.65 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 226.25 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
 
Computer Name: DIYAA-PC | User Name: Diyaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E4975C7-5AED-4056-B18B-A13FFF256D88}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{15E72A20-2557-4D15-A62D-F5D22858091D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{244216F8-8716-410C-A776-12B55D2675BD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{342AD86E-638C-4387-8615-00BD7E38B81B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3C3A294A-7E97-409D-B153-2A92273BAAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3C902B3F-FDB9-4DA4-9FC6-508414D3FC87}" = rport=138 | protocol=17 | dir=out | app=system | 
"{40FF7E5A-33DF-442D-8FC5-088FEF908837}" = lport=139 | protocol=6 | dir=in | app=system | 
"{41B2DE32-D511-4405-BE09-9A6127D06A92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F23B481-0490-4D76-951C-391798DA59A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4FD3329B-A99D-4F23-82B5-E776E4D7DA07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B1B36B8-4F63-489A-A61F-49D97F893C82}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5D444594-F2C5-41DA-B671-5EBAB4CEEA73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61EA03CE-0CD0-48A4-9D74-BCB8E3C8D01F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{7309A4E8-3F8D-49E7-9DE2-B418EABEE002}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7BC19470-36CF-483C-88B0-0DDFB823694D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A460989B-2532-44DE-841C-8CC399837640}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BEBF41A8-373A-4A9B-A67D-580B699461DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CF6B9544-19A4-4D79-9299-1F516F8A9701}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D0F61CBC-D4DA-4FDF-B264-8BB354F702ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E35E6273-B3F6-4038-A44E-506782CE032F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EAB11E14-51C6-4749-B244-F2B7390125EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2EFD279-39A6-49D0-BBAF-3456C7484076}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F367D290-121E-4F50-938C-4CEF71EC1878}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F36E6B42-CD6A-4463-9E48-AFE9648BB0AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F6045E88-2A41-4A71-9F88-37F809E70EF5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{F82C6DC7-CE81-409E-A671-60038EEFB8DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0005C431-CFBD-414A-9965-70B5F9842167}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{02DD9706-8C60-4EF7-8A5F-45F3DF7ADBE5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0485D739-4AF3-4AF7-A9C3-F64F989434E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{0574D9A2-E93F-45AF-B74D-D4D727D9E69A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09A1E87F-B3BB-4361-B836-6B9171772ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{0AF9CF10-23D7-47BD-B640-3F95BB06FE2A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0C0D7097-563D-46C0-B3AA-28B11AD7FFB9}" = dir=in | app=c:\users\diyaa\appdata\local\temp\nsm674c.tmp\cnetinstaller-75616559.exe | 
"{0E6FE664-0EB9-4A37-97B9-E428CF09F0A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0F5E10D6-0D24-4661-A771-6426FB5F1F0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1735F3A9-FA16-4D5C-A4C3-CEDE88DB9544}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D55E3A4-CA70-4BDA-9D0A-BFAD1560605B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{1E1E65B1-304D-435D-9D0F-6968626CCCD9}" = protocol=17 | dir=in | app=c:\program files (x86)\smartview2\smart view 2.0.exe | 
"{21AA58EF-B1CD-4356-BD3B-B07B0D089442}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{22174A72-20EC-43A3-A7F8-A9B64EFC8825}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{2776B97E-0C9B-4156-933B-51A71B919C6B}" = protocol=17 | dir=in | app=c:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2DDF2EA2-DF0C-4DAE-B056-A83F9A7BCCB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{323774C1-AC7F-4B0B-9161-00EF8ABD9A2E}" = protocol=6 | dir=in | app=c:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe | 
"{390B56CD-EA6E-4290-9B83-D76828723557}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{399AA8F3-39AA-4DA0-8912-8D5A205DDD65}" = protocol=17 | dir=in | app=c:\users\diyaa\appdata\roaming\utorrent\utorrent.exe | 
"{3F67F909-4DF4-4E01-ABE2-EFE78BA21BE8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41833DC1-A18E-4C3B-9A03-A766F7F080BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{5F66A5E1-BB0B-40DE-A191-C1AB28D39747}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{60E27978-F571-49BB-9508-F20C6F2A813E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6393EC37-69AD-4089-9333-BFE66A2F9B5E}" = protocol=17 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | 
"{6B29E21F-95C8-4A89-A764-6A58504B3B34}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{6F818C96-0A8D-4D9F-A895-A5ADF5DA9065}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{73DB10E1-2F7D-4C55-A942-153612A97211}" = protocol=6 | dir=in | app=c:\users\diyaa\appdata\roaming\utorrent\utorrent.exe | 
"{7C5214D4-2F32-44A6-80C2-787F0D2B4FAE}" = protocol=6 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe | 
"{83F67A92-0B1B-4957-AF6A-DF87C572BD15}" = protocol=17 | dir=in | app=c:\program files (x86)\smartview2\smart view 2.0.exe | 
"{89E31AB6-D3B9-400A-963D-73C7ABBC9BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{905BF200-9E9C-4BAB-823C-380E88568E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{921D718E-DEE5-4BCC-9E62-60E04A51AB41}" = protocol=6 | dir=in | app=c:\program files (x86)\smartview2\smart view 2.0.exe | 
"{9445CFD5-F07F-4610-9CF9-BCA8D5456A53}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{97F8C49B-0F24-4904-B14A-B99338DB947B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A5F71CA-D481-41CE-BFA5-0BB655B259C5}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{B190B160-83A3-4B67-916A-286D64DB8C84}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{C2EB51C7-B544-4A10-A29E-2A4EE4A858FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4A8771C-D7C7-47F0-8268-26DA8E501AC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 
"{C7F40C4D-BE54-4C6B-9567-E4D090196529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB5389D7-2F48-402B-AE72-E452AFC489D7}" = protocol=6 | dir=in | app=c:\program files (x86)\smartview2\smart view 2.0.exe | 
"{CC03EDB1-D8EB-4404-9D98-373A68D58E43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC36F40A-5BCB-42C6-AC31-92A23A5825CD}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{D0EEBB36-E3E5-48B6-8894-E7EEFB4D988B}" = dir=out | app=c:\users\diyaa\appdata\local\temp\nsm674c.tmp\cnetinstaller-75616559.exe | 
"{D9FBAB2E-04CD-485D-A58D-CC9F11725500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4396D51-EA80-45AF-BBF3-777EA87B3746}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{E50DABB6-8871-4BB0-86D7-8B16E91D4714}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F2BEF21E-78DF-4FCC-BAB0-5A1B339BF2CD}" = dir=in | app=c:\users\diyaa\appdata\local\microsoft\skydrive\skydrive.exe | 
"{F5EDA53E-6AB3-4B6F-8464-EE3FB409C366}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{FF312858-DD75-4EE9-9FCD-FECF7B235458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FF79DCC0-367B-4506-B3B6-D15700A4C5D2}" = protocol=6 | dir=out | app=system | 
"{FFFECA68-8D3C-45D2-8A49-D4DE57406AB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{33D56881-8C58-44D2-91AB-25EFD5E76062}C:\program files (x86)\command & conquer collection\command & conquer - red alert 2\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\command & conquer collection\command & conquer - red alert 2\game.exe | 
"TCP Query User{3EBAE6E3-1493-42A1-8367-FAF62ABF4F49}C:\users\diyaa\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\diyaa\appdata\roaming\utorrent\utorrent.exe | 
"TCP Query User{76F3E32C-B809-4AB8-A1B9-230E04D0371B}C:\program files (x86)\plex home theater\plex home theater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plex home theater\plex home theater.exe | 
"TCP Query User{8A6B8284-3718-4481-8A18-61EDDD232657}C:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E57E5C9E-16D8-4EB9-B3F6-98AB68509837}C:\program files (x86)\valve\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\counter-strike\hl.exe | 
"TCP Query User{E920FF1B-AE1D-429A-80B5-C5AB40EBCA26}C:\program files (x86)\valve\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\counter-strike\hl.exe | 
"UDP Query User{016FEF57-9F46-4E1A-85D0-2011734AF13F}C:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\diyaa\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{24031DB7-ECA6-408C-82B2-50ECA98C4A8C}C:\program files (x86)\valve\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\counter-strike\hl.exe | 
"UDP Query User{6BE71E8B-CE75-41D5-9E81-87AF6A8BEDDF}C:\program files (x86)\valve\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\counter-strike\hl.exe | 
"UDP Query User{73D9464E-AB6A-4A53-B355-07279944888D}C:\program files (x86)\plex home theater\plex home theater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plex home theater\plex home theater.exe | 
"UDP Query User{A95A7E95-6C6D-4CE1-BEBF-AF4F152B23A9}C:\program files (x86)\command & conquer collection\command & conquer - red alert 2\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\command & conquer collection\command & conquer - red alert 2\game.exe | 
"UDP Query User{CCAA2836-A3A2-4C6A-ADFD-E02D9CFD231C}C:\users\diyaa\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\diyaa\appdata\roaming\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{49A09C2C-FFF4-478E-B397-5E0979F67F5D}" = Lenovo Patch Utility 64 bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"B97004A400E30DCF940971EFA7A0C13C6B0A4B66" = Windows Driver Package - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.1
"{277DE249-EA23-43F1-888B-19CE25D708C3}" = Windows Live Family Safety
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{48781AC2-0939-4D66-98F2-235328E46790}" = Windows Live Messenger
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{7171E82A-E90A-4155-9040-6006CEE64DDC}" = Windows Live Writer Resources
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95C33D2E-8892-40CC-B8FB-E8CC68530D8B}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0332229-4EF7-4A36-AED8-E5876EB2DF86}" = Windows Live UX Platform Language Pack
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}" = CyberLink YouCam 6
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}" = Photo Common
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B6A96E8C-FC88-46F5-800E-6845B4ACA459}" = Photo Gallery
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C77CC230-7417-3F01-B70D-52583DC9FEC9}" = Google Talk Plugin
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D9C0A513-2CE3-444B-A401-A545020E942E}" = Command & Conquer - Red Alert 2 -WiReD- (remove only)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}" = Lenovo Patch Utility
"{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8F630A7-6789-44D5-8653-3B27969CF337}" = Windows Live Essentials
"{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}" = Smart View 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Internet Download Manager" = Internet Download Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MP Navigator 3.1" = Canon MP Navigator 3.1
"Picasa 3" = Picasa 3
"TeamViewer 9" = TeamViewer 9
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite" = Windows Live Essentials
"WordWeb" = WordWeb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/11/2015 4:28:40 PM | Computer Name = Diyaa-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/11/2015 4:30:08 PM | Computer Name = Diyaa-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/11/2015 4:53:03 PM | Computer Name = Diyaa-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/11/2015 5:08:02 PM | Computer Name = Diyaa-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/11/2015 6:49:49 PM | Computer Name = Diyaa-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/11/2015 7:00:10 PM | Computer Name = Diyaa-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/11/2015 7:06:29 PM | Computer Name = Diyaa-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/11/2015 7:21:24 PM | Computer Name = Diyaa-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/12/2015 12:06:54 PM | Computer Name = Diyaa-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/12/2015 12:07:59 PM | Computer Name = Diyaa-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 9/24/2014 9:26:30 PM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 6:26:30 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 9/24/2014 9:26:56 PM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 6:26:54 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 10/5/2014 9:20:58 PM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 6:20:57 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 10/5/2014 9:22:50 PM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 6:22:50 AM - Failed to retrieve MCESpotlight (Error: The operation
 has timed out)  
 
Error - 10/12/2014 12:33:29 PM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 9:33:22 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 10/16/2014 10:44:50 AM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 7:44:50 PM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 10/16/2014 10:45:07 AM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 7:45:07 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server)  
 
Error - 10/16/2014 10:45:12 AM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 7:45:12 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 10/16/2014 10:45:16 AM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 7:45:14 PM - Failed to retrieve SportsV2 (Error: Unable to connect
 to the remote server)  
 
Error - 10/16/2014 10:45:25 AM | Computer Name = Diyaa-PC | Source = MCUpdate | ID = 0
Description = 7:45:18 PM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 10/27/2014 1:07:15 PM | Computer Name = Diyaa-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR2, has a bad block.
 
Error - 10/27/2014 1:07:18 PM | Computer Name = Diyaa-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR2, has a bad block.
 
Error - 10/27/2014 1:07:20 PM | Computer Name = Diyaa-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR2, has a bad block.
 
Error - 10/27/2014 3:36:53 PM | Computer Name = Diyaa-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\DR3, has a bad block.
 
 
< End of report >


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 13 March 2015 - 11:47 AM

Hi diyaa

Step 1
Double click on OTL to run it.
Vista/Windows 7 users right-click and select Run As Administrator.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:Otl
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SDTray - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

:commands
[emptytemp]
[purity]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles



Step 2
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • If asked, allow the activex control to install
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.
IE is recommended when using the Eset Online Scanner, but you can use either Firefox or Chrome which will require installation of ESET Smart Installer


In your next reply, please submit:
Otl fix report
Eset Scan report... if anything is found.


Thanks.

BBPP6nz.png


#12 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 March 2015 - 04:02 PM

03162015_015108:

 

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RtHDVCpl\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SDTray\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Diyaa
->Temp folder emptied: 1997263 bytes
->Temporary Internet Files folder emptied: 6338 bytes
->Flash cache emptied: 0 bytes
 
User: Farhan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525470 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1383 bytes
 
Total Files Cleaned = 2.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03162015_015108
 
Files\Folders moved on Reboot...
C:\Users\Diyaa\AppData\Local\Temp\03160137-00000cd8-ilxlu2bdql\Logs.CAB moved successfully.
C:\Users\Diyaa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Diyaa\AppData\Local\Temp\JET3F9E.tmp not found!
C:\Users\Diyaa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\TMP0000000135B950A4386DE7FB moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:11:45 AM

Posted 15 March 2015 - 05:47 PM

Did the Eset scan throw up anything?

BBPP6nz.png


#14 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 March 2015 - 06:42 PM

C:\FRST\Quarantine\C\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\q.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\chjlgaiakapjnmnckmmcbfjannhpjiaf\4.41\q.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lphojmgkbcmdjpaepolkjeienkacpjpi\191\content.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lphojmgkbcmdjpaepolkjeienkacpjpi\191\lsdb.js JS/Adware.MultiPlug.B application cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lphojmgkbcmdjpaepolkjeienkacpjpi\191\S6l0LnHb.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\nkpcjfgdlfelfjldoebklcimbekfeami\126\gB4.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Diyaa\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\nkpcjfgdlfelfjldoebklcimbekfeami\126\lsdb.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Diyaa\Desktop\Farhan\wps2014_9.1.0.4758_21.105.exe Win32/Spigot.A potentially unwanted application deleted - quarantined
 
:(


#15 diyaa

diyaa
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 March 2015 - 06:46 PM

where do these keep coming from... ?? this is so crazyyy






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users