Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER shows an error message and crashes


  • This topic is locked This topic is locked
13 replies to this topic

#1 Tamimwm

Tamimwm

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 10 November 2015 - 12:42 PM

Goodday everyone,

 

I was just using the internet like usual when I tried to download an app that looked intresting. Unfortunately it was a PUP bomb and what not but it was too late. It has already infected my device. I ran malwarebytes antimalware immediately followed by adware cleaner. Both programs showed several detections. I also manually used the task manager to identify any suspicious looking application running on my system. After several detections and system clean up, I had to restart my pc several times to complete those. 

 

And finally after I thought everything had been removed , I followed the instructions on the malwarebytes official website on how to clean my browser and remove hidden shortcuts. Sometime later malwarebytes started telling that it is blocking malicious websites.

 

I looked online and downloaded GMER unfortunately it always shows  ( windows32 config system, the process cannot access the file because it is being used by another program ) , if I pressed OK and started a scan GMER eventually crashes.

 

Updated >

I just ran MalwareBytes Antirootkit; it flashed a warning sign saying a probable rootkit activity detected registry value Applnit_Dll. Since I am not sure I pressed no, updated the database and started the scan. It gave a negative result; as in no rootkit present. Nevertheless GMER crashed again.

 

Thanks a lot in advance for any suggestions or tips.

Best Regards.


Edited by Tamimwm, 10 November 2015 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 12 November 2015 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 12 November 2015 - 02:43 PM

Good Evening and Thnkyou for your help.

 

I followed the instructions , But since I already ran Adwcleaner before, It gave me no results nor detections,

 

As for farbar Scan

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Wael (administrator) on WAEL-PC (12-11-2015 21:06:22)
Running from C:\Users\Wael\Desktop\cleaning
Loaded Profiles: Wael (Available Profiles: Wael)
Platform: Windows 8.1 Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent, Inc.) C:\Users\Wael\Downloads\utorrent\utorrent_2.2.1_build_25302.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) E:\Program Files\ccleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Skype Technologies S.A.) C:\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Oxford University Press) C:\dictoinary\coed11.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Wael\Desktop\cleaning\adwcleaner_5.019(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3125280 2013-10-17] (Disc Soft Ltd)
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\...\Run: [CCleaner Monitoring] => E:\Program Files\ccleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\...\MountPoints2: {c4c5ab1a-fbdf-11e3-be97-7c05078c0ca3} - "G:\Startme.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177416 2015-10-03] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177416 2015-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155976 2015-10-03] (NVIDIA Corporation)
Startup: C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-11-10]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\utorrent_2.2.1_build_25302 - Shortcut.lnk [2015-11-10]
ShortcutTarget: utorrent_2.2.1_build_25302 - Shortcut.lnk -> C:\Users\Wael\Downloads\utorrent\utorrent_2.2.1_build_25302.exe (BitTorrent, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{86EAC931-9510-42EF-BB9A-08455B60045D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C818B02B-334C-48E1-B260-CD71FCF5B0FE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
HKU\S-1-5-21-4189553729-4105879948-3113528959-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshibamea.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4189553729-4105879948-3113528959-1002 -> {FAD8527E-A1BB-434B-B9F6-6CD22B998C4B} URL = hxxp://yandex.ru/yandsearch?win=140&clid=1989274&text={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Wael\AppData\Roaming\Mozilla\Firefox\Profiles\io11yhsi.default-1447162046976
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4189553729-4105879948-3113528959-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-12-07] (Ubisoft)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hjecpldjaibcodmpkmancoljlbkgodgg] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [magddadchihfapfmihhafjbencdaekoi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhoginfgkdilnncbigagbkpfccbokgib] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S4 MBAMScheduler; E:\Program Files\malwarebytes antimalware\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; E:\Program Files\malwarebytes antimalware\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files\ea games\Origin\OriginClientService.exe [2078216 2015-10-05] (Electronic Arts)
S2 SkypeUpdate; C:\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-01] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2015-10-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 MpKsl015444c0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{245F737F-2AB6-4089-AAAA-85016F121D02}\MpKsl015444c0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 21:06 - 2015-11-12 21:06 - 00000000 ____D C:\FRST
2015-11-12 21:03 - 2015-11-12 21:06 - 00000000 ____D C:\Users\Wael\Desktop\cleaning
2015-11-12 21:02 - 2015-11-12 21:02 - 00004716 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-12 08:00 - 2015-11-12 08:00 - 00000288 _____ C:\Users\Wael\Documents\cc_20151112_080024.reg
2015-11-11 20:23 - 2015-11-11 20:23 - 00961353 _____ C:\Users\Wael\Downloads\aZNKAY6_460sv.mp4
2015-11-11 09:04 - 2015-11-11 09:04 - 00019142 _____ C:\Users\Wael\Documents\cc_20151111_090416.reg
2015-11-11 08:58 - 2015-11-11 08:58 - 00001997 _____ C:\Users\Wael\Documents\aswMBR.txt
2015-11-11 08:58 - 2015-11-11 08:58 - 00000512 _____ C:\Users\Wael\Documents\MBR.dat
2015-11-11 08:36 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-11 08:36 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-11 08:35 - 2015-10-31 01:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 08:35 - 2015-10-31 01:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 08:35 - 2015-10-31 01:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 08:35 - 2015-10-31 01:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 08:35 - 2015-10-31 01:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 08:35 - 2015-10-31 00:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 08:35 - 2015-10-31 00:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 08:35 - 2015-10-31 00:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 08:35 - 2015-10-31 00:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 08:35 - 2015-10-31 00:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 08:35 - 2015-10-31 00:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 08:35 - 2015-10-31 00:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 08:35 - 2015-10-31 00:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 08:35 - 2015-10-31 00:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 08:35 - 2015-10-31 00:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 08:35 - 2015-10-31 00:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 08:35 - 2015-10-30 23:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 08:35 - 2015-10-30 23:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 08:35 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-11-11 08:35 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-11-11 08:35 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-11-11 08:35 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-11-11 08:35 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-11-11 08:35 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-11-11 08:35 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-11-11 08:35 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-11-11 08:34 - 2015-10-31 00:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 08:34 - 2015-10-31 00:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 08:34 - 2015-10-31 00:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 08:34 - 2015-10-30 23:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 08:34 - 2015-10-30 23:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 08:34 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-11-11 08:34 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-11-11 08:34 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-11-11 08:34 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-11-11 08:34 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-11-11 08:34 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-11-11 08:34 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-11-11 08:34 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-11-11 08:32 - 2015-10-15 01:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 08:32 - 2015-10-15 01:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 08:32 - 2015-10-15 01:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 08:32 - 2015-10-15 01:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 08:32 - 2015-10-15 01:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 08:32 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-11-11 08:32 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-11-11 08:32 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-11-11 08:32 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-11-11 08:32 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-11-11 08:32 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 08:30 - 2015-10-13 17:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 08:30 - 2015-10-11 08:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 08:30 - 2015-10-11 08:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 08:30 - 2015-10-10 20:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 08:30 - 2015-10-10 20:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 08:30 - 2015-10-10 20:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 08:30 - 2015-10-10 19:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 08:30 - 2015-10-10 19:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 08:30 - 2015-10-10 19:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 08:30 - 2015-10-10 18:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 08:29 - 2015-10-13 19:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 08:29 - 2015-10-13 19:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 08:29 - 2015-09-29 14:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 08:29 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-11-11 08:29 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-11-11 08:29 - 2015-09-04 21:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 08:29 - 2015-08-20 22:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 08:29 - 2015-08-20 19:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 08:29 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-11-11 08:29 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-11-11 08:28 - 2015-10-15 18:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 08:28 - 2015-10-15 17:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 08:28 - 2015-09-19 05:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 08:28 - 2015-09-18 15:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 08:28 - 2015-09-18 15:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-11-11 08:28 - 2015-09-18 15:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-11-11 08:28 - 2015-09-18 15:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-11-11 08:28 - 2015-09-18 15:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-11-11 08:28 - 2015-09-18 15:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-11 08:28 - 2015-09-12 15:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 08:28 - 2015-09-07 18:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 08:28 - 2015-09-07 17:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 08:28 - 2015-09-07 17:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 08:28 - 2015-08-29 00:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 08:28 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-11-11 08:28 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-11-11 08:27 - 2015-10-20 23:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 08:27 - 2015-10-20 16:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 08:27 - 2015-10-20 16:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 08:27 - 2015-10-20 16:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 08:27 - 2015-10-20 16:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 08:27 - 2015-10-20 16:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 08:27 - 2015-10-20 16:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 08:27 - 2015-10-20 16:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 08:27 - 2015-10-20 16:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 08:27 - 2015-10-20 16:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 08:27 - 2015-10-20 16:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 08:27 - 2015-10-20 16:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 08:26 - 2015-10-17 16:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 08:26 - 2015-10-08 18:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 08:26 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-11 08:26 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-11 08:26 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 08:26 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 08:26 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 08:26 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 08:26 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 08:26 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-11-10 19:25 - 2015-11-10 19:26 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-11-10 18:56 - 2015-11-10 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-10 18:22 - 2015-11-11 09:02 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-10 18:11 - 2015-11-10 18:11 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-10 17:45 - 2015-11-10 17:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-11-10 17:44 - 2015-11-11 07:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-10 17:44 - 2015-11-10 19:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-10 17:41 - 2015-11-12 21:04 - 00000000 ____D C:\AdwCleaner
2015-11-10 17:40 - 2015-11-10 17:41 - 01712128 _____ C:\Users\Wael\Downloads\adwcleaner_5.019.exe
2015-11-10 17:01 - 2015-11-10 17:01 - 00000448 _____ C:\Users\Wael\Documents\cc_20151110_170138.reg
2015-11-10 15:45 - 2015-11-10 15:45 - 00004970 _____ C:\Users\Wael\Documents\cc_20151110_154527.reg
2015-11-10 15:18 - 2015-11-10 15:18 - 00131531 _____ C:\Users\Wael\Documents\bookmarks date.html
2015-11-10 14:31 - 2015-11-10 14:31 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-08 12:51 - 2015-11-10 14:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 23:05 - 2015-11-02 23:05 - 00000000 ____D C:\Users\Wael\Tracing
2015-11-02 23:02 - 2015-11-02 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-30 20:51 - 2015-10-30 20:51 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-10-30 20:51 - 2015-10-30 20:51 - 00000000 ____D C:\WINDOWS\system32\NV
2015-10-30 18:29 - 2015-10-03 07:06 - 42914096 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 37882488 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 22306936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 18359928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 17395512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 16541040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 15716648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 15002304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 14832968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 13518496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 12032200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 11114616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-10-30 18:29 - 2015-10-03 07:06 - 02869880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 02489976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00877176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00689456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00467912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-10-30 18:29 - 2015-10-03 07:06 - 00031352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-10-30 17:55 - 2015-10-30 18:27 - 301556840 _____ (NVIDIA Corporation) C:\Users\Wael\Downloads\358.50-notebook-win8-win7-64bit-international-whql.exe
2015-10-30 17:53 - 2015-10-30 17:53 - 00000000 ____D C:\Users\Wael\AppData\Roaming\Sun
2015-10-30 17:53 - 2015-10-30 17:53 - 00000000 ____D C:\Users\Wael\.oracle_jre_usage
2015-10-30 17:52 - 2015-10-30 17:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-30 17:52 - 2015-10-30 17:51 - 00000030 _____ C:\AVScanner.ini
2015-10-30 17:51 - 2015-10-30 17:51 - 00000000 ____D C:\ProgramData\McAfee
2015-10-30 17:15 - 2015-10-03 07:06 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435850.dll
2015-10-30 17:15 - 2015-10-03 07:06 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435850.dll
2015-10-30 16:25 - 2015-08-11 06:52 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-10-30 16:25 - 2015-08-11 06:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-10-30 16:25 - 2015-08-11 06:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-10-19 22:48 - 2015-10-19 22:48 - 00000000 ____D C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vanguard Princess
2015-10-18 18:29 - 2015-10-18 18:29 - 00039161 _____ C:\Users\Wael\Downloads\harry-potter-and-the-order-of-the-phoenix-english-yify-578.zip
2015-10-13 18:21 - 2015-10-13 18:22 - 00000000 ____D C:\Users\Wael\Documents\Korra

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 21:01 - 2015-01-24 09:53 - 00000000 ____D C:\Users\Wael\AppData\Roaming\uTorrent
2015-11-12 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-12 20:52 - 2014-06-21 09:48 - 00000000 ____D C:\Users\Wael\AppData\Roaming\Skype
2015-11-12 19:50 - 2015-10-07 14:47 - 00000000 ____D C:\Users\Wael\AppData\Local\FlySystem
2015-11-11 22:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 20:29 - 2014-09-05 15:36 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8C1ED494-AD21-4356-A499-9FDBBA8DBACC}
2015-11-11 13:00 - 2013-11-04 22:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4189553729-4105879948-3113528959-1002
2015-11-11 09:18 - 2014-03-18 11:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-11 09:14 - 2015-09-20 13:10 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-11 09:11 - 2014-10-13 21:10 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-11-11 09:11 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-11 09:07 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-11 08:53 - 2013-07-10 14:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 08:53 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 08:47 - 2014-12-17 07:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 08:47 - 2014-07-17 17:28 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-11-11 08:47 - 2013-11-06 13:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 23:25 - 2014-09-05 14:09 - 00000000 ____D C:\Users\Wael
2015-11-10 21:41 - 2015-09-20 13:10 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-10 19:04 - 2015-01-28 07:00 - 00000000 ____D C:\Users\Wael\Downloads\utorrent
2015-11-10 19:04 - 2014-12-24 07:11 - 00000000 ____D C:\Users\Wael\Downloads\Pics
2015-11-10 15:57 - 2014-06-16 13:08 - 00000000 ____D C:\JetClean
2015-11-10 15:52 - 2015-08-25 18:56 - 00003070 _____ C:\WINDOWS\System32\Tasks\{91B9D5BA-11D2-4D9F-9668-B4BCE931FCF1}
2015-11-10 15:52 - 2014-12-14 21:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\{E6E913C7-C348-4777-AD3C-5DEFC544585E}
2015-11-10 15:41 - 2014-09-04 20:05 - 00003160 _____ C:\WINDOWS\System32\Tasks\GoForFiles Installer Starter
2015-11-10 15:40 - 2014-06-16 13:08 - 00003100 _____ C:\WINDOWS\System32\Tasks\JetCleanLoginCheckUpdate
2015-11-10 14:52 - 2014-11-04 06:57 - 00000972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2015-11-10 14:52 - 2014-09-05 14:14 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-10 14:52 - 2014-09-05 14:09 - 00000445 _____ C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-10 14:52 - 2014-09-05 14:09 - 00000443 _____ C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-10 14:52 - 2013-07-10 13:32 - 00001421 _____ C:\Users\Wael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-10 14:52 - 2013-04-09 19:04 - 00001969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-10 14:52 - 2013-04-09 17:21 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-11-10 14:51 - 2014-10-16 21:51 - 00000726 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-11-10 14:36 - 2012-07-26 07:26 - 00000301 _____ C:\WINDOWS\win.ini
2015-11-10 14:35 - 2015-01-24 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 14:32 - 2014-11-10 19:07 - 00000000 ____D C:\Users\Wael\AppData\Local\Chromium
2015-11-10 14:31 - 2015-02-20 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valkyria Chronicles
2015-11-09 08:15 - 2014-06-14 15:44 - 00000000 ____D C:\The KMPlayer
2015-11-08 21:44 - 2015-06-08 06:16 - 00000000 ____D C:\Users\Wael\Desktop\things
2015-11-08 18:11 - 2014-10-19 14:10 - 00000000 ____D C:\Users\Wael\AppData\Roaming\vlc
2015-11-08 12:36 - 2015-10-07 11:47 - 00000000 ____D C:\file E  is full =_=
2015-11-08 12:28 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-11-08 12:21 - 2014-06-22 07:11 - 00007605 _____ C:\Users\Wael\AppData\Local\Resmon.ResmonCfg
2015-11-06 07:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-04 14:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-03 19:41 - 2015-03-06 17:40 - 00000000 ____D C:\Users\Wael\Documents\DragonNest
2015-11-03 02:23 - 2013-08-22 17:38 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 02:23 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 23:09 - 2014-08-08 17:24 - 00000000 ____D C:\Program Files (x86)\Skype
2015-11-02 23:03 - 2014-06-20 15:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-02 23:02 - 2015-07-01 14:47 - 00000000 ___RD C:\Skype
2015-10-30 18:32 - 2013-05-16 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-30 17:53 - 2014-10-18 11:23 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-30 17:53 - 2014-10-18 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-30 17:53 - 2014-10-18 11:22 - 00000000 ____D C:\ProgramData\Oracle
2015-10-30 17:51 - 2014-06-18 12:58 - 00000000 ____D C:\Users\Wael\AppData\Local\Adobe
2015-10-30 16:26 - 2014-09-05 14:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-30 16:13 - 2015-10-06 20:31 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-10-30 16:13 - 2015-10-06 20:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-10-27 18:43 - 2013-07-11 23:15 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-27 16:55 - 2015-10-08 14:37 - 00000000 ____D C:\ProgramData\Steam
2015-10-27 14:01 - 2015-09-25 12:20 - 00000000 ____D C:\ProgramData\Origin
2015-10-19 22:51 - 2013-07-10 13:31 - 00000000 ____D C:\Users\Wael\AppData\Local\VirtualStore
2015-10-19 22:50 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-10-19 22:50 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-10-19 22:50 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-10-19 22:50 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-10-19 22:50 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-10-19 22:49 - 2015-03-04 16:32 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-10-19 22:49 - 2015-03-04 16:32 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-10-19 22:49 - 2015-03-04 16:28 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-10-19 22:49 - 2015-03-04 16:27 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-10-19 22:49 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-10-19 22:49 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-10-19 22:49 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-10-19 22:49 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-10-19 22:49 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-10-14 12:28 - 2014-11-01 15:21 - 00000000 ____D C:\Users\Wael\AppData\Roaming\DAEMON Tools Pro

==================== Files in the root of some directories =======

2014-09-05 11:47 - 2014-09-05 11:47 - 0616256 _____ (ClickMeIn Limited) C:\Users\Wael\AppData\Local\nsu428D.tmp
2014-06-22 07:11 - 2015-11-08 12:21 - 0007605 _____ () C:\Users\Wael\AppData\Local\Resmon.ResmonCfg
2015-11-10 14:31 - 2015-11-10 14:31 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Wael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-12 10:10

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 12 November 2015 - 03:43 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HKLM-x32\...\Chrome\Extension: [hjecpldjaibcodmpkmancoljlbkgodgg] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [magddadchihfapfmihhafjbencdaekoi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhoginfgkdilnncbigagbkpfccbokgib] - hxxp://clients2.google.com/service/update2/crx
S1 MpKsl015444c0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{245F737F-2AB6-4089-AAAA-85016F121D02}\MpKsl015444c0.sys [X]
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {A8384C4F-77D8-4545-A053-1DBDC36B883D} - System32\Tasks\GoForFiles Installer Starter => C:\Users\Wael\AppData\Local\Temp\GoForFilesTza83f0E1V.exe <==== ATTENTION
C:\Users\Wael\AppData\Local\Temp\GoForFilesTza83f0E1V.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#5 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 12 November 2015 - 04:05 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Wael (2015-11-12 22:51:50) Run:1
Running from C:\Users\Wael\Desktop\cleaning
Loaded Profiles: Wael (Available Profiles: Wael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR HKLM-x32\...\Chrome\Extension: [hjecpldjaibcodmpkmancoljlbkgodgg] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [magddadchihfapfmihhafjbencdaekoi] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhoginfgkdilnncbigagbkpfccbokgib] - hxxp://clients2.google.com/service/update2/crx
S1 MpKsl015444c0; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{245F737F-2AB6-4089-AAAA-85016F121D02}\MpKsl015444c0.sys [X]
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {A8384C4F-77D8-4545-A053-1DBDC36B883D} - System32\Tasks\GoForFiles Installer Starter => C:\Users\Wael\AppData\Local\Temp\GoForFilesTza83f0E1V.exe <==== ATTENTION
C:\Users\Wael\AppData\Local\Temp\GoForFilesTza83f0E1V.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hjecpldjaibcodmpkmancoljlbkgodgg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\magddadchihfapfmihhafjbencdaekoi" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhoginfgkdilnncbigagbkpfccbokgib" => key removed successfully
MpKsl015444c0 => service removed successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8384C4F-77D8-4545-A053-1DBDC36B883D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8384C4F-77D8-4545-A053-1DBDC36B883D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoForFiles Installer Starter => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoForFiles Installer Starter" => key removed successfully
"C:\Users\Wael\AppData\Local\Temp\GoForFilesTza83f0E1V.exe" => not found.
EmptyTemp: => 140.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:52:30 ====

 

I hope I am doing things right . I reset my firefox and ran the FRST Fix scan .

I guess it is ok but a little slow on the startup.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 13 November 2015 - 07:42 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold and Select the following options are available to you.
Select only the one in bold.
 

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean


Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

#7 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 13 November 2015 - 08:29 AM

I had attached the zeok results to this reply. Thankyou for your patience.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 13 November 2015 - 10:35 AM

Nothing suspicious was found on your Zoek log.

Are these two games run in the Cloud?
You may want to check if they delay the startup.

Task: {65126481-A254-4D36-890E-19BA745F0496} - System32\Tasks\{E6E913C7-C348-4777-AD3C-5DEFC544585E} => pcalua.exe -a "E:\Program Files\robots wars\War World - Tactical Combat 1.09\War World.exe" -d "E:\Program Files\robots wars\War World - Tactical Combat 1.09"

Task: {FB6CCCA1-E3F3-4DCC-9F7B-34653DBAB77D} - System32\Tasks\{91B9D5BA-11D2-4D9F-9668-B4BCE931FCF1} => pcalua.exe -a D:\RunWormsForts.exe -d D:\ -c -autorun


===

If that fails then try this.

Restore your Windows 8 to the Last good configuration
Follow the instructions on this page
http://winaero.com/blog/how-to-restore-the-last-known-good-configuration-feature-in-windows-8-1/

If you decide to do it make sure you have a good restore point to return to should something goes wrong.

#9 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 14 November 2015 - 01:38 AM

Apologies for the delay . These 2 games are old so I run them with compatibility mode and  using daemon tool. I shall uninstall them .

If it does work I will restore my system.

 

I suppose my pc is not infected with a rootkit afterall , but just out of curiosity does GMER not work on all computers ?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 14 November 2015 - 10:39 AM

does GMER not work on all computers

We use these tools now to check your BIOS and Master boot record.
If you want to give it a try do it.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#11 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 15 November 2015 - 01:45 AM

TDSS Results

 

08:04:35.0016 0x0aac  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
08:04:35.0016 0x0aac  UEFI system
08:04:40.0613 0x0aac  ============================================================
08:04:40.0613 0x0aac  Current date / time: 2015/11/15 08:04:40.0613
08:04:40.0613 0x0aac  SystemInfo:
08:04:40.0628 0x0aac  
08:04:40.0628 0x0aac  OS Version: 6.3.9600 ServicePack: 0.0
08:04:40.0628 0x0aac  Product type: Workstation
08:04:40.0628 0x0aac  ComputerName: WAEL-PC
08:04:40.0628 0x0aac  UserName: Wael
08:04:40.0628 0x0aac  Windows directory: C:\WINDOWS
08:04:40.0628 0x0aac  System windows directory: C:\WINDOWS
08:04:40.0628 0x0aac  Running under WOW64
08:04:40.0628 0x0aac  Processor architecture: Intel x64
08:04:40.0628 0x0aac  Number of processors: 4
08:04:40.0628 0x0aac  Page size: 0x1000
08:04:40.0628 0x0aac  Boot type: Normal boot
08:04:40.0628 0x0aac  ============================================================
08:04:41.0191 0x0aac  KLMD registered as C:\WINDOWS\system32\drivers\03392421.sys
08:04:42.0493 0x0aac  System UUID: {623829BF-B74A-2305-3EA7-D01C36E87A28}
08:04:43.0259 0x0aac  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:04:43.0275 0x0aac  ============================================================
08:04:43.0275 0x0aac  \Device\Harddisk0\DR0:
08:04:43.0275 0x0aac  GPT partitions:
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {AAB57773-B860-11E2-AEF5-C2136577501B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x200000
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AAB5777B-B860-11E2-AEF5-C2136577501B}, Name: Basic data partition, StartLBA 0x200800, BlocksNum 0x82000
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AAB5777D-B860-11E2-AEF5-C2136577501B}, Name: Basic data partition, StartLBA 0x282800, BlocksNum 0x40000
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AAB57785-B860-11E2-AEF5-C2136577501B}, Name: Basic data partition, StartLBA 0x2C2800, BlocksNum 0x2AE23000
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4FBFCF22-8A5A-4D72-B118-1B6FE8FE15B1}, Name: , StartLBA 0x2B0E5800, BlocksNum 0xE1000
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5BC16739-B7E2-498E-A1DC-4D668F732214}, Name: Basic data partition, StartLBA 0x2B1C6800, BlocksNum 0x2ACD0800
08:04:43.0290 0x0aac  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6A96241C-C6BC-444A-9E5B-C22F5D9CA2EA}, Name: Basic data partition, StartLBA 0x55E97800, BlocksNum 0x16AE800
08:04:43.0290 0x0aac  MBR partitions:
08:04:43.0290 0x0aac  ============================================================
08:04:43.0306 0x0aac  C: <-> \Device\Harddisk0\DR0\Partition4
08:04:43.0384 0x0aac  E: <-> \Device\Harddisk0\DR0\Partition6
08:04:43.0384 0x0aac  ============================================================
08:04:43.0384 0x0aac  Initialize success
08:04:43.0384 0x0aac  ============================================================
08:04:58.0018 0x01f8  ============================================================
08:04:58.0018 0x01f8  Scan started
08:04:58.0018 0x01f8  Mode: Manual;
08:04:58.0018 0x01f8  ============================================================
08:04:58.0018 0x01f8  KSN ping started
08:05:00.0482 0x01f8  KSN ping finished: true
08:05:01.0857 0x01f8  ================ Scan system memory ========================

 

 

aswMBR Scan Results

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-11-15 08:09:11
-----------------------------
08:09:11.078    OS Version: Windows x64 6.2.9200
08:09:11.078    Number of processors: 4 586 0x3A09
08:09:11.078    ComputerName: WAEL-PC  UserName: Wael
08:09:11.703    Initialize success
08:09:11.750    VM: initialized successfully
08:09:11.750    VM: Intel CPU supported
08:09:19.819    VM: disk I/O iaStorA.sys
08:25:15.442    AVAST engine defs: 15111401
08:26:40.207    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
08:26:40.207    Disk 0 Vendor: HGST_HTS541075A9E680 JA2OA560 Size: 715404MB BusType: 11
08:26:40.317    Disk 0 MBR read successfully
08:26:40.317    Disk 0 MBR scan
08:26:40.317    Disk 0 unknown MBR code
08:26:40.317    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
08:26:40.410    Disk 0 scanning C:\WINDOWS\system32\drivers
08:26:56.735    Service scanning
08:27:07.763    Service MpKslabd8d0dd C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5853D79-71B3-4E4A-8D32-8162E83C7B7A}\MpKslabd8d0dd.sys **LOCKED** 32
08:27:23.461    Modules scanning
08:27:23.797    Disk 0 trace - called modules:
08:27:23.853    ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys THAccel.sys hal.dll
08:27:23.857    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000853d4540]
08:27:23.860    3 CLASSPNP.SYS[fffff80160e02170] -> nt!IofCallDriver -> [0xffffe000853d6b70]
08:27:24.637    AVAST engine scan C:\WINDOWS
08:27:26.020    AVAST engine scan C:\WINDOWS\system32
08:32:50.002    AVAST engine scan C:\WINDOWS\system32\drivers
08:33:09.953    AVAST engine scan C:\Users\Wael
08:40:54.370    AVAST engine scan C:\ProgramData
08:43:53.064    Disk 0 statistics 4014421/0/0 @ 234.86 MB/s
08:43:53.069    Scan finished successfully
08:44:18.002    Disk 0 MBR has been saved successfully to "C:\Users\Wael\Desktop\cleaning\MBR.dat"
08:44:18.043    The log file has been saved successfully to "C:\Users\Wael\Desktop\cleaning\aswMBR.txt"
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 15 November 2015 - 09:16 AM

Boot logs are clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 Tamimwm

Tamimwm
  • Topic Starter

  • Members
  • 181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyprus
  • Local time:03:53 AM

Posted 15 November 2015 - 09:38 AM

All is well. Thankyou a lot. I honesty appreciate all your help.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:53 PM

Posted 21 November 2015 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users