HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1
Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31]
ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01]
CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url>
S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv
S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 UpdateSvc; no ImagePath
S0 98632471; system32\drivers\00560299.sys [X]
S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X]
2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job
2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job
2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job
2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job
2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job
2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job
2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job
2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job
2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job
2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job
2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job
2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job
2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job
2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job
2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj
2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin
2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin
2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE
2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j
2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp
2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp
2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat
2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp
C:\ProgramData\s630Y6kiG.dat
C:\Users\mostafa\AppData\Local\Temp\6477.exe
C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe
C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe
C:\Users\mostafa\AppData\Local\Temp\libeay32.dll
C:\Users\mostafa\AppData\Local\Temp\links.exe
C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe
C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll
C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll
C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe
C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll
C:\Users\mostafa\AppData\Local\Temp\setacl.exe
C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll
C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe
C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe
C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe
C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe
Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION
Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION
Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION
Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION
Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION
Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION
Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION
Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION
Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION
Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads
Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION
Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION
Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop
Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe
Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION
Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION
Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION
Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION
Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com
c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe
C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe
C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe
C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe
C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe
C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe
C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe 
c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe
C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe
C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe
C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe
C:\Users\mostafa\AppData\Roaming\YOXALEU.exe 
C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe
C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe
C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe
C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe
C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe
C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe
C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe
C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe
c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe
C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe
C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe
C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe 
C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe
C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe 
C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe
C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe
C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe
C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe
C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe
c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe
C:\Users\mostafa\AppData\Roaming\YOXALEU.exe 
C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe
CMD: ipconfig /flushdns
EmptyTemp:
Hosts: