Heavily infected win7 Dell machine

mikehende · Sep 17, 2016

Hey Pete, how's it going, been a while, hope all is well? I can use some help with this heavily infected pc please.
I ran mbam 2 times, found a lot of stuff but showed ok on 3rd run. SAS did not show any infections. Adwcleaner I ran twice and showed infections but JRT won't run. IE and Chrome has issues opening and functioning properly on the net. I have attached the logs I am able to run.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/17/2016
Scan Time: 5:53 AM
Logfile: mbam og.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.17.03
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mostafa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424805
Time Elapsed: 31 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

mikehende · Sep 17, 2016

# AdwCleaner v6.020 - Logfile created 17/09/2016 at 07:22:34
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-17.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : mostafa - MOSTAFA-PC
# Running from : E:\AV Softwares\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\Users\mostafa\AppData\Roaming\appdataFr2.bin

***** [ DLL ] *****

[!] File not disinfected: C:\Windows\System32\dnsapi.dll
[!] File not disinfected: C:\Windows\SysWOW64\dnsapi.dll

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

[!] Task not deleted: RunAsStdUser Task for VeohWebPlayer
[!] Task not deleted: Secure Fast PC Auto Updater
[!] Task not deleted: Secure Fast PC Autorun
[!] Task not deleted: YTDownloader
[!] Task not deleted: YTDownloaderUpd
[!] Task not deleted: Microsoft\Windows\Multimedia\SMupdate3
[!] Task not deleted: Microsoft\Windows\Maintenance\SMupdate2
[!] Task not deleted: 0

***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SOFTWARE\076d8b5f-a755-4da5-a5ba-cbb57f301128
[#] Key deleted on reboot: HKLM\SOFTWARE\09f40017-2bc6-4d67-9e7f-beceee00cf7d
[#] Key deleted on reboot: HKLM\SOFTWARE\1bf8e8a5-9def-424d-858d-4ebb8ad4821f
[#] Key deleted on reboot: HKLM\SOFTWARE\40e97be2-3cf7-4df0-aeb7-0fbd80b53f4e
[#] Key deleted on reboot: HKLM\SOFTWARE\4cc93419-f013-44cf-952f-fca8ceb1a86c
[#] Key deleted on reboot: HKLM\SOFTWARE\79780c0b-152c-428c-a9b2-ed599a44e62d
[#] Key deleted on reboot: HKLM\SOFTWARE\94af48d0-240e-43ee-a287-117229f80267
[#] Key deleted on reboot: HKLM\SOFTWARE\9aee7b62-ff08-4ac3-90a5-d4347c0b5f93
[#] Key deleted on reboot: HKLM\SOFTWARE\9d359427-2ddb-e538-b5d6-3dee3bf7d717
[#] Key deleted on reboot: HKLM\SOFTWARE\b4a36f4f-4903-4387-b9b2-9c1658a7e152
[#] Key deleted on reboot: HKLM\SOFTWARE\be02515d-c866-446b-a162-98083dd195d6
[#] Key deleted on reboot: HKLM\SOFTWARE\d0ee02c1-0297-4c0d-9957-37299f816763
[#] Key deleted on reboot: HKLM\SOFTWARE\ebc956f4-11e1-434c-b671-6464a7d33bf2
[#] Key deleted on reboot: HKLM\SOFTWARE\ed41810f-e3c5-4fa9-b719-90c46eeb999d
[#] Key deleted on reboot: HKLM\SOFTWARE\f44b7b4f-1641-46ef-ae69-f2e10e86e233
[#] Key deleted on reboot: HKLM\SOFTWARE\fd14bed6-7255-415c-8172-78e946a940aa
[#] Key deleted on reboot: HKLM\SOFTWARE\fee66025-5b6a-4778-b666-21336946a6ec
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}_is1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\TornTvDownloader.File
[#] Key deleted on reboot: HKCU\Software\Classes\TornTvDownloader.File
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\pc-mechanic
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TornTvDownloader.File
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\TornTvDownloader.File
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TornTvDownloader.File
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
[#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{672B1330-7E4A-4D61-BE04-E2A132F04E1E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\IBUpdaterService
[#] Key deleted on reboot: HKU\.DEFAULT\Software\IM
[#] Key deleted on reboot: HKU\.DEFAULT\Software\ImInstaller
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\canortic
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\eSupport.com
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\GlobalUpdate
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\NpApp
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Reg\Clean
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Store
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\tstamptoken
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WeatherAlerts
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WEBAPP
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT
[#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IBUpdaterService
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10
[#] Key deleted on reboot: HKCU\Software\canortic
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: HKCU\Software\NpApp
[#] Key deleted on reboot: HKCU\Software\Reg\Clean
[#] Key deleted on reboot: HKCU\Software\Store
[#] Key deleted on reboot: HKCU\Software\tstamptoken
[#] Key deleted on reboot: HKCU\Software\WeatherAlerts
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Shop For Rewards
[#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[#] Key deleted on reboot: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[#] Key deleted on reboot: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: HKLM\SOFTWARE\GlobalUpdate
[#] Key deleted on reboot: HKLM\SOFTWARE\NpApp
[#] Key deleted on reboot: HKLM\SOFTWARE\Reg\Clean
[#] Key deleted on reboot: HKLM\SOFTWARE\SearchModule
[#] Key deleted on reboot: HKLM\SOFTWARE\Taronja
[#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: HKLM\SOFTWARE\Universal
[#] Key deleted on reboot: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: HKLM\SOFTWARE\Lavasoft\Web Companion
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36BA0E82-2B7D-79E6-9AC9-572294FDA2BB}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT
[#] Key deleted on reboot: [x64] HKCU\Software\canortic
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: [x64] HKCU\Software\NpApp
[#] Key deleted on reboot: [x64] HKCU\Software\Reg\Clean
[#] Key deleted on reboot: [x64] HKCU\Software\Store
[#] Key deleted on reboot: [x64] HKCU\Software\tstamptoken
[#] Key deleted on reboot: [x64] HKCU\Software\WeatherAlerts
[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-518488637-833313989-2621144753-1000\Products\363FB0CBBA367FF4E81FEAD0F717B142
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Optimizer Pro
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_ssl_v12
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [34605 Bytes] - [17/09/2016 06:55:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [28378 Bytes] - [17/09/2016 07:22:34]
C:\AdwCleaner\AdwCleaner[R0].txt - [70089 Bytes] - [05/01/2015 13:11:31]
C:\AdwCleaner\AdwCleaner[R1].txt - [1472 Bytes] - [05/01/2015 14:01:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [68878 Bytes] - [05/01/2015 13:22:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [30149 Bytes] - [17/09/2016 06:51:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [25183 Bytes] - [17/09/2016 07:21:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [28821 Bytes] ##########

mikehende · Sep 17, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by mostafa (administrator) on MOSTAFA-PC (17-09-2016 07:31:52)
Running from E:\AV Softwares
Loaded Profiles: mostafa (Available Profiles: mostafa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Oracle Corporation) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Google+ Auto Backup] => "C:\Users\mostafa\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\mostafa\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [GoogleChromeAutoLaunch_E608B80824651D113E6B7511C53058BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [967496 2016-09-13] (Google Inc.)
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellExecuteHooks-x32: ShHook Class - {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\Windows\SysWOW64\ShellHook.dll [147456 2009-01-01] (Mercury Interactive (Israel) Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2015-10-31]
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2016-03-23]
ShortcutTarget: SQL Server.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\scm.exe (Microsoft Corporation)
Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31]
ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57492ED1-4AFC-4679-ACD0-672DF90D912E}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [NameServer] 4.2.2.2,8.8.8.8
Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC9D3702-65DA-4B5C-BB0F-14371749D2F1}: [DhcpNameServer] 97.64.168.12 97.64.183.165

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6C38CD4F-4B28-4693-A8D7-4EC16D74A0AE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File

FireFox:
========
FF ProfilePath: C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Bing
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\file\java\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\file\java\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/"
CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-08-24]
CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-08-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-30]
CHR Extension: (Ad.Block.Pro) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafdmgkjbpmgbnhgiopdbnocjlnjdoop [2015-08-31]
CHR Extension: (Ad Block Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojlnaiknmeeddcghnlbhnfplpiimjk [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-08-24]
CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]
CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01]
CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01]
CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20]
CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Cinemax Video 1.9cV20.07) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-07-20]
CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url>

Opera:
=======
OPR Extension: (cnjfgbikbkcmickdalamlmpmkhmbollm) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjfgbikbkcmickdalamlmpmkhmbollm [2015-08-01]
OPR Extension: (ehhkfhegcenpfoanmgfpfhnmdmflkbgk) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2015-08-01]
OPR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01]
OPR Extension: (fnbmdojpgjpmjjmnjdnbobcdhenmmgod) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnbmdojpgjpmjjmnjdnbobcdhenmmgod [2015-08-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed]
S3 SharedAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv
S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 UpdateSvc; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-11-19] (Windows (R) Codename Longhorn DDK provider)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 paldrv; C:\Windows\SysWOW64\pal_drv.sys [11107 2009-01-01] (Mercury Interactive Corp.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-01-21] (Sony Ericsson Mobile Communications)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S0 98632471; system32\drivers\00560299.sys [X]
S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-17 07:31 - 2016-09-17 07:31 - 00000000 ____D C:\FRST
2016-09-17 07:24 - 2016-09-17 07:24 - 00000020 _____ C:\Users\mostafa\AppData\Roaming\appdataFr2.bin
2016-09-17 05:47 - 2016-09-17 06:46 - 00000000 ____D C:\SUPERDelete
2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job
2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job
2016-09-17 05:46 - 2016-09-17 05:46 - 00003600 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c
2016-09-17 05:46 - 2016-09-17 05:46 - 00003526 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d
2016-09-17 05:46 - 2016-09-17 05:46 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\SUPERAntiSpyware.com
2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-17 07:32 - 2012-09-02 10:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-09-17 07:30 - 2011-12-06 10:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-09-17 07:29 - 2016-03-23 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job
2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job
2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job
2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job
2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job
2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job
2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job
2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job
2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job
2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job
2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job
2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job
2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job
2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job
2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job
2016-09-17 07:29 - 2014-11-19 20:06 - 00000031 _____ C:\Windows\system32\bbcap.err
2016-09-17 07:29 - 2012-09-28 12:52 - 00000328 _____ C:\Windows\Tasks\GlaryInitialize.job
2016-09-17 07:29 - 2012-08-30 19:36 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Skype
2016-09-17 07:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-17 07:22 - 2015-01-05 13:11 - 00000000 ____D C:\AdwCleaner
2016-09-17 07:10 - 2015-08-01 16:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 07:08 - 2016-03-23 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-17 07:04 - 2009-07-14 01:13 - 00088058 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-17 07:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-17 06:51 - 2012-10-20 23:31 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Yahoo!
2016-09-17 06:51 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-17 05:35 - 2016-03-23 19:31 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\BitTorrent
2016-09-17 05:34 - 2011-12-06 10:45 - 00000000 ____D C:\ProgramData\Sonic
2016-09-17 05:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas
2016-09-17 05:20 - 2015-08-24 20:49 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 05:20 - 2015-08-24 20:49 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 05:05 - 2014-12-28 17:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-17 05:03 - 2016-03-23 19:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-17 05:03 - 2016-03-23 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-17 05:00 - 2012-10-24 20:02 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Temp
2016-09-17 04:54 - 2015-11-16 20:20 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-09-17 04:54 - 2012-09-01 14:01 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\PCDr
2016-09-17 04:44 - 2015-08-01 16:35 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 04:44 - 2015-08-01 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-17 04:44 - 2015-08-01 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-16 22:08 - 2014-04-16 00:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-09-16 22:08 - 2013-08-14 12:19 - 00000258 __RSH C:\Users\mostafa\ntuser.pol
2016-09-16 22:08 - 2012-08-30 18:24 - 00000000 ____D C:\Users\mostafa
2016-09-16 22:03 - 2015-06-06 07:41 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Alarmed Clan
2016-09-16 21:56 - 2014-11-03 00:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2014-10-25 21:01 - 2014-10-25 21:00 - 0843304 _____ () C:\Program Files (x86)\chrome-update.exe
2015-07-05 12:42 - 2015-07-05 12:42 - 0931408 _____ (Google Inc.) C:\Program Files (x86)\ChromeSetup.exe
2014-08-28 15:14 - 2014-08-28 15:14 - 0244120 _____ () C:\Program Files (x86)\Firefox Setup Stub 31.0.exe
2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2014-10-08 14:52 - 2014-10-08 14:52 - 0000288 _____ () C:\Users\mostafa\AppData\Roaming\.backup.dm
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj
2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin
2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin
2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE
2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j
2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp
2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp
2015-07-11 12:33 - 2015-07-11 12:33 - 0000000 _____ () C:\Users\mostafa\AppData\Local\Temp.dat
2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat
2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\s630Y6kiG.dat

Some files in TEMP:
====================
C:\Users\mostafa\AppData\Local\Temp\6477.exe
C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe
C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe
C:\Users\mostafa\AppData\Local\Temp\libeay32.dll
C:\Users\mostafa\AppData\Local\Temp\links.exe
C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe
C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll
C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll
C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe
C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll
C:\Users\mostafa\AppData\Local\Temp\setacl.exe
C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll
C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe
C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe
C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe
C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-12-06 11:30] - [2015-07-20 20:47] - 0357888 _____ (Microsoft Corporation) 3ABBFD64E4FFF6A0D99E93ECD288127F

C:\Windows\SysWOW64\dnsapi.dll
[2011-12-06 11:30] - [2015-07-20 20:48] - 0270336 ____N (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2016-02-16 22:31

==================== End of FRST.txt ============================

mikehende · Sep 17, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by mostafa (17-09-2016 07:33:58)
Running from E:\AV Softwares
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-30 22:24:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-518488637-833313989-2621144753-500 - Administrator - Disabled)
Guest (S-1-5-21-518488637-833313989-2621144753-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-518488637-833313989-2621144753-1002 - Limited - Enabled)
mostafa (S-1-5-21-518488637-833313989-2621144753-1000 - Administrator - Enabled) => C:\Users\mostafa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Athan Basic 4.4 (HKLM-x32\...\Athan) (Version: - )
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell System Detect (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM-x32\...\{94A83681-EBE7-383A-A070-DE2225F853C1}) (Version: 53.0.2785.116 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
GUPlayer (remove only) (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\GUPlayer) (Version: - ) <==== ATTENTION
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version: - Microsoft Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PricceeMionUsu (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
ProcessGeneration (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{71538ab}) (Version: - Software Publisher) <==== ATTENTION
QuickTest Add-in for Quality Center (HKLM-x32\...\{A339A99A-1DBC-467F-B932-A9617743F888}) (Version: 10.00.00.00 - HP)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SoapUI 5.0.0 5.0.0 (HKLM-x32\...\5517-2803-0637-4585) (Version: 5.0.0 - SmartBear Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: {0859D0AE-CF8B-446F-871B-014BF138C534} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: {0F187394-65FC-44EA-B711-557348E31F85} - System32\Tasks\cv => C:\Users\mostafa\Desktop\Regression_testing.vbs
Task: {15D73607-E309-4E66-9CA6-B10A65929156} - System32\Tasks\{FE86151C-03B1-4958-9BC5-B9DCE9696365} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: {18F988A9-09A8-463C-8E6E-A98F2F5A9634} - System32\Tasks\DS regression testing => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs
Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION
Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {234C70A0-9510-4406-8BFA-1C4C1C4ED46E} - System32\Tasks\{FFA56E06-F725-4C4C-A45C-4DD82AD11EFC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {245ED950-1B3D-4285-A01D-E111085E7E3F} - System32\Tasks\regressiontestingdriverscript => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs
Task: {292DF875-5CB4-4C72-8E32-3E0B9F9C13C3} - System32\Tasks\n => C:\Users\mostafa\Desktop\DriverScript.vbs
Task: {2A1CC49A-A97B-4BCC-8EA4-3E243AFB3A3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION
Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION
Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {5B0055E1-8D1C-420D-B241-FF249885E035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)
Task: {6489DDD5-797A-40DF-8636-2D3DB2FFDA6B} - System32\Tasks\{C67A3FB7-C990-4C91-869F-4A5ACC0C8103} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: {67849C74-159F-4785-9B1D-715886885712} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {67CC633B-15B3-4210-BAFE-237A644209A5} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-05-27] (Glarysoft Ltd)
Task: {696724AD-DDE6-4B42-B010-1A23BD83D89D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: {6B009E06-BD4E-488F-A825-CD96D615EEC8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {6B50436C-B94F-4A71-A6BE-F0910F986084} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {6EBA229C-CDAA-4620-960E-5D7A2F581540} - System32\Tasks\DriverScript => C:\Users\mostafa\Desktop\DriverScript.vbs
Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION
Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {75ACD787-46F3-420C-B349-F809EF73D8D2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {78C2762B-8C37-4641-9503-8A949C5BE47E} - System32\Tasks\vb => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs
Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: {7D99140D-80CA-42E1-ACD6-18A47072A579} - System32\Tasks\Trigger KMS Activation => C:\movie\KMSNano v15 Offline Office and Windows KMS Activator\Get Your Software Here\TriggerKMS.exe
Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION
Task: {8634A9AB-6952-4E5B-981F-E74B1EC55FCA} - System32\Tasks\na => C:\Users\mostafa\Desktop\DriverScript.vbs
Task: {864305F8-1C5D-4629-8711-817B887341DB} - System32\Tasks\{2720132F-AFDB-49A5-AE9F-A8F8911E4A1B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {8A05B514-88DF-4672-9D70-4BD91D9AEC6E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9136B2F4-F83C-4183-8A39-744547D655C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation)
Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION
Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION
Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION
Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: {A03CBC09-5680-4E79-AD04-652BC1C6A42D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION
Task: {A242D276-1040-452A-9454-842E21607461} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation)
Task: {A4703617-E1C1-44A4-9A14-856C9DE8DCF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads
Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION
Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION
Task: {AFAAE557-A681-470B-A3A6-1EA9183196AC} - System32\Tasks\{21C2C291-AF4D-4F68-9159-1E13D5BAF185} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: {B3573691-9C93-46AE-ABDE-C93106E72749} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {B59CBAC9-BD68-41B9-8517-C7EFA955595D} - System32\Tasks\nbB => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs
Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop
Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {C1C99090-6280-40CD-BBC7-431CD13901E5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {C2886577-0940-49E7-8109-3F1E64A1B4FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe
Task: {C4F59BDB-28ED-4FE2-B61C-D4A4DE29F1D2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION
Task: {CA458640-5B25-41B4-963E-09E9C538E660} - System32\Tasks\{D17B719E-3EA9-4101-A120-E38EF6742E71} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638
Task: {CF56B95A-207E-43E0-AF79-05EE8B2B4F12} - System32\Tasks\4928 => Wscript.exe C:\Users\mostafa\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {D33A107F-58AC-415C-B2A7-D0580702FEC5} - System32\Tasks\Java(TM) Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION
Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION
Task: {E70E36DB-39E3-43A3-BE56-198D98BF6151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.)
Task: {E8D1D386-A84E-44E4-BF4A-5E0B98544D56} - System32\Tasks\RegressionTest => C:\Users\mostafa\Desktop\Regression_testing.vbs
Task: {F3271291-BB06-4979-B362-E99A6344DFDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {F478A6EB-AA17-42F2-9B31-C597A5F50633} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-06 11:10 - 2011-07-20 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-10-07 22:44 - 2015-11-01 03:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2011-12-06 10:21 - 2011-09-22 12:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-09-15 20:28 - 2011-09-15 20:28 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2006-02-02 01:43 - 2006-02-02 01:43 - 00006144 _____ () c:\oraclexe\app\oracle\product\10.2.0\server\bin\orajox10.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-20 20:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-518488637-833313989-2621144753-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 4.2.2.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^mostafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Athan => C:\Program Files (x86)\Athan\Athan.exe
MSCONFIG\startupreg: Avro Keyboard => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

22-02-2016 22:52:07 Windows Backup
16-09-2016 21:16:57 Windows Backup
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2016 07:30:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 07:30:32 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error: (09/17/2016 07:25:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 07:25:13 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error: (09/17/2016 07:09:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 944

Start Time: 01d210d3c19a79b6

Termination Time: 4

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 3f63617a-7cc7-11e6-ae9f-4c80932b161d

Error: (09/17/2016 07:07:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1578

Start Time: 01d210d2cc93081b

Termination Time: 10

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: f7d2cfe9-7cc6-11e6-ae9f-4c80932b161d

Error: (09/17/2016 06:58:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 06:58:03 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error: (09/17/2016 06:47:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/17/2016 06:47:21 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

System errors:
=============
Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
General access denied error

Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

Error: (09/17/2016 07:30:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
98632471

Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UpdateSvc service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Strong Rise service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
General access denied error

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3990.17 MB
Available physical RAM: 1930.03 MB
Total Virtual: 7978.52 MB
Available Virtual: 5201.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:161.52 GB) NTFS
Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.48 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================

starbuck · Sep 17, 2016

Hi Mike,

Heavily infected win7 Dell machine

That's a bit of an understatement

I can see a lot going on there, but need to go through the reports properly.
Have been working on the car today and it's still in bits at the moment.
It'll be a couple of hours before I can write a proper fix.
Will be back as soon as i can.

mikehende · Sep 17, 2016

That's fine Pete, take care of the car first, good luck. Aside from the browser issues, I am only seeing 2 other popups now on startup, "itunes helper" stating Apple Application Support was not found and "SQL Server service manager", thanks.

starbuck · Sep 17, 2016

Hi Mike,

Ok this will take some time..... the system is in a right mess.
It's that bad, there's no guarantee that everything can be fixed.
and with Rootkits, there's no telling what has been done or what has been stolen.

You may have to consider a re-install if we can't sort this.

I'm sure I've grown a beard whilst writing a fix

It's no longer in the add/remove...... but this is the main problem:

C:\Users\mostafa\AppData\Roaming\BitTorrent

When will people learn that p2p isn't worth it.

Ok... Hit n/o 1

Please download the attached fixlist.txt file (bottom of this post) and save it to E:\AV Softwares .
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

The tool will make a log in the 'software' (Fixlog.txt). Please post this in your next reply.

Thanks

mikehende · Sep 17, 2016

Thanks and sorry about the beard

but no change, IE and chrome still doesn't open, when I try to open IE the same window pops up stating "iexplorer.exe - Entry Point Not Found".

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by mostafa (17-09-2016 15:12:05) Run:1
Running from E:\AV Softwares
Loaded Profiles: mostafa (Available Profiles: mostafa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1
Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31]
ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File
FF DefaultSearchEngine,S: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01]
CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url>
S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv
S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 UpdateSvc; no ImagePath
S0 98632471; system32\drivers\00560299.sys [X]
S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X]
2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job
2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job
2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job
2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job
2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job
2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job
2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job
2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job
2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job
2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job
2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job
2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job
2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job
2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job
2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj
2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin
2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin
2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE
2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j
2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp
2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp
2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat
2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp
C:\ProgramData\s630Y6kiG.dat
C:\Users\mostafa\AppData\Local\Temp\6477.exe
C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe
C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe
C:\Users\mostafa\AppData\Local\Temp\libeay32.dll
C:\Users\mostafa\AppData\Local\Temp\links.exe
C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe
C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll
C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll
C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe
C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll
C:\Users\mostafa\AppData\Local\Temp\setacl.exe
C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll
C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe
C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe
C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe
C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe
Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION
Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION
Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION
Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION
Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION
Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION
Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION
Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION
Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION
Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION
Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION
Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads
Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION
Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION
Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop
Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe
Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION
Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION
Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION
Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION
Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION
Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION
Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION
Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION
Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION
Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION
Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION
Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION
Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION
Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION
Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION
Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION
Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION
Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION
Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com
c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe
C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe
C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe
C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe
C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe
C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe
C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe
c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe
C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe
C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe
C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe
C:\Users\mostafa\AppData\Roaming\YOXALEU.exe
C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe
C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe
C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe
C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe
C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe
C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe
C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe
C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe
c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe
C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe
C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe
C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe
C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe
C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe
C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe
C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe
C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe
C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe
C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe
c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe
C:\Users\mostafa\AppData\Roaming\YOXALEU.exe
C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetIcon => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk => moved successfully
C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully
HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-518488637-833313989-2621144753-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\HTLFP" => key removed successfully
HKCR\CLSID\{03B7A5D4-96B0-4316-95F8-072D326A58F1} => key not found.
"HKCR\PROTOCOLS\Handler\vfsp" => key removed successfully
HKCR\CLSID\{E4CB5121-E242-11D4-8ED6-00010219EB22} => key not found.
Firefox DefaultSearchEngine,S removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SearchEngineOrder.1,S removed successfully
Firefox SelectedSearchEngine,S removed successfully
"HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
Chrome StartupUrls => removed successfully
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => moved successfully
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj <==== ATTENTION => not found
C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge <==== ATTENTION => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhajehkfbbhkfnfepjpadnejlamcembd" => key removed successfully
4519cfe8 => service removed successfully
Strong Rise => service removed successfully
TrustedInstaller => service removed successfully
UpdateSvc => service removed successfully
98632471 => service removed successfully
ydymrkdf => service removed successfully
C:\Windows\Tasks\Zl6wqVw0j.job => moved successfully
C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => moved successfully
C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => moved successfully
C:\Windows\Tasks\Mw31EXaU4OH8O2.job => moved successfully
C:\Windows\Tasks\RqLdEdxeE.job => moved successfully
C:\Windows\Tasks\kQjD6sW.job => moved successfully
C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => moved successfully
C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => moved successfully
C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => moved successfully
C:\Windows\Tasks\e8CHJYS.job => moved successfully
C:\Windows\Tasks\HLPDPCBXOsXR.job => moved successfully
C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => moved successfully
C:\Windows\Tasks\pHG5o0vm7ufSS.job => moved successfully
C:\Windows\Tasks\HDqSxfY03ASW.job => moved successfully
C:\Windows\Tasks\YOXALEU.job => moved successfully
C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj => moved successfully
C:\Users\mostafa\AppData\Roaming\appdataFr2.bin => moved successfully
C:\Users\mostafa\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Users\mostafa\AppData\Roaming\callbanner.png => moved successfully
C:\Users\mostafa\AppData\Roaming\e8CHJYS => moved successfully
C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON => moved successfully
C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 => moved successfully
C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW => moved successfully
C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR => moved successfully
C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw => moved successfully
C:\Users\mostafa\AppData\Roaming\kQjD6sW => moved successfully
C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 => moved successfully
C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS => moved successfully
C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn => moved successfully
C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP => moved successfully
C:\Users\mostafa\AppData\Roaming\RqLdEdxeE => moved successfully
C:\Users\mostafa\AppData\Roaming\WB.CFG => moved successfully
C:\Users\mostafa\AppData\Roaming\YOXALEU => moved successfully
C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j => moved successfully
C:\Users\mostafa\AppData\Local\nsaF02F.tmp => moved successfully
C:\Users\mostafa\AppData\Local\nsl4F26.tmp => moved successfully
C:\ProgramData\s630Y6kiG.dat => moved successfully
C:\ProgramData\tempimage.bmp => moved successfully
"C:\ProgramData\s630Y6kiG.dat" => not found.
C:\Users\mostafa\AppData\Local\Temp\6477.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\mostafa\AppData\Local\Temp\links.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll => moved successfully
C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll => moved successfully
C:\Users\mostafa\AppData\Local\Temp\setacl.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe => moved successfully
C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully
C:\Windows\System32\Tasks\FactorTractor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FactorTractor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully
C:\Windows\System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6Ns0l0RtECVrF4N1Wdgdj" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully
C:\Windows\System32\Tasks\kQjD6sW => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kQjD6sW" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully
C:\Windows\System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\q2BLvt7fLsZQzHF1w5oRKn" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully
C:\Windows\System32\Tasks\pHG5o0vm7ufSS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pHG5o0vm7ufSS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully
C:\Windows\System32\Tasks\HLPDPCBXOsXR => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HLPDPCBXOsXR" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully
C:\Windows\System32\Tasks\GfIl6eXhzrtFCwN2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GfIl6eXhzrtFCwN2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully
C:\Windows\System32\Tasks\SmartSpace => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSpace" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SrvDaily => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully
C:\Windows\System32\Tasks\RqLdEdxeE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RqLdEdxeE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Auto Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully
C:\Windows\System32\Tasks\Zl6wqVw0j => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zl6wqVw0j" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully
C:\Windows\System32\Tasks\Mw31EXaU4OH8O2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mw31EXaU4OH8O2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.20 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully
C:\Windows\System32\Tasks\YOXALEU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YOXALEU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully
C:\Windows\System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Autorun" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully
C:\Windows\System32\Tasks\QaZwalXo7Y29RQRN0tTP => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QaZwalXo7Y29RQRN0tTP" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully
C:\Windows\System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B516C27F-CE30-40E1-A9B8-23AD7031C149}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DrspeedyPc Secure => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully
C:\Windows\System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-ywy3yzbxmws4bwj" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully
C:\Windows\System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eSVgwTq0ljf8i6XknwRH549ON" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully
C:\Windows\System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\E1DAF600-A02A-4CA0-B471-C240C9D1CA60" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully
C:\Windows\System32\Tasks\iG7r2wOvHDgnvS6oU1cw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iG7r2wOvHDgnvS6oU1cw" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully
C:\Windows\System32\Tasks\HDqSxfY03ASW => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDqSxfY03ASW" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully
C:\Windows\System32\Tasks\e8CHJYS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8CHJYS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate => key not found.
C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => not found.
C:\Windows\Tasks\e8CHJYS.job => not found.
C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => not found.
C:\Windows\Tasks\FactorTractor.job => moved successfully
C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => not found.
C:\Windows\Tasks\HDqSxfY03ASW.job => not found.
C:\Windows\Tasks\HLPDPCBXOsXR.job => not found.
C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => not found.
C:\Windows\Tasks\kQjD6sW.job => not found.
C:\Windows\Tasks\Mw31EXaU4OH8O2.job => not found.
C:\Windows\Tasks\pHG5o0vm7ufSS.job => not found.
C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => not found.
C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => not found.
C:\Windows\Tasks\RqLdEdxeE.job => not found.
C:\Windows\Tasks\SmartSpace.job => moved successfully
C:\Windows\Tasks\YOXALEU.job => not found.
C:\Windows\Tasks\Zl6wqVw0j.job => not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":A4A25FD3" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\16559628.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\46237229.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\55456837.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\63755908.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\69534146.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98632471.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully
"HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
"c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found.
"c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found.
"C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found.
"c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found.
"c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found.
"C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found.

========= ipconfig /flushdns =========

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 241246323 B
Java, Flash, Steam htmlcache => 2326 B
Windows/system/drivers => 503568549 B
Edge => 0 B
Chrome => 49703362 B
Firefox => 17572062 B
Opera => 1672600 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 477562153 B
systemprofile32 => 99028446 B
LocalService => 128 B
NetworkService => 14172 B
mostafa => 1821661397 B

RecycleBin => 194147915 B
EmptyTemp: => 3.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:18:45 ====

starbuck · Sep 17, 2016

Hi Mike.

Thanks and sorry about the beard

That's ok, it's been many years since I had one

but no change, IE and chrome still doesn't open, when I try to open IE the same window pops up stating "iexplorer.exe - Entry Point Not Found".

I didn't expect too much change yet.
There was a lot of infection on the system..... we had to remove that before we could start to try and repair the damage.

Step 1
Please download Windows Repair (all in one)

Double click on the icon to install the program. Vista/Windows 7/8/10 users right-click and select Run As Administrator.
After the program has installed..... close the system down and reboot into Safe Mode with Networking. (this is the best way to run this program... if Safe Mode doesn't work, just run it in normal mode for now))
Now restart Windows Repair (all in one)

When the program opens:
Follow the Power reset advice in Step 1.
You can skip Step 2
Click on the step 3: Optional tab. and allow it to run Disk check
Once that is done then go to step 4: Optional tab and allow it to run SFC
When finished, click on Step 5: Backup tab and click to allow both Registry and System Restore backups.
When finished, click on the Repairs tab
Click Open Repairs
When the repair page opens, click the following options:

01
02
03
04
05
06
07
10
21
26
27

(if Safe Mode doesn't work..... tick to add n/o 24 as well )
Then click on Start Repairs.

DON'T use the computer while each scan is in progress.
A restart will be needed to finish the repair procedure.

Step 2
Google Chrome was heavily infected with ZeroAccess.... please uninstall Chrome and reinstall a fresh copy from: https://www.google.com/chrome/

Step 3
If IE still isn't working after running the repairs.....

It may be best to uninstall it and download a fresh copy.

When you uninstall Internet Explorer 11 from your system..... The system will restore the previous version of Internet Explorer that was installed.
This can be IE8,9 or 10 depending on whether the browser has been upgraded in the past.
Which ever it is, you will still have a working copy of IE.

Click on the start menu and select Control Panel from the menu that opens up.
Select Uninstall a program under Programs.
Internet Explorer 11 is not listed in the installed programs listing.
It is listed as an update, so select View installed updates from the left sidebar.
The browser is listed in the Microsoft Windows group.
Right click on Internet Explorer 11 and select Uninstall.

This removes Internet Explorer 11 from the Windows 7 system and replaces it with the version of the browser that was installed before it.
You can then keep using that browser, or update back to IE11 from this link: Internet Explorer 11 for Windows 7
I would recommend updating back to IE 11.

Let me know how all this goes.

mikehende · Sep 18, 2016

Well Pete, all seems well now thank you very much, just one issue is the Microsoft SQL Server Desktop Engine popup which appears whenever the desktop loads, it does not uninstall from Programs nor Revo Uninstaller with the error message "An error has occured while removing the SQL Active Directory Helper Service". If it can't be uninstalled then how can I possibly prevent it from autoloading on startup please?

starbuck · Sep 18, 2016

Hi Mike,

I'll take a look and see if it's in the reports....

Please re-run FRST.

Make sure that Addition.txt is selected at the bottom
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It will also make another log (Addition.txt). Please copy and paste it to your reply also.

mikehende · Sep 18, 2016

It's ok Pete, after all this work, the owner NOW decides he wants me to backup his data and reload the OS, so very sorry, only good thing which came off of this is I learned quite a lot so I thank you for that too!

starbuck · Sep 18, 2016

Ok Mike, it's not your fault.
Would have been nice if he'd had the foresight at the beginning though.
Thank for letting us know.

mikehende · Sep 18, 2016

Yeah so very sorry, I had mentioned this option to him before taking his pc but some folks have different thoughts. BTW, I only now looked at it seems version 6 is now available: http://www.albumplayer.com/

starbuck · Sep 18, 2016

Cheers Mike,

I'll take a look.

mikehende · Sep 18, 2016

Cool, once again thank you very much for the help, till next time, all the best!

Heavily infected win7 Dell machine

mikehende

Active Member

mikehende

Active Member

mikehende

Active Member

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

Attachments

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

starbuck

Malware Removal Specialist - Administrator

mikehende

Active Member

Similar threads