mikehende Posted September 17, 2016 Posted September 17, 2016 Hey Pete, how's it going, been a while, hope all is well? I can use some help with this heavily infected pc please. I ran mbam 2 times, found a lot of stuff but showed ok on 3rd run. SAS did not show any infections. Adwcleaner I ran twice and showed infections but JRT won't run. IE and Chrome has issues opening and functioning properly on the net. I have attached the logs I am able to run. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/17/2016 Scan Time: 5:53 AM Logfile: mbam og.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.17.03 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: mostafa Scan Type: Threat Scan Result: Completed Objects Scanned: 424805 Time Elapsed: 31 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Quote
mikehende Posted September 17, 2016 Author Posted September 17, 2016 # AdwCleaner v6.020 - Logfile created 17/09/2016 at 07:22:34 # Updated on 14/09/2016 by ToolsLib # Database : 2016-09-17.1 [server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : mostafa - MOSTAFA-PC # Running from : E:\AV Softwares\AdwCleaner.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File deleted: C:\Users\mostafa\AppData\Roaming\appdataFr2.bin ***** [ DLL ] ***** [!] File not disinfected: C:\Windows\System32\dnsapi.dll [!] File not disinfected: C:\Windows\SysWOW64\dnsapi.dll ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** [!] Task not deleted: RunAsStdUser Task for VeohWebPlayer [!] Task not deleted: Secure Fast PC Auto Updater [!] Task not deleted: Secure Fast PC Autorun [!] Task not deleted: YTDownloader [!] Task not deleted: YTDownloaderUpd [!] Task not deleted: Microsoft\Windows\Multimedia\SMupdate3 [!] Task not deleted: Microsoft\Windows\Maintenance\SMupdate2 [!] Task not deleted: 0 ***** [ Registry ] ***** [#] Key deleted on reboot: HKLM\SOFTWARE\076d8b5f-a755-4da5-a5ba-cbb57f301128 [#] Key deleted on reboot: HKLM\SOFTWARE\09f40017-2bc6-4d67-9e7f-beceee00cf7d [#] Key deleted on reboot: HKLM\SOFTWARE\1bf8e8a5-9def-424d-858d-4ebb8ad4821f [#] Key deleted on reboot: HKLM\SOFTWARE\40e97be2-3cf7-4df0-aeb7-0fbd80b53f4e [#] Key deleted on reboot: HKLM\SOFTWARE\4cc93419-f013-44cf-952f-fca8ceb1a86c [#] Key deleted on reboot: HKLM\SOFTWARE\79780c0b-152c-428c-a9b2-ed599a44e62d [#] Key deleted on reboot: HKLM\SOFTWARE\94af48d0-240e-43ee-a287-117229f80267 [#] Key deleted on reboot: HKLM\SOFTWARE\9aee7b62-ff08-4ac3-90a5-d4347c0b5f93 [#] Key deleted on reboot: HKLM\SOFTWARE\9d359427-2ddb-e538-b5d6-3dee3bf7d717 [#] Key deleted on reboot: HKLM\SOFTWARE\b4a36f4f-4903-4387-b9b2-9c1658a7e152 [#] Key deleted on reboot: HKLM\SOFTWARE\be02515d-c866-446b-a162-98083dd195d6 [#] Key deleted on reboot: HKLM\SOFTWARE\d0ee02c1-0297-4c0d-9957-37299f816763 [#] Key deleted on reboot: HKLM\SOFTWARE\ebc956f4-11e1-434c-b671-6464a7d33bf2 [#] Key deleted on reboot: HKLM\SOFTWARE\ed41810f-e3c5-4fa9-b719-90c46eeb999d [#] Key deleted on reboot: HKLM\SOFTWARE\f44b7b4f-1641-46ef-ae69-f2e10e86e233 [#] Key deleted on reboot: HKLM\SOFTWARE\fd14bed6-7255-415c-8172-78e946a940aa [#] Key deleted on reboot: HKLM\SOFTWARE\fee66025-5b6a-4778-b666-21336946a6ec [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1(1).exe [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}_is1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9 [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\pastaleadsServiceCore [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKCU\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\pc-mechanic [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TornTvDownloader.File [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: [x64] HKCU\Software\Classes\TornTvDownloader.File [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.ProcSharedMem.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Mercury.QTP.ActiveScriptHelper.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TornTvDownloader.File [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} [#] Key deleted on reboot: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Interface\{672B1330-7E4A-4D61-BE04-E2A132F04E1E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [#] Key deleted on reboot: HKU\.DEFAULT\Software\IBUpdaterService [#] Key deleted on reboot: HKU\.DEFAULT\Software\IM [#] Key deleted on reboot: HKU\.DEFAULT\Software\ImInstaller [#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ [#] Key deleted on reboot: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\canortic [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\eSupport.com [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\GlobalUpdate [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\InstalledBrowserExtensions [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Tinstalls [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\NpApp [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Reg\Clean [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Store [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\tstamptoken [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WeatherAlerts [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\WEBAPP [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\Companion [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT [#] Key deleted on reboot: HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKU\S-1-5-18\Software\IBUpdaterService [#] Key deleted on reboot: HKU\S-1-5-18\Software\IM [#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_ [#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10 [#] Key deleted on reboot: HKCU\Software\canortic [#] Key deleted on reboot: HKCU\Software\eSupport.com [#] Key deleted on reboot: HKCU\Software\GlobalUpdate [#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions [#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls [#] Key deleted on reboot: HKCU\Software\NpApp [#] Key deleted on reboot: HKCU\Software\Reg\Clean [#] Key deleted on reboot: HKCU\Software\Store [#] Key deleted on reboot: HKCU\Software\tstamptoken [#] Key deleted on reboot: HKCU\Software\WeatherAlerts [#] Key deleted on reboot: HKCU\Software\WEBAPP [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Shop For Rewards [#] Key deleted on reboot: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks [#] Key deleted on reboot: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [#] Key deleted on reboot: HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [#] Key deleted on reboot: HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: HKLM\SOFTWARE\GlobalUpdate [#] Key deleted on reboot: HKLM\SOFTWARE\NpApp [#] Key deleted on reboot: HKLM\SOFTWARE\Reg\Clean [#] Key deleted on reboot: HKLM\SOFTWARE\SearchModule [#] Key deleted on reboot: HKLM\SOFTWARE\Taronja [#] Key deleted on reboot: HKLM\SOFTWARE\Uniblue [#] Key deleted on reboot: HKLM\SOFTWARE\Universal [#] Key deleted on reboot: HKLM\SOFTWARE\Yahoo\Companion [#] Key deleted on reboot: HKLM\SOFTWARE\Lavasoft\Web Companion [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36BA0E82-2B7D-79E6-9AC9-572294FDA2BB} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\BabylonToolbar [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\IM [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Iminent [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\spd [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\SweetIM [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\Updater By Sweetpacks [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-518488637-833313989-2621144753-1000\Software\WNLT [#] Key deleted on reboot: [x64] HKCU\Software\canortic [#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com [#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate [#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls [#] Key deleted on reboot: [x64] HKCU\Software\NpApp [#] Key deleted on reboot: [x64] HKCU\Software\Reg\Clean [#] Key deleted on reboot: [x64] HKCU\Software\Store [#] Key deleted on reboot: [x64] HKCU\Software\tstamptoken [#] Key deleted on reboot: [x64] HKCU\Software\WeatherAlerts [#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GUPlayer [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-518488637-833313989-2621144753-1000\Products\363FB0CBBA367FF4E81FEAD0F717B142 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Optimizer Pro [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ROC_roc_ssl_v12 [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [#] Key deleted on reboot: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} [#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [34605 Bytes] - [17/09/2016 06:55:14] C:\AdwCleaner\AdwCleaner[C2].txt - [28378 Bytes] - [17/09/2016 07:22:34] C:\AdwCleaner\AdwCleaner[R0].txt - [70089 Bytes] - [05/01/2015 13:11:31] C:\AdwCleaner\AdwCleaner[R1].txt - [1472 Bytes] - [05/01/2015 14:01:45] C:\AdwCleaner\AdwCleaner[s0].txt - [68878 Bytes] - [05/01/2015 13:22:31] C:\AdwCleaner\AdwCleaner[s1].txt - [30149 Bytes] - [17/09/2016 06:51:32] C:\AdwCleaner\AdwCleaner[s2].txt - [25183 Bytes] - [17/09/2016 07:21:12] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [28821 Bytes] ########## Quote
mikehende Posted September 17, 2016 Author Posted September 17, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016 Ran by mostafa (administrator) on MOSTAFA-PC (17-09-2016 07:31:52) Running from E:\AV Softwares Loaded Profiles: mostafa (Available Profiles: mostafa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Oracle Corporation) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor) HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation) HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Google+ Auto Backup] => "C:\Users\mostafa\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\mostafa\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [GoogleChromeAutoLaunch_E608B80824651D113E6B7511C53058BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [967496 2016-09-13] (Google Inc.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware) HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1 HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1 ShellExecuteHooks-x32: ShHook Class - {A5949E07-8536-4625-A3D0-2DD83F559990} - C:\Windows\SysWOW64\ShellHook.dll [147456 2009-01-01] (Mercury Interactive (Israel) Ltd.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2015-10-31] ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SQL Server.lnk [2016-03-23] ShortcutTarget: SQL Server.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\scm.exe (Microsoft Corporation) Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31] ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{57492ED1-4AFC-4679-ACD0-672DF90D912E}: [NameServer] 0.0.0.0 Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [NameServer] 4.2.2.2,8.8.8.8 Tcpip\..\Interfaces\{91794A27-4BAD-47A9-A4BA-EAE7117D1D15}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CC9D3702-65DA-4B5C-BB0F-14371749D2F1}: [DhcpNameServer] 97.64.168.12 97.64.183.165 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {6C38CD4F-4B28-4693-A8D7-4EC16D74A0AE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-01] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File FireFox: ======== FF ProfilePath: C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: Bing FF SelectedSearchEngine,S: WebSearch FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800 FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\file\java\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\file\java\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/" CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23] CHR Extension: (Google Drive) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-08-24] CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29] CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-08-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-30] CHR Extension: (Ad.Block.Pro) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafdmgkjbpmgbnhgiopdbnocjlnjdoop [2015-08-31] CHR Extension: (Ad Block Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojlnaiknmeeddcghnlbhnfplpiimjk [2015-08-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23] CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-08-24] CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24] CHR Profile: C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (YouTube) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19] CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Search) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19] CHR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01] CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-20] CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Cinemax Video 1.9cV20.07) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-07-20] CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Gmail) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url> Opera: ======= OPR Extension: (cnjfgbikbkcmickdalamlmpmkhmbollm) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnjfgbikbkcmickdalamlmpmkhmbollm [2015-08-01] OPR Extension: (ehhkfhegcenpfoanmgfpfhnmdmflkbgk) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2015-08-01] OPR Extension: (encaiiljifbdbjlphpgpiimidegddhic) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2015-08-01] OPR Extension: (fnbmdojpgjpmjjmnjdnbobcdhenmmgod) - C:\Users\mostafa\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnbmdojpgjpmjjmnjdnbobcdhenmmgod [2015-08-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed] R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] () S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] () [File not signed] S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation) [File not signed] R2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation) [File not signed] S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] () [File not signed] S3 SharedAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 SharedAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files (x86)\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S2 UpdateSvc; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-11-19] (Windows ® Codename Longhorn DDK provider) S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S2 paldrv; C:\Windows\SysWOW64\pal_drv.sys [11107 2009-01-01] (Mercury Interactive Corp.) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-01-21] (Sony Ericsson Mobile Communications) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed] S0 98632471; system32\drivers\00560299.sys [X] S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-17 07:31 - 2016-09-17 07:31 - 00000000 ____D C:\FRST 2016-09-17 07:24 - 2016-09-17 07:24 - 00000020 _____ C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2016-09-17 05:47 - 2016-09-17 06:46 - 00000000 ____D C:\SUPERDelete 2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job 2016-09-17 05:46 - 2016-09-17 06:46 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job 2016-09-17 05:46 - 2016-09-17 05:46 - 00003600 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c 2016-09-17 05:46 - 2016-09-17 05:46 - 00003526 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d 2016-09-17 05:46 - 2016-09-17 05:46 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\SUPERAntiSpyware.com 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-17 05:46 - 2016-09-17 05:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-17 07:32 - 2012-09-02 10:01 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2016-09-17 07:30 - 2011-12-06 10:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2016-09-17 07:30 - 2011-12-06 10:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2016-09-17 07:29 - 2016-03-23 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job 2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job 2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job 2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job 2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job 2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job 2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job 2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job 2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job 2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job 2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job 2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job 2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job 2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job 2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job 2016-09-17 07:29 - 2014-11-19 20:06 - 00000031 _____ C:\Windows\system32\bbcap.err 2016-09-17 07:29 - 2012-09-28 12:52 - 00000328 _____ C:\Windows\Tasks\GlaryInitialize.job 2016-09-17 07:29 - 2012-08-30 19:36 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Skype 2016-09-17 07:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-09-17 07:28 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-09-17 07:22 - 2015-01-05 13:11 - 00000000 ____D C:\AdwCleaner 2016-09-17 07:10 - 2015-08-01 16:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-17 07:08 - 2016-03-23 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-17 07:04 - 2009-07-14 01:13 - 00088058 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-17 07:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-09-17 06:51 - 2012-10-20 23:31 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Yahoo! 2016-09-17 06:51 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System 2016-09-17 05:35 - 2016-03-23 19:31 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\BitTorrent 2016-09-17 05:34 - 2011-12-06 10:45 - 00000000 ____D C:\ProgramData\Sonic 2016-09-17 05:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\schemas 2016-09-17 05:20 - 2015-08-24 20:49 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-17 05:20 - 2015-08-24 20:49 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-09-17 05:05 - 2014-12-28 17:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-09-17 05:03 - 2016-03-23 19:25 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-17 05:03 - 2016-03-23 19:25 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-17 05:00 - 2012-10-24 20:02 - 00000000 ____D C:\Users\mostafa\AppData\LocalLow\Temp 2016-09-17 04:54 - 2015-11-16 20:20 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2016-09-17 04:54 - 2012-09-01 14:01 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\PCDr 2016-09-17 04:44 - 2015-08-01 16:35 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-17 04:44 - 2015-08-01 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-17 04:44 - 2015-08-01 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-16 22:08 - 2014-04-16 00:56 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-09-16 22:08 - 2013-08-14 12:19 - 00000258 __RSH C:\Users\mostafa\ntuser.pol 2016-09-16 22:08 - 2012-08-30 18:24 - 00000000 ____D C:\Users\mostafa 2016-09-16 22:03 - 2015-06-06 07:41 - 00000000 ____D C:\Users\mostafa\AppData\Roaming\Alarmed Clan 2016-09-16 21:56 - 2014-11-03 00:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2014-10-25 21:01 - 2014-10-25 21:00 - 0843304 _____ () C:\Program Files (x86)\chrome-update.exe 2015-07-05 12:42 - 2015-07-05 12:42 - 0931408 _____ (Google Inc.) C:\Program Files (x86)\ChromeSetup.exe 2014-08-28 15:14 - 2014-08-28 15:14 - 0244120 _____ () C:\Program Files (x86)\Firefox Setup Stub 31.0.exe 2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico 2014-10-08 14:52 - 2014-10-08 14:52 - 0000288 _____ () C:\Users\mostafa\AppData\Roaming\.backup.dm 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj 2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin 2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE 2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG 2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j 2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp 2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp 2015-07-11 12:33 - 2015-07-11 12:33 - 0000000 _____ () C:\Users\mostafa\AppData\Local\Temp.dat 2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat 2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install Files to move or delete: ==================== C:\ProgramData\s630Y6kiG.dat Some files in TEMP: ==================== C:\Users\mostafa\AppData\Local\Temp\6477.exe C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe C:\Users\mostafa\AppData\Local\Temp\libeay32.dll C:\Users\mostafa\AppData\Local\Temp\links.exe C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll C:\Users\mostafa\AppData\Local\Temp\setacl.exe C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll [2011-12-06 11:30] - [2015-07-20 20:47] - 0357888 _____ (Microsoft Corporation) 3ABBFD64E4FFF6A0D99E93ECD288127F C:\Windows\SysWOW64\dnsapi.dll [2011-12-06 11:30] - [2015-07-20 20:48] - 0270336 ____N (Microsoft Corporation) F0E7F233ABC7CBB6ACFB6210ECE3D5B1 C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2016-02-16 22:31 ==================== End of FRST.txt ============================ Quote
mikehende Posted September 17, 2016 Author Posted September 17, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016 Ran by mostafa (17-09-2016 07:33:58) Running from E:\AV Softwares Windows 7 Home Premium Service Pack 1 (X64) (2012-08-30 22:24:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-518488637-833313989-2621144753-500 - Administrator - Disabled) Guest (S-1-5-21-518488637-833313989-2621144753-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-518488637-833313989-2621144753-1002 - Limited - Enabled) mostafa (S-1-5-21-518488637-833313989-2621144753-1000 - Administrator - Enabled) => C:\Users\mostafa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Athan Basic 4.4 (HKLM-x32\...\Athan) (Version: - ) bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell) Dell System Detect (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.1 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated) Dropbox (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Google Chrome (HKLM-x32\...\{94A83681-EBE7-383A-A070-DE2225F853C1}) (Version: 53.0.2785.116 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Google+ Auto Backup (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.) GUPlayer (remove only) (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\GUPlayer) (Version: - ) <==== ATTENTION Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version: - Microsoft Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Java 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server Desktop Engine (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PricceeMionUsu (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION ProcessGeneration (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{71538ab}) (Version: - Software Publisher) <==== ATTENTION QuickTest Add-in for Quality Center (HKLM-x32\...\{A339A99A-1DBC-467F-B932-A9617743F888}) (Version: 10.00.00.00 - HP) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) SoapUI 5.0.0 5.0.0 (HKLM-x32\...\5517-2803-0637-4585) (Version: 5.0.0 - SmartBear Software) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-518488637-833313989-2621144753-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mostafa\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: {0859D0AE-CF8B-446F-871B-014BF138C534} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: {0F187394-65FC-44EA-B711-557348E31F85} - System32\Tasks\cv => C:\Users\mostafa\Desktop\Regression_testing.vbs Task: {15D73607-E309-4E66-9CA6-B10A65929156} - System32\Tasks\{FE86151C-03B1-4958-9BC5-B9DCE9696365} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: {18F988A9-09A8-463C-8E6E-A98F2F5A9634} - System32\Tasks\DS regression testing => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION Task: {234C70A0-9510-4406-8BFA-1C4C1C4ED46E} - System32\Tasks\{FFA56E06-F725-4C4C-A45C-4DD82AD11EFC} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {245ED950-1B3D-4285-A01D-E111085E7E3F} - System32\Tasks\regressiontestingdriverscript => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs Task: {292DF875-5CB4-4C72-8E32-3E0B9F9C13C3} - System32\Tasks\n => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {2A1CC49A-A97B-4BCC-8EA4-3E243AFB3A3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {5B0055E1-8D1C-420D-B241-FF249885E035} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.) Task: {6489DDD5-797A-40DF-8636-2D3DB2FFDA6B} - System32\Tasks\{C67A3FB7-C990-4C91-869F-4A5ACC0C8103} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: {67849C74-159F-4785-9B1D-715886885712} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {67CC633B-15B3-4210-BAFE-237A644209A5} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-05-27] (Glarysoft Ltd) Task: {696724AD-DDE6-4B42-B010-1A23BD83D89D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: {6B009E06-BD4E-488F-A825-CD96D615EEC8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.) Task: {6B50436C-B94F-4A71-A6BE-F0910F986084} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {6EBA229C-CDAA-4620-960E-5D7A2F581540} - System32\Tasks\DriverScript => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION Task: {75ACD787-46F3-420C-B349-F809EF73D8D2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {78C2762B-8C37-4641-9503-8A949C5BE47E} - System32\Tasks\vb => C:\Users\mostafa\Desktop\RegressiontestingonDS.vbs Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: {7D99140D-80CA-42E1-ACD6-18A47072A579} - System32\Tasks\Trigger KMS Activation => C:\movie\KMSNano v15 Offline Office and Windows KMS Activator\Get Your Software Here\TriggerKMS.exe Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION Task: {8634A9AB-6952-4E5B-981F-E74B1EC55FCA} - System32\Tasks\na => C:\Users\mostafa\Desktop\DriverScript.vbs Task: {864305F8-1C5D-4629-8711-817B887341DB} - System32\Tasks\{2720132F-AFDB-49A5-AE9F-A8F8911E4A1B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {8A05B514-88DF-4672-9D70-4BD91D9AEC6E} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {9136B2F4-F83C-4183-8A39-744547D655C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation) Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: {A03CBC09-5680-4E79-AD04-652BC1C6A42D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION Task: {A242D276-1040-452A-9454-842E21607461} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-11-01] (Microsoft Corporation) Task: {A4703617-E1C1-44A4-9A14-856C9DE8DCF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION Task: {AFAAE557-A681-470B-A3A6-1EA9183196AC} - System32\Tasks\{21C2C291-AF4D-4F68-9159-1E13D5BAF185} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: {B3573691-9C93-46AE-ABDE-C93106E72749} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation) Task: {B59CBAC9-BD68-41B9-8517-C7EFA955595D} - System32\Tasks\nbB => C:\QTP\Tests\Driver Script\regressiontestingpractice1.vbs Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION Task: {C1C99090-6280-40CD-BBC7-431CD13901E5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {C2886577-0940-49E7-8109-3F1E64A1B4FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe Task: {C4F59BDB-28ED-4FE2-B61C-D4A4DE29F1D2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.) Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION Task: {CA458640-5B25-41B4-963E-09E9C538E660} - System32\Tasks\{D17B719E-3EA9-4101-A120-E38EF6742E71} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1638 Task: {CF56B95A-207E-43E0-AF79-05EE8B2B4F12} - System32\Tasks\4928 => Wscript.exe C:\Users\mostafa\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {D33A107F-58AC-415C-B2A7-D0580702FEC5} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION Task: {E70E36DB-39E3-43A3-BE56-198D98BF6151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-23] (Google Inc.) Task: {E8D1D386-A84E-44E4-BF4A-5E0B98544D56} - System32\Tasks\RegressionTest => C:\Users\mostafa\Desktop\Regression_testing.vbs Task: {F3271291-BB06-4979-B362-E99A6344DFDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation) Task: {F478A6EB-AA17-42F2-9B31-C597A5F50633} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4c934f09-6a85-4c9c-9976-d8f1286f639c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9169c990-72aa-49ee-9832-651dab2e1d6d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-12-06 11:10 - 2011-07-20 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-09-15 19:46 - 2011-09-15 19:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2015-10-07 22:44 - 2015-11-01 03:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2011-12-06 10:21 - 2011-09-22 12:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2011-09-15 20:28 - 2011-09-15 20:28 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 2006-02-02 01:43 - 2006-02-02 01:43 - 00006144 _____ () c:\oraclexe\app\oracle\product\10.2.0\server\bin\orajox10.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-07-20 20:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-518488637-833313989-2621144753-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 4.2.2.2 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) MpsSvc => Firewall Service is not running. bfe => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^mostafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: Athan => C:\Program Files (x86)\Athan\Athan.exe MSCONFIG\startupreg: Avro Keyboard => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe MSCONFIG\startupreg: ROC_roc_ssl_v12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 22-02-2016 22:52:07 Windows Backup 16-09-2016 21:16:57 Windows Backup Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/17/2016 07:30:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 07:30:32 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 07:25:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 07:25:13 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 07:09:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 944 Start Time: 01d210d3c19a79b6 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: 3f63617a-7cc7-11e6-ae9f-4c80932b161d Error: (09/17/2016 07:07:54 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1578 Start Time: 01d210d2cc93081b Termination Time: 10 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: f7d2cfe9-7cc6-11e6-ae9f-4c80932b161d Error: (09/17/2016 06:58:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 06:58:03 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. Error: (09/17/2016 06:47:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/17/2016 06:47:21 AM) (Source: MSSQLServer) (EventID: 19011) (User: ) Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0. System errors: ============= Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error Error: (09/17/2016 07:30:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error Error: (09/17/2016 07:30:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: 98632471 Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UpdateSvc service failed to start due to the following error: The system cannot find the path specified. Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Strong Rise service failed to start due to the following error: The system cannot find the file specified. Error: (09/17/2016 07:30:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: General access denied error ==================== Memory info =========================== Processor: Intel® Core i3-2330M CPU @ 2.20GHz Percentage of memory in use: 51% Total physical RAM: 3990.17 MB Available physical RAM: 1930.03 MB Total Virtual: 7978.52 MB Available Virtual: 5201.46 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:161.52 GB) NTFS Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.48 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of Addition.txt ============================ Quote
starbuck Posted September 17, 2016 Posted September 17, 2016 Hi Mike, Heavily infected win7 Dell machine That's a bit of an understatement :) I can see a lot going on there, but need to go through the reports properly. Have been working on the car today and it's still in bits at the moment. It'll be a couple of hours before I can write a proper fix. Will be back as soon as i can. Quote
mikehende Posted September 17, 2016 Author Posted September 17, 2016 That's fine Pete, take care of the car first, good luck. Aside from the browser issues, I am only seeing 2 other popups now on startup, "itunes helper" stating Apple Application Support was not found and "SQL Server service manager", thanks. Quote
starbuck Posted September 17, 2016 Posted September 17, 2016 Hi Mike, Ok this will take some time..... the system is in a right mess. It's that bad, there's no guarantee that everything can be fixed. and with Rootkits, there's no telling what has been done or what has been stolen. You may have to consider a re-install if we can't sort this. I'm sure I've grown a beard whilst writing a fix :) It's no longer in the add/remove...... but this is the main problem: C:\Users\mostafa\AppData\Roaming\BitTorrent When will people learn that p2p isn't worth it. Ok... Hit n/o 1 Please download the attached fixlist.txt file (bottom of this post) and save it to E:\AV Softwares . NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log in the 'software' (Fixlog.txt). Please post this in your next reply. Thanksfixlist.txt Quote
mikehende Posted September 17, 2016 Author Posted September 17, 2016 Thanks and sorry about the beard :) but no change, IE and chrome still doesn't open, when I try to open IE the same window pops up stating "iexplorer.exe - Entry Point Not Found". Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016 Ran by mostafa (17-09-2016 15:12:05) Run:1 Running from E:\AV Softwares Loaded Profiles: mostafa (Available Profiles: mostafa) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\Policies\Explorer: [NoInternetIcon] 1 HKU\S-1-5-18\...\Policies\Explorer: [EnableShellExecuteHooks] 1 Startup: C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk [2015-10-31] ShortcutTarget: loons.lnk -> C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-518488637-833313989-2621144753-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine,S: WebSearch FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-518488637-833313989-2621144753-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File] FF Extension: (No Name) - C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net [not found] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found CHR StartupUrls: Default -> "hxxp://www.qauantumethod.org.bd/" CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock Plus) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Adblock for Youtube™) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (AdBlock) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Search Module Plus v2) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-08-01] CHR Extension: (Instair Speed Dial) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Print Friendly PDF) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-07-11] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Outlook.com) - C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-07-04] [updateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [mhajehkfbbhkfnfepjpadnejlamcembd] - <no Path/update_url> S2 4519cfe8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BocaMonitor\BocaMonitor.dll",serv S2 Strong Rise; "C:\Program Files (x86)\Strong Rise\Strong Rise.exe" [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S2 UpdateSvc; no ImagePath S0 98632471; system32\drivers\00560299.sys [X] S1 ydymrkdf; \??\C:\Windows\system32\drivers\ydymrkdf.sys [X] 2016-09-17 07:29 - 2015-08-01 16:35 - 00000998 _____ C:\Windows\Tasks\Zl6wqVw0j.job 2016-09-17 07:29 - 2015-08-01 16:14 - 00001022 _____ C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job 2016-09-17 07:29 - 2015-08-01 15:45 - 00001020 _____ C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job 2016-09-17 07:29 - 2015-08-01 15:31 - 00001008 _____ C:\Windows\Tasks\Mw31EXaU4OH8O2.job 2016-09-17 07:29 - 2015-08-01 14:37 - 00000998 _____ C:\Windows\Tasks\RqLdEdxeE.job 2016-09-17 07:29 - 2015-08-01 14:36 - 00000994 _____ C:\Windows\Tasks\kQjD6sW.job 2016-09-17 07:29 - 2015-08-01 11:32 - 00001020 _____ C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job 2016-09-17 07:29 - 2015-08-01 10:29 - 00001024 _____ C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job 2016-09-17 07:29 - 2015-08-01 09:29 - 00001030 _____ C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job 2016-09-17 07:29 - 2015-07-31 23:35 - 00000994 _____ C:\Windows\Tasks\e8CHJYS.job 2016-09-17 07:29 - 2015-07-21 11:28 - 00001004 _____ C:\Windows\Tasks\HLPDPCBXOsXR.job 2016-09-17 07:29 - 2015-07-21 10:59 - 00001012 _____ C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job 2016-09-17 07:29 - 2015-07-21 10:31 - 00001006 _____ C:\Windows\Tasks\pHG5o0vm7ufSS.job 2016-09-17 07:29 - 2015-07-21 09:15 - 00001004 _____ C:\Windows\Tasks\HDqSxfY03ASW.job 2016-09-17 07:29 - 2015-07-20 21:06 - 00001692 _____ C:\Windows\Tasks\YOXALEU.job 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj 2016-09-17 07:24 - 2016-09-17 07:24 - 0000020 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr2.bin 2015-06-14 10:31 - 2015-08-22 19:33 - 0000024 _____ () C:\Users\mostafa\AppData\Roaming\appdataFr25.bin 2014-04-17 00:56 - 2014-05-25 00:56 - 0005265 _____ () C:\Users\mostafa\AppData\Roaming\callbanner.png 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\e8CHJYS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\kQjD6sW 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\RqLdEdxeE 2014-08-12 22:01 - 2015-07-20 16:24 - 0000128 _____ () C:\Users\mostafa\AppData\Roaming\WB.CFG 2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\mostafa\AppData\Roaming\YOXALEU 2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j 2015-07-20 21:09 - 2015-07-20 21:09 - 0260876 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsaF02F.tmp 2014-12-02 14:22 - 2014-12-02 14:22 - 0301608 _____ (VuuPC Limited) C:\Users\mostafa\AppData\Local\nsl4F26.tmp 2014-12-23 18:22 - 2015-01-06 19:03 - 0000112 _____ () C:\ProgramData\s630Y6kiG.dat 2015-08-01 16:11 - 2015-08-01 16:11 - 0001491 _____ () C:\ProgramData\tempimage.bmp C:\ProgramData\s630Y6kiG.dat C:\Users\mostafa\AppData\Local\Temp\6477.exe C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe C:\Users\mostafa\AppData\Local\Temp\libeay32.dll C:\Users\mostafa\AppData\Local\Temp\links.exe C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll C:\Users\mostafa\AppData\Local\Temp\setacl.exe C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe Task: {06926D15-B537-4EFB-8942-8E064EE78768} - System32\Tasks\FactorTractor => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: {0A4EB2ED-3A76-41BF-A421-B03EEE4716DF} - System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: {0BB7549A-2EB5-44B2-91B0-CA703FAF480D} - System32\Tasks\kQjD6sW => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: {18D2BC74-0CEC-4123-8338-2C3B42B61630} - System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: {1CF734C3-8A98-44AD-9477-AD9F87160CFA} - \Microsoft\Windows\Multimedia\SMupdate3 -> No File <==== ATTENTION Task: {20F4DF97-8100-498B-966A-3D7AA6695103} - \YTDownloader -> No File <==== ATTENTION Task: {22C3700B-F28C-4A05-A173-5CC626A9839E} - \YTDownloaderUpd -> No File <==== ATTENTION Task: {39004268-7D2F-4CD4-BE26-7B875497E3E8} - \Microsoft\Windows\Maintenance\SMupdate2 -> No File <==== ATTENTION Task: {3948A097-AB47-4012-8932-342EEAA654D9} - System32\Tasks\pHG5o0vm7ufSS => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: {4D9D83CA-C646-423D-ADAE-7A7FDCC9F979} - \PastaQuotes -> No File <==== ATTENTION Task: {4F802C92-A420-43A9-AEFF-07DB234DD8D9} - \DTReg -> No File <==== ATTENTION Task: {531977ED-2B1E-4782-AD3C-8AAC52B3B014} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION Task: {664792EF-E98A-4815-93ED-9CD2BB753C4A} - System32\Tasks\HLPDPCBXOsXR => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: {674B05FA-1EF9-487F-A593-350F36E3C482} - System32\Tasks\GfIl6eXhzrtFCwN2 => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: {6A9416C5-F814-4122-9C65-CDF4979DA4DD} - System32\Tasks\SmartSpace => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: {71593A1F-057C-44D2-8A00-3A6A56CDC5BA} - \SrvDaily -> No File <==== ATTENTION Task: {739CA4A7-C20D-45B4-93E1-E61501F439E4} - \TunePro360 Updater -> No File <==== ATTENTION Task: {7A14A49C-97BE-4D8E-8F53-6B47E223B545} - System32\Tasks\RqLdEdxeE => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: {85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61} - \0 -> No File <==== ATTENTION Task: {9802DA1A-6198-4836-A7D5-5D2610620D2F} - \Secure Fast PC Auto Updater -> No File <==== ATTENTION Task: {987E0C95-25AB-430C-AF66-BAB47DF66D62} - System32\Tasks\Zl6wqVw0j => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION Task: {9B678731-D3B9-4081-9EEC-FE1933F915F4} - System32\Tasks\Mw31EXaU4OH8O2 => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: {9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A} - \WordShark Auto Updater 1.10.0.20 Pending Update -> No File <==== ATTENTION Task: {9F3C82D5-D909-44F8-B64D-75FD44E9D0B8} - System32\Tasks\YOXALEU => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: {A1160350-C215-4639-B8DD-39EF9AAEB844} - \SMWUpd -> No File <==== ATTENTION Task: {A6B956A7-6F99-47A6-B30D-292E500BE6A3} - System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => pcalua.exe -a "C:\Users\mostafa\Downloads\speesetup (2).exe" -d C:\Users\mostafa\Downloads Task: {AB24384E-EC36-4A3F-914F-3ED4A72850F8} - \Secure Fast PC Autorun -> No File <==== ATTENTION Task: {AB283D87-B031-4D01-AF83-C43689FB6F47} - \RunAsStdUser Task for VeohWebPlayer -> No File <==== ATTENTION Task: {B13592D6-D885-4C15-9084-CF012207E11C} - System32\Tasks\QaZwalXo7Y29RQRN0tTP => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: {B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB} - System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => pcalua.exe -a C:\Users\mostafa\Desktop\avira_antivir_personal_en(1).exe -d C:\Users\mostafa\Desktop Task: {B9045E8A-2890-45C5-8814-0FD886027470} - \DrspeedyPc Secure -> No File <==== ATTENTION Task: {C2EB8E87-3CCB-4159-B558-16A05E466F8F} - System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => C:\Users\mostafa\AppData\Roaming\ywy3yzbxmws4bwj\ywy3yzbxmws4bwj.exe Task: {C79D7E3B-A731-4B32-9B6A-910A08816DFA} - System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: {C8F5F136-6009-40A2-BE6E-47DDB4991F8F} - System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe <==== ATTENTION Task: {D549C481-6E1C-4198-BEC9-9DA129C511C1} - System32\Tasks\iG7r2wOvHDgnvS6oU1cw => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: {D5922277-0C90-4DE7-AC0F-5C2F21C601C5} - \Jarmeee -> No File <==== ATTENTION Task: {DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651} - System32\Tasks\HDqSxfY03ASW => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: {DE3BA38F-E0BB-463D-BE20-11A63DC9AE25} - \Smp -> No File <==== ATTENTION Task: {F5A6C0F1-2B26-4043-90F8-E6953A8487A9} - System32\Tasks\e8CHJYS => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: {FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D} - \Go for FilesUpdate -> No File <==== ATTENTION Task: C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe <==== ATTENTION Task: C:\Windows\Tasks\e8CHJYS.job => C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe <==== ATTENTION Task: C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe <==== ATTENTION Task: C:\Windows\Tasks\FactorTractor.job => c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe <==== ATTENTION Task: C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe <==== ATTENTION Task: C:\Windows\Tasks\HDqSxfY03ASW.job => C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe <==== ATTENTION Task: C:\Windows\Tasks\HLPDPCBXOsXR.job => C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe <==== ATTENTION Task: C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe <==== ATTENTION Task: C:\Windows\Tasks\kQjD6sW.job => C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe <==== ATTENTION Task: C:\Windows\Tasks\Mw31EXaU4OH8O2.job => C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe <==== ATTENTION Task: C:\Windows\Tasks\pHG5o0vm7ufSS.job => C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe <==== ATTENTION Task: C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe <==== ATTENTION Task: C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe <==== ATTENTION Task: C:\Windows\Tasks\RqLdEdxeE.job => C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe <==== ATTENTION Task: C:\Windows\Tasks\SmartSpace.job => c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe <==== ATTENTION Task: C:\Windows\Tasks\YOXALEU.job => C:\Users\mostafa\AppData\Roaming\YOXALEU.exe <==== ATTENTION Task: C:\Windows\Tasks\Zl6wqVw0j.job => C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] AlternateDataStreams: C:\ProgramData\Temp:A4A25FD3 [260] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16559628.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46237229.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55456837.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63755908.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69534146.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98632471.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" IE trusted site: HKU\S-1-5-21-518488637-833313989-2621144753-1000\...\webcompanion.com -> hxxp://webcompanion.com c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe C:\Users\mostafa\AppData\Roaming\YOXALEU.exe C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe C:\Users\mostafa\AppData\Roaming\YOXALEU.exe C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe CMD: ipconfig /flushdns EmptyTemp: Hosts: ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetIcon => value removed successfully HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully C:\Users\mostafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\loons.lnk => moved successfully C:\Users\mostafa\AppData\Local\yuw3bzbvmw44c2i\yuw3bzbvmw44c2i.exe => not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c9ab6446-7efc-47fe-966c-dc54324eff9f}" => key removed successfully HKCR\CLSID\{c9ab6446-7efc-47fe-966c-dc54324eff9f} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-518488637-833313989-2621144753-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKCR\PROTOCOLS\Handler\HTLFP" => key removed successfully HKCR\CLSID\{03B7A5D4-96B0-4316-95F8-072D326A58F1} => key not found. "HKCR\PROTOCOLS\Handler\vfsp" => key removed successfully HKCR\CLSID\{E4CB5121-E242-11D4-8ED6-00010219EB22} => key not found. Firefox DefaultSearchEngine,S removed successfully Firefox SearchEngineOrder.1 removed successfully Firefox SearchEngineOrder.1,S removed successfully Firefox SelectedSearchEngine,S removed successfully "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found. "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully C:\Users\mostafa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found. C:\Users\mostafa\AppData\Roaming\Mozilla\Firefox\Profiles\2cgux5ls.default\extensions\aqxgilamogdcjgqhp@fzrwrypqmxbvrxlpeb.net => path removed successfully HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully Chrome StartupUrls => removed successfully C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\cmedhionkhpnakcndndgjdbohmhepckk <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\gighmmpiobklfepjocnamgkkbiglidom <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => moved successfully C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\kikeacjcceacohckgiajooneiabebfjj <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\ohlencieiipommannpdfcmfdpjjmeolj <==== ATTENTION => not found C:\Users\mostafa\AppData\Local\Google\Chrome\User Data\Default old\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge <==== ATTENTION => not found "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhajehkfbbhkfnfepjpadnejlamcembd" => key removed successfully 4519cfe8 => service removed successfully Strong Rise => service removed successfully TrustedInstaller => service removed successfully UpdateSvc => service removed successfully 98632471 => service removed successfully ydymrkdf => service removed successfully C:\Windows\Tasks\Zl6wqVw0j.job => moved successfully C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => moved successfully C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => moved successfully C:\Windows\Tasks\Mw31EXaU4OH8O2.job => moved successfully C:\Windows\Tasks\RqLdEdxeE.job => moved successfully C:\Windows\Tasks\kQjD6sW.job => moved successfully C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => moved successfully C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => moved successfully C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => moved successfully C:\Windows\Tasks\e8CHJYS.job => moved successfully C:\Windows\Tasks\HLPDPCBXOsXR.job => moved successfully C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => moved successfully C:\Windows\Tasks\pHG5o0vm7ufSS.job => moved successfully C:\Windows\Tasks\HDqSxfY03ASW.job => moved successfully C:\Windows\Tasks\YOXALEU.job => moved successfully C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj => moved successfully C:\Users\mostafa\AppData\Roaming\appdataFr2.bin => moved successfully C:\Users\mostafa\AppData\Roaming\appdataFr25.bin => moved successfully C:\Users\mostafa\AppData\Roaming\callbanner.png => moved successfully C:\Users\mostafa\AppData\Roaming\e8CHJYS => moved successfully C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON => moved successfully C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2 => moved successfully C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW => moved successfully C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR => moved successfully C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw => moved successfully C:\Users\mostafa\AppData\Roaming\kQjD6sW => moved successfully C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2 => moved successfully C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS => moved successfully C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn => moved successfully C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP => moved successfully C:\Users\mostafa\AppData\Roaming\RqLdEdxeE => moved successfully C:\Users\mostafa\AppData\Roaming\WB.CFG => moved successfully C:\Users\mostafa\AppData\Roaming\YOXALEU => moved successfully C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j => moved successfully C:\Users\mostafa\AppData\Local\nsaF02F.tmp => moved successfully C:\Users\mostafa\AppData\Local\nsl4F26.tmp => moved successfully C:\ProgramData\s630Y6kiG.dat => moved successfully C:\ProgramData\tempimage.bmp => moved successfully "C:\ProgramData\s630Y6kiG.dat" => not found. C:\Users\mostafa\AppData\Local\Temp\6477.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\71569_updater.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\HitmanPro.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\links.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\mpam-cf4fadc0.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\proxy_vole7016688310472681104.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\Quarantine.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\rhjqyvzt.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\setacl.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\sqlite3.dll => moved successfully C:\Users\mostafa\AppData\Local\Temp\Uninstall.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{3E92D3BC-1299-4287-8D68-4BFFFA14438C}-44.0.2403.125_43.0.2357.134_chrome_updater.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{7DA9575D-2ABC-4A94-8922-F2648BCAA581}-49.0.2623.87_chrome_installer.exe => moved successfully C:\Users\mostafa\AppData\Local\Temp\{C58756AD-1ED0-4492-9D77-FC7EBAE9D9B4}.exe => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06926D15-B537-4EFB-8942-8E064EE78768}" => key removed successfully C:\Windows\System32\Tasks\FactorTractor => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FactorTractor" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4EB2ED-3A76-41BF-A421-B03EEE4716DF}" => key removed successfully C:\Windows\System32\Tasks\6Ns0l0RtECVrF4N1Wdgdj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6Ns0l0RtECVrF4N1Wdgdj" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB7549A-2EB5-44B2-91B0-CA703FAF480D}" => key removed successfully C:\Windows\System32\Tasks\kQjD6sW => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kQjD6sW" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D2BC74-0CEC-4123-8338-2C3B42B61630}" => key removed successfully C:\Windows\System32\Tasks\q2BLvt7fLsZQzHF1w5oRKn => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\q2BLvt7fLsZQzHF1w5oRKn" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF734C3-8A98-44AD-9477-AD9F87160CFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20F4DF97-8100-498B-966A-3D7AA6695103}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C3700B-F28C-4A05-A173-5CC626A9839E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39004268-7D2F-4CD4-BE26-7B875497E3E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3948A097-AB47-4012-8932-342EEAA654D9}" => key removed successfully C:\Windows\System32\Tasks\pHG5o0vm7ufSS => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pHG5o0vm7ufSS" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D9D83CA-C646-423D-ADAE-7A7FDCC9F979}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F802C92-A420-43A9-AEFF-07DB234DD8D9}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531977ED-2B1E-4782-AD3C-8AAC52B3B014}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664792EF-E98A-4815-93ED-9CD2BB753C4A}" => key removed successfully C:\Windows\System32\Tasks\HLPDPCBXOsXR => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HLPDPCBXOsXR" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{674B05FA-1EF9-487F-A593-350F36E3C482}" => key removed successfully C:\Windows\System32\Tasks\GfIl6eXhzrtFCwN2 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GfIl6eXhzrtFCwN2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9416C5-F814-4122-9C65-CDF4979DA4DD}" => key removed successfully C:\Windows\System32\Tasks\SmartSpace => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartSpace" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71593A1F-057C-44D2-8A00-3A6A56CDC5BA}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SrvDaily => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{739CA4A7-C20D-45B4-93E1-E61501F439E4}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A14A49C-97BE-4D8E-8F53-6B47E223B545}" => key removed successfully C:\Windows\System32\Tasks\RqLdEdxeE => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RqLdEdxeE" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85FCCAA6-1DD4-4B5B-8097-7CE3D61CED61}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9802DA1A-6198-4836-A7D5-5D2610620D2F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Auto Updater" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{987E0C95-25AB-430C-AF66-BAB47DF66D62}" => key removed successfully C:\Windows\System32\Tasks\Zl6wqVw0j => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zl6wqVw0j" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B678731-D3B9-4081-9EEC-FE1933F915F4}" => key removed successfully C:\Windows\System32\Tasks\Mw31EXaU4OH8O2 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mw31EXaU4OH8O2" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB0F6A5-305B-4B56-A01D-A5140CB3AB7A}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.20 Pending Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3C82D5-D909-44F8-B64D-75FD44E9D0B8}" => key removed successfully C:\Windows\System32\Tasks\YOXALEU => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YOXALEU" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1160350-C215-4639-B8DD-39EF9AAEB844}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B956A7-6F99-47A6-B30D-292E500BE6A3}" => key removed successfully C:\Windows\System32\Tasks\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{118D4FCD-73B9-4DC3-9365-C8D3A23DF94A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB24384E-EC36-4A3F-914F-3ED4A72850F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Autorun" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB283D87-B031-4D01-AF83-C43689FB6F47}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13592D6-D885-4C15-9084-CF012207E11C}" => key removed successfully C:\Windows\System32\Tasks\QaZwalXo7Y29RQRN0tTP => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QaZwalXo7Y29RQRN0tTP" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DBAFCB-F7A0-49C0-A039-9ABC01F124DB}" => key removed successfully C:\Windows\System32\Tasks\{B516C27F-CE30-40E1-A9B8-23AD7031C149} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B516C27F-CE30-40E1-A9B8-23AD7031C149}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9045E8A-2890-45C5-8814-0FD886027470}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DrspeedyPc Secure => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2EB8E87-3CCB-4159-B558-16A05E466F8F}" => key removed successfully C:\Windows\System32\Tasks\GlobalUpdate-ywy3yzbxmws4bwj => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-ywy3yzbxmws4bwj" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C79D7E3B-A731-4B32-9B6A-910A08816DFA}" => key removed successfully C:\Windows\System32\Tasks\eSVgwTq0ljf8i6XknwRH549ON => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eSVgwTq0ljf8i6XknwRH549ON" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F5F136-6009-40A2-BE6E-47DDB4991F8F}" => key removed successfully C:\Windows\System32\Tasks\E1DAF600-A02A-4CA0-B471-C240C9D1CA60 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\E1DAF600-A02A-4CA0-B471-C240C9D1CA60" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D549C481-6E1C-4198-BEC9-9DA129C511C1}" => key removed successfully C:\Windows\System32\Tasks\iG7r2wOvHDgnvS6oU1cw => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iG7r2wOvHDgnvS6oU1cw" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5922277-0C90-4DE7-AC0F-5C2F21C601C5}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCBC2D0-CD82-42F6-BB52-BFA84FBD6651}" => key removed successfully C:\Windows\System32\Tasks\HDqSxfY03ASW => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDqSxfY03ASW" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3BA38F-E0BB-463D-BE20-11A63DC9AE25}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5A6C0F1-2B26-4043-90F8-E6953A8487A9}" => key removed successfully C:\Windows\System32\Tasks\e8CHJYS => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e8CHJYS" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA7D6FBD-DAB2-4909-8C8D-C4C276E0844D}" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate => key not found. C:\Windows\Tasks\6Ns0l0RtECVrF4N1Wdgdj.job => not found. C:\Windows\Tasks\e8CHJYS.job => not found. C:\Windows\Tasks\eSVgwTq0ljf8i6XknwRH549ON.job => not found. C:\Windows\Tasks\FactorTractor.job => moved successfully C:\Windows\Tasks\GfIl6eXhzrtFCwN2.job => not found. C:\Windows\Tasks\HDqSxfY03ASW.job => not found. C:\Windows\Tasks\HLPDPCBXOsXR.job => not found. C:\Windows\Tasks\iG7r2wOvHDgnvS6oU1cw.job => not found. C:\Windows\Tasks\kQjD6sW.job => not found. C:\Windows\Tasks\Mw31EXaU4OH8O2.job => not found. C:\Windows\Tasks\pHG5o0vm7ufSS.job => not found. C:\Windows\Tasks\q2BLvt7fLsZQzHF1w5oRKn.job => not found. C:\Windows\Tasks\QaZwalXo7Y29RQRN0tTP.job => not found. C:\Windows\Tasks\RqLdEdxeE.job => not found. C:\Windows\Tasks\SmartSpace.job => moved successfully C:\Windows\Tasks\YOXALEU.job => not found. C:\Windows\Tasks\Zl6wqVw0j.job => not found. C:\ProgramData\Temp => ":373E1720" ADS removed successfully. C:\ProgramData\Temp => ":A4A25FD3" ADS removed successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\16559628.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\46237229.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\55456837.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\63755908.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\69534146.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\98632471.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\16559628.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\46237229.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\55456837.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\63755908.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\69534146.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\98632471.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully "HKU\S-1-5-21-518488637-833313989-2621144753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully "c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found. "C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found. "C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found. "C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found. "c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found. "C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found. "C:\Users\mostafa\AppData\Local\E1DAF600-A02A-4CA0-B471-C240C9D1CA60\E1DAF600-A02A-4CA0-B471-C240C9D1CA60.exe" => not found. "C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\6Ns0l0RtECVrF4N1Wdgdj.exe" => not found. "C:\Users\mostafa\AppData\Roaming\e8CHJYS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\eSVgwTq0ljf8i6XknwRH549ON.exe" => not found. "c:\programdata\{ea669d6b-16f3-6b0b-ea66-69d6b16f75ac}\4811091405836544183b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\GfIl6eXhzrtFCwN2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HDqSxfY03ASW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\HLPDPCBXOsXR.exe" => not found. "C:\Users\mostafa\AppData\Roaming\iG7r2wOvHDgnvS6oU1cw.exe" => not found. "C:\Users\mostafa\AppData\Roaming\kQjD6sW.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Mw31EXaU4OH8O2.exe" => not found. "C:\Users\mostafa\AppData\Roaming\pHG5o0vm7ufSS.exe" => not found. "C:\Users\mostafa\AppData\Roaming\q2BLvt7fLsZQzHF1w5oRKn.exe" => not found. "C:\Users\mostafa\AppData\Roaming\QaZwalXo7Y29RQRN0tTP.exe" => not found. "C:\Users\mostafa\AppData\Roaming\RqLdEdxeE.exe" => not found. "c:\programdata\{afac08e4-5fa3-6ac7-afac-c08e45fa2391}\2696868317383775421b.exe" => not found. "C:\Users\mostafa\AppData\Roaming\YOXALEU.exe" => not found. "C:\Users\mostafa\AppData\Roaming\Zl6wqVw0j.exe" => not found. ========= ipconfig /flushdns ========= ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 241246323 B Java, Flash, Steam htmlcache => 2326 B Windows/system/drivers => 503568549 B Edge => 0 B Chrome => 49703362 B Firefox => 17572062 B Opera => 1672600 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 477562153 B systemprofile32 => 99028446 B LocalService => 128 B NetworkService => 14172 B mostafa => 1821661397 B RecycleBin => 194147915 B EmptyTemp: => 3.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:18:45 ==== Quote
starbuck Posted September 17, 2016 Posted September 17, 2016 (edited) Hi Mike. Thanks and sorry about the beard That's ok, it's been many years since I had one :) but no change, IE and chrome still doesn't open, when I try to open IE the same window pops up stating "iexplorer.exe - Entry Point Not Found". I didn't expect too much change yet. There was a lot of infection on the system..... we had to remove that before we could start to try and repair the damage. Step 1 Please download Windows Repair (all in one) Double click on the icon to install the program. Vista/Windows 7/8/10 users right-click and select Run As Administrator. After the program has installed..... close the system down and reboot into Safe Mode with Networking. (this is the best way to run this program... if Safe Mode doesn't work, just run it in normal mode for now)) Now restart Windows Repair (all in one) When the program opens: Follow the Power reset advice in Step 1. You can skip Step 2 Click on the step 3: Optional tab. and allow it to run Disk check Once that is done then go to step 4: Optional tab and allow it to run SFC When finished, click on Step 5: Backup tab and click to allow both Registry and System Restore backups. When finished, click on the Repairs tab Click Open Repairs When the repair page opens, click the following options: 01 02 03 04 05 06 07 10 21 26 27 (if Safe Mode doesn't work..... tick to add n/o 24 as well ) Then click on Start Repairs. DON'T use the computer while each scan is in progress. A restart will be needed to finish the repair procedure. Step 2 Google Chrome was heavily infected with ZeroAccess.... please uninstall Chrome and reinstall a fresh copy from: https://www.google.com/chrome/ Step 3 If IE still isn't working after running the repairs..... It may be best to uninstall it and download a fresh copy. When you uninstall Internet Explorer 11 from your system..... The system will restore the previous version of Internet Explorer that was installed. This can be IE8,9 or 10 depending on whether the browser has been upgraded in the past. Which ever it is, you will still have a working copy of IE. Click on the start menu and select Control Panel from the menu that opens up. Select Uninstall a program under Programs. Internet Explorer 11 is not listed in the installed programs listing. It is listed as an update, so select View installed updates from the left sidebar. The browser is listed in the Microsoft Windows group. Right click on Internet Explorer 11 and select Uninstall. This removes Internet Explorer 11 from the Windows 7 system and replaces it with the version of the browser that was installed before it. You can then keep using that browser, or update back to IE11 from this link: Internet Explorer 11 for Windows 7 I would recommend updating back to IE 11. Let me know how all this goes. Edited September 17, 2016 by starbuck Quote
mikehende Posted September 18, 2016 Author Posted September 18, 2016 Well Pete, all seems well now thank you very much, just one issue is the Microsoft SQL Server Desktop Engine popup which appears whenever the desktop loads, it does not uninstall from Programs nor Revo Uninstaller with the error message "An error has occured while removing the SQL Active Directory Helper Service". If it can't be uninstalled then how can I possibly prevent it from autoloading on startup please? Quote
starbuck Posted September 18, 2016 Posted September 18, 2016 Hi Mike, I'll take a look and see if it's in the reports.... Please re-run FRST. Make sure that Addition.txt is selected at the bottom Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. It will also make another log (Addition.txt). Please copy and paste it to your reply also. Quote
mikehende Posted September 18, 2016 Author Posted September 18, 2016 It's ok Pete, after all this work, the owner NOW decides he wants me to backup his data and reload the OS, so very sorry, only good thing which came off of this is I learned quite a lot so I thank you for that too! Quote
starbuck Posted September 18, 2016 Posted September 18, 2016 Ok Mike, it's not your fault. Would have been nice if he'd had the foresight at the beginning though. Thank for letting us know. Quote
mikehende Posted September 18, 2016 Author Posted September 18, 2016 Yeah so very sorry, I had mentioned this option to him before taking his pc but some folks have different thoughts. BTW, I only now looked at it seems version 6 is now available: http://www.albumplayer.com/ Quote
mikehende Posted September 18, 2016 Author Posted September 18, 2016 Cool, once again thank you very much for the help, till next time, all the best! Quote
Recommended Posts