Jump to content

HMS10

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by HMS10

  1. Fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02 Ran by Hosam at 2013-10-01 01:24:34 Run:1 Running from C:\Users\Hosam\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Start HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [AdobeBridge] - [x] MountPoints2: I - "I:\setup.exe" MountPoints2: J - "J:\setup.exe" Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" cmd: netsh winsock reset Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) C:\Program Files (x86)\Google\Desktop\Install C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\Hosam\AppData\Local\Google\Desktop\Install C:\Users\Hosam\AppData\Local\Temp\41027.exe C:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exe C:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dll C:\Users\Hosam\AppData\Local\Temp\ose00000.exe C:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dll C:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exe C:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exe C:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exe C:\Users\Hosam\AppData\Local\Temp\_is1C22.exe DeleteJunctionsIndirectory: C:\Program Files\Windows Defender End ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I => Key deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => Key deleted successfully. Winsock: Catalog5 entry 000000000004\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000004\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. *etadpug => Service deleted successfully. C:\Program Files (x86)\Google\Desktop\Install => Moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. C:\Users\Hosam\AppData\Local\Google\Desktop\Install => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\41027.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dll => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exe => Moved successfully. C:\Users\Hosam\AppData\Local\Temp\_is1C22.exe => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\SymSrv.yes" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. ==== End of Fixlog ====
  2. Here are the files you asked for FRST.txt Addition.txt
  3. First Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02Ran by Hosam (administrator) on HMS10 on 01-10-2013 00:52:28Running from C:\Users\Hosam\DownloadsWindows 8 Pro (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)HKCU\...\Run: [iDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3665488 2013-09-23] (Tonec Inc.)HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)HKCU\...\Run: [Arkane] - C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [44968 2012-07-26] (Microsoft Corporation)HKCU\...\Run: [AdobeUpdate] - C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs [78 2012-07-02] ()HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU\...\Run: [AdobeBridge] - [x]MountPoints2: I - "I:\setup.exe" MountPoints2: J - "J:\setup.exe" HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [DriverCD] - H:\Run.exeHKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)Startup: C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * 䳵祛ȹ退湩彴湉瑳污偬摥潲 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com/?rd=1&ucc=EG&dcc=EG&opt=0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD17702DFD479CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLHSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLHSearchScopes: HKCU - {6C8F34D5-443B-4ca0-9617-C0689C4EF88B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSVBHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog5-x64 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\..\Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A}: [NameServer]41.128.225.225,41.128.225.226 FireFox:========FF ProfilePath: C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5 Chrome: =======CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No FileCHR Extension: (Google Docs) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (Unfollowers.me) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbaokcchpeocidhfccllamniooiefin\1.2_0CHR Extension: (WOT) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0CHR Extension: (YouTube) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0CHR Extension: (TrafficLight) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0CHR Extension: (Google Search) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Search by Image (by Google)) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0CHR Extension: (Yet another flags) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.9.9_0CHR Extension: (Stylish) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0CHR Extension: (AirDroid) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd\2.0.4_0CHR Extension: (IDM Integration Module) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.7_0CHR Extension: (IDM Integration) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_0CHR Extension: (Awesome New Tab Page) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0CHR Extension: (Chrome In-App Payments service) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (Checker Plus for Gmail\u2122) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.8.2_0CHR Extension: (Bitdefender QuickScan) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0CHR Extension: (Outlook.com) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0CHR Extension: (Gmail) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Services (Whitelisted) ================= R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-27] ()R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)R2 WSServiceCrk; C:\Windows\system32\wsservice_crk.dll [118272 2012-11-27] (DeadPihto)U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S3 AR5416; C:\Windows\system32\DRIVERS\athwx.sys [2073120 2009-09-07] (Atheros Communications, Inc.)S3 AtiDCM; C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [23312 2010-02-10] (Advanced Micro Devices, Inc.)S3 AtiDCM; C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [23312 2010-02-10] (Advanced Micro Devices, Inc.)R3 L1C; C:\Windows\system32\DRIVERS\l1c51x64.sys [90224 2011-08-11] (Atheros Communications, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-08-04] ()S3 gdrv; \??\C:\Windows\gdrv.sys [x]S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST2013-10-01 00:50 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\Hosam\Downloads\FRST64.exe2013-10-01 00:20 - 2013-10-01 00:20 - 00019345 _____ C:\Users\Hosam\Desktop\dds.txt2013-10-01 00:20 - 2013-10-01 00:20 - 00009441 _____ C:\Users\Hosam\Desktop\attach.txt2013-10-01 00:18 - 2013-10-01 00:19 - 00688992 ____R (Swearware) C:\Users\Hosam\Downloads\dds.com2013-10-01 00:08 - 2013-10-01 00:08 - 00005340 _____ C:\Users\Hosam\Desktop\RKreport[0]_S_10012013_000857.txt2013-10-01 00:06 - 2013-10-01 00:28 - 00000000 ____D C:\Users\Hosam\Desktop\RK_Quarantine2013-10-01 00:06 - 2013-10-01 00:06 - 03969024 _____ C:\Users\Hosam\Downloads\RogueKillerX64.exe2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Program Files (x86)\Notepad++2013-09-30 23:25 - 2013-09-30 23:25 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-30 23:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-09-30 23:24 - 2013-09-30 23:24 - 00201822 _____ C:\Users\Hosam\Documents\cc_20130930_232406.reg2013-09-30 17:14 - 2013-09-30 17:14 - 00014534 _____ C:\Users\Hosam\Downloads\[kickass.to]malwarebytes.anti.malware.pro.v1.75.0.1300.incl.keygen.brd.tordigger.torrent2013-09-30 12:14 - 2013-09-30 12:14 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com2013-09-30 12:08 - 2013-09-30 12:11 - 00000000 ____D C:\Program Files (x86)\Adobe2013-09-30 12:06 - 2013-09-30 12:10 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-09-29 15:20 - 2013-09-29 15:20 - 00013767 _____ C:\Users\Hosam\Downloads\[kickass.to]adobe.flash.pro.cs6.thethingy.torrent2013-09-29 02:03 - 2013-09-29 02:03 - 00021032 _____ C:\Users\Hosam\Downloads\[kickass.to]fifa.14.pc.demo.crack.torrent2013-09-29 01:57 - 2013-09-29 01:57 - 00016608 _____ C:\Users\Hosam\Downloads\[kickass.to]deadpool.max.1.1.12.2.1.6.x.mas.special.complete.requested.torrent2013-09-29 01:48 - 2013-09-29 01:48 - 00022671 _____ C:\Users\Hosam\Downloads\[kickass.to]dead.by.sunrise.discography.2009.2010.torrent2013-09-29 00:46 - 2013-09-04 00:12 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe64x2013-09-29 00:34 - 2013-09-29 00:34 - 00000000 ____D C:\DirectX2013-09-29 00:33 - 2013-09-29 23:04 - 00000000 __SHD C:\Users\Hosam\lbsan2013-09-28 12:05 - 2013-09-28 12:05 - 00000545 _____ C:\Users\Public\Desktop\The King Of Fighters XIII.lnk2013-09-28 03:46 - 2013-09-28 03:46 - 00000955 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Future Soldier.lnk2013-09-27 12:45 - 2013-09-27 12:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Mozilla2013-09-27 00:04 - 2013-09-30 00:43 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr2013-09-27 00:03 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\PunkBuster2013-09-27 00:02 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher2013-09-26 20:35 - 2013-09-26 20:40 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Amarok2013-09-26 20:34 - 2013-09-26 20:35 - 00000000 ____D C:\Program Files (x86)\Amarok2013-09-24 13:55 - 2013-09-24 14:16 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iTunes2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iPod2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\iTunes2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2013-09-24 13:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\ProgramData\Apple2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Common Files\Apple2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Bonjour2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files (x86)\Bonjour2013-09-24 05:40 - 2013-09-24 05:40 - 00000000 ____D C:\Program Files\Speccy2013-09-24 04:50 - 2013-09-28 04:58 - 00000000 ____D C:\Users\Hosam\AppData\Local\Arma 32013-09-24 04:50 - 2013-09-24 04:54 - 00000000 ____D C:\Users\Hosam\Documents\Arma 32013-09-24 04:50 - 2013-09-24 04:50 - 00001023 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arma3.lnk2013-09-24 04:50 - 2013-09-24 04:50 - 00000000 ____D C:\ProgramData\Bohemia Interactive2013-09-23 19:46 - 2013-09-30 00:43 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.exe2013-09-23 19:46 - 2013-09-28 03:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.ex02013-09-23 19:46 - 2013-09-27 01:13 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe2013-09-23 19:46 - 2012-08-08 18:32 - 03233712 _____ C:\Windows\SysWOW64\pbsvc.exe2013-09-23 19:45 - 2013-09-23 19:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft2013-09-23 19:34 - 2013-09-23 19:34 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Ubisoft2013-09-23 00:25 - 2013-09-23 00:25 - 00000000 ____D C:\ProgramData\Origin2013-09-23 00:05 - 2013-09-23 00:05 - 00001013 _____ C:\Users\Hosam\Desktop\Internet Download Manager.lnk2013-09-22 03:48 - 2013-09-22 03:50 - 13751134 _____ C:\Users\Hosam\Downloads\com.bbm.apk2013-09-20 06:21 - 2013-09-20 06:21 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Unity2013-09-18 12:56 - 2013-06-27 11:57 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys2013-09-18 12:36 - 2013-09-18 12:36 - 00000797 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome2.lnk2013-09-18 06:55 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll2013-09-17 23:46 - 2013-10-01 00:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-17 23:46 - 2013-09-17 23:46 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-09-16 19:16 - 2013-09-17 03:42 - 00000000 ____D C:\Windows\AutoKMS2013-09-16 19:14 - 2013-09-16 19:14 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Toolkit2013-09-16 19:10 - 2013-09-16 19:10 - 00000000 ____D C:\Windows\PCHEALTH2013-09-16 19:09 - 2013-09-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Help2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 __RHD C:\MSOCache2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 ____D C:\Program Files\Microsoft Office2013-09-16 15:53 - 2013-09-16 16:02 - 00000706 _____ C:\Users\Public\Desktop\World of Warcraft.lnk2013-09-15 13:19 - 2013-09-16 01:46 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\vlc2013-09-15 13:18 - 2013-09-15 13:18 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-09-15 13:18 - 2013-09-15 13:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN2013-09-13 11:46 - 2013-09-13 11:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Unity2013-09-12 10:42 - 2013-09-16 22:30 - 04925616 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-12 01:41 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-12 01:41 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-11 17:02 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys2013-09-11 17:02 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe2013-09-11 17:02 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe2013-09-11 17:02 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll2013-09-11 17:02 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll2013-09-11 17:02 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll2013-09-11 17:02 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll2013-09-11 17:02 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll2013-09-11 17:02 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2013-09-11 17:02 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2013-09-11 17:02 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll2013-09-11 17:02 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2013-09-11 17:02 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-09-11 17:02 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2013-09-11 17:02 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll2013-09-11 17:02 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2013-09-11 17:02 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml2013-09-11 17:02 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe2013-09-11 17:02 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe2013-09-11 17:02 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys2013-09-11 17:02 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys2013-09-11 17:02 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys2013-09-11 17:02 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2013-09-11 17:02 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys2013-09-11 17:02 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys2013-09-11 17:02 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2013-09-11 17:02 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll2013-09-11 17:02 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll2013-09-11 17:02 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll2013-09-11 17:02 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll2013-09-11 17:02 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll2013-09-11 17:02 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll2013-09-11 17:02 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll2013-09-11 17:02 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll2013-09-11 17:02 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys2013-09-11 17:02 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll2013-09-11 17:02 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-09-11 17:02 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL2013-09-11 17:02 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-09-11 17:02 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll2013-09-11 17:02 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL2013-09-11 17:02 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS2013-09-11 17:01 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys2013-09-11 17:01 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll2013-09-11 17:01 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2013-09-11 17:01 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe2013-09-11 17:01 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe2013-09-11 17:01 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2013-09-11 17:01 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2013-09-11 17:01 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2013-09-11 17:01 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2013-09-11 17:01 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2013-09-11 17:01 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll2013-09-11 17:01 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2013-09-11 17:01 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2013-09-11 17:01 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll2013-09-11 17:01 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll2013-09-11 16:59 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-09-11 16:59 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-09-11 16:59 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-09-11 16:59 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-09-11 16:59 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-09-11 16:59 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-09-11 16:59 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-09-11 16:59 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-09-11 16:59 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-09-11 16:59 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-11 16:59 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-11 16:59 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2013-09-11 16:59 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-11 16:59 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-11 16:59 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-11 16:59 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-11 16:59 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-11 16:59 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-11 16:59 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2013-09-11 16:56 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-09-09 19:49 - 2013-09-09 19:49 - 00000000 ____D C:\Users\Hosam\AppData\Local\MercurySteam2013-09-07 11:06 - 2013-09-17 19:18 - 00000000 ____D C:\Users\Hosam\Documents\xwidget2013-09-07 10:39 - 2013-09-07 21:44 - 00000000 ____D C:\Program Files (x86)\MyPC Backup2013-09-04 22:40 - 2013-09-04 22:40 - 00000000 ____D C:\Windows\UbiSoft2013-09-04 22:10 - 2013-09-04 22:11 - 00000935 _____ C:\Windows\disney.ini2013-09-04 19:23 - 2013-09-26 23:54 - 00000000 ____D C:\Users\Hosam\Documents\Ubisoft2013-09-04 19:22 - 2013-09-04 19:22 - 00000000 ____D C:\ProgramData\Orbit2013-09-01 22:09 - 2013-09-01 22:09 - 00000811 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaintsRowIV.lnk ==================== One Month Modified Files and Folders ======= 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST2013-10-01 00:51 - 2013-10-01 00:50 - 01953880 _____ (Farbar) C:\Users\Hosam\Downloads\FRST64.exe2013-10-01 00:43 - 2013-07-06 00:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1730054569-3771080232-4104756401-10012013-10-01 00:42 - 2013-09-17 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-01 00:38 - 2013-07-08 09:18 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\QuickScan2013-10-01 00:28 - 2013-10-01 00:06 - 00000000 ____D C:\Users\Hosam\Desktop\RK_Quarantine2013-10-01 00:28 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\DMCache2013-10-01 00:21 - 2013-07-06 00:42 - 01796550 _____ C:\Windows\WindowsUpdate.log2013-10-01 00:20 - 2013-10-01 00:20 - 00019345 _____ C:\Users\Hosam\Desktop\dds.txt2013-10-01 00:20 - 2013-10-01 00:20 - 00009441 _____ C:\Users\Hosam\Desktop\attach.txt2013-10-01 00:19 - 2013-10-01 00:18 - 00688992 ____R (Swearware) C:\Users\Hosam\Downloads\dds.com2013-10-01 00:08 - 2013-10-01 00:08 - 00005340 _____ C:\Users\Hosam\Desktop\RKreport[0]_S_10012013_000857.txt2013-10-01 00:06 - 2013-10-01 00:06 - 03969024 _____ C:\Users\Hosam\Downloads\RogueKillerX64.exe2013-10-01 00:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Program Files (x86)\Notepad++2013-09-30 23:56 - 2013-07-06 06:46 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-09-30 23:25 - 2013-09-30 23:25 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-30 23:24 - 2013-09-30 23:24 - 00201822 _____ C:\Users\Hosam\Documents\cc_20130930_232406.reg2013-09-30 23:14 - 2013-08-04 16:23 - 00000000 ____D C:\Program Files (x86)\Steam2013-09-30 23:13 - 2013-07-24 18:23 - 00000000 ____D C:\ProgramData\NVIDIA2013-09-30 23:13 - 2013-07-06 06:46 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-09-30 23:13 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-30 18:14 - 2013-07-06 07:20 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\uTorrent2013-09-30 18:14 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI2013-09-30 17:14 - 2013-09-30 17:14 - 00014534 _____ C:\Users\Hosam\Downloads\[kickass.to]malwarebytes.anti.malware.pro.v1.75.0.1300.incl.keygen.brd.tordigger.torrent2013-09-30 15:35 - 2013-07-07 14:27 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D0511745-73F5-4538-8B21-894D09C03C9A}2013-09-30 12:14 - 2013-09-30 12:14 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com2013-09-30 12:12 - 2013-07-09 05:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe2013-09-30 12:11 - 2013-09-30 12:08 - 00000000 ____D C:\Program Files (x86)\Adobe2013-09-30 12:11 - 2013-07-09 05:05 - 00000000 ____D C:\Users\Hosam\AppData\Local\Adobe2013-09-30 12:10 - 2013-09-30 12:06 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-09-30 12:10 - 2013-08-09 02:16 - 00000000 ____D C:\Program Files\Adobe2013-09-30 12:09 - 2013-07-09 05:06 - 00000000 ____D C:\ProgramData\Adobe2013-09-30 12:09 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe2013-09-30 00:43 - 2013-09-27 00:04 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr2013-09-30 00:43 - 2013-09-23 19:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.exe2013-09-29 23:34 - 2013-07-06 09:36 - 00049410 _____ C:\Windows\PFRO.log2013-09-29 23:04 - 2013-09-29 00:33 - 00000000 __SHD C:\Users\Hosam\lbsan2013-09-29 22:08 - 2012-07-26 04:16 - 00000000 __SHD C:\Users\Hosam\AppData\Roaming\DC717A2013-09-29 15:20 - 2013-09-29 15:20 - 00013767 _____ C:\Users\Hosam\Downloads\[kickass.to]adobe.flash.pro.cs6.thethingy.torrent2013-09-29 14:42 - 2013-07-06 06:46 - 00000000 ____D C:\Program Files (x86)\Google2013-09-29 14:41 - 2013-07-06 06:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Google2013-09-29 02:03 - 2013-09-29 02:03 - 00021032 _____ C:\Users\Hosam\Downloads\[kickass.to]fifa.14.pc.demo.crack.torrent2013-09-29 01:57 - 2013-09-29 01:57 - 00016608 _____ C:\Users\Hosam\Downloads\[kickass.to]deadpool.max.1.1.12.2.1.6.x.mas.special.complete.requested.torrent2013-09-29 01:48 - 2013-09-29 01:48 - 00022671 _____ C:\Users\Hosam\Downloads\[kickass.to]dead.by.sunrise.discography.2009.2010.torrent2013-09-29 01:23 - 2013-07-07 13:57 - 00000000 ____D C:\ProgramData\boost_interprocess2013-09-29 00:34 - 2013-09-29 00:34 - 00000000 ____D C:\DirectX2013-09-29 00:33 - 2013-07-06 00:42 - 00000000 ____D C:\Users\Hosam2013-09-28 23:42 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-09-28 14:54 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\Downloads\Video2013-09-28 14:41 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\Downloads\Compressed2013-09-28 12:06 - 2013-07-06 21:20 - 00446700 _____ C:\Windows\DirectX.log2013-09-28 12:05 - 2013-09-28 12:05 - 00000545 _____ C:\Users\Public\Desktop\The King Of Fighters XIII.lnk2013-09-28 04:58 - 2013-09-24 04:50 - 00000000 ____D C:\Users\Hosam\AppData\Local\Arma 32013-09-28 03:46 - 2013-09-28 03:46 - 00000955 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Future Soldier.lnk2013-09-28 03:46 - 2013-09-23 19:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.ex02013-09-27 19:24 - 2013-09-16 19:09 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-27 13:48 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Local\VirtualStore2013-09-27 12:45 - 2013-09-27 12:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Mozilla2013-09-27 01:13 - 2013-09-23 19:46 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe2013-09-27 00:03 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\PunkBuster2013-09-27 00:03 - 2013-09-27 00:02 - 00000000 ____D C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher2013-09-26 23:54 - 2013-09-04 19:23 - 00000000 ____D C:\Users\Hosam\Documents\Ubisoft2013-09-26 20:40 - 2013-09-26 20:35 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Amarok2013-09-26 20:35 - 2013-09-26 20:34 - 00000000 ____D C:\Program Files (x86)\Amarok2013-09-26 17:00 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Local\Packages2013-09-26 14:52 - 2012-07-26 09:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-25 20:52 - 2013-07-07 15:54 - 00000000 ____D C:\Users\Hosam\Documents\FIFA 132013-09-25 10:53 - 2013-07-06 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-09-25 03:19 - 2013-07-06 21:18 - 00000000 ____D C:\Users\Hosam\AppData\Local\Mozilla2013-09-24 17:02 - 2012-07-26 09:21 - 00016741 _____ C:\Windows\setupact.log2013-09-24 14:16 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\Apple Computer2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iTunes2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iPod2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\iTunes2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\ProgramData\Apple2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Common Files\Apple2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Bonjour2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files (x86)\Bonjour2013-09-24 05:40 - 2013-09-24 05:40 - 00000000 ____D C:\Program Files\Speccy2013-09-24 04:54 - 2013-09-24 04:50 - 00000000 ____D C:\Users\Hosam\Documents\Arma 32013-09-24 04:50 - 2013-09-24 04:50 - 00001023 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arma3.lnk2013-09-24 04:50 - 2013-09-24 04:50 - 00000000 ____D C:\ProgramData\Bohemia Interactive2013-09-23 19:45 - 2013-09-23 19:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft2013-09-23 19:45 - 2013-07-22 18:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-09-23 19:34 - 2013-09-23 19:34 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Ubisoft2013-09-23 02:23 - 2013-07-06 20:45 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager2013-09-23 00:25 - 2013-09-23 00:25 - 00000000 ____D C:\ProgramData\Origin2013-09-23 00:05 - 2013-09-23 00:05 - 00001013 _____ C:\Users\Hosam\Desktop\Internet Download Manager.lnk2013-09-23 00:05 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\IDM2013-09-22 03:50 - 2013-09-22 03:48 - 13751134 _____ C:\Users\Hosam\Downloads\com.bbm.apk2013-09-20 06:21 - 2013-09-20 06:21 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Unity2013-09-19 01:26 - 2013-09-12 01:41 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-09-19 01:26 - 2013-09-12 01:41 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-18 12:36 - 2013-09-18 12:36 - 00000797 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome2.lnk2013-09-17 23:46 - 2013-09-17 23:46 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-09-17 19:18 - 2013-09-07 11:06 - 00000000 ____D C:\Users\Hosam\Documents\xwidget2013-09-17 03:42 - 2013-09-16 19:16 - 00000000 ____D C:\Windows\AutoKMS2013-09-17 03:29 - 2013-08-01 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-09-16 22:30 - 2013-09-12 10:42 - 04925616 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-09-16 19:14 - 2013-09-16 19:14 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Toolkit2013-09-16 19:10 - 2013-09-16 19:10 - 00000000 ____D C:\Windows\PCHEALTH2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Help2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-09-16 19:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 __RHD C:\MSOCache2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 ____D C:\Program Files\Microsoft Office2013-09-16 16:02 - 2013-09-16 15:53 - 00000706 _____ C:\Users\Public\Desktop\World of Warcraft.lnk2013-09-16 01:46 - 2013-09-15 13:19 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\vlc2013-09-15 13:18 - 2013-09-15 13:18 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-09-15 13:18 - 2013-09-15 13:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN2013-09-13 11:46 - 2013-09-13 11:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Unity2013-09-13 10:50 - 2013-07-06 01:28 - 00000000 ___RD C:\Users\Hosam\Dropbox2013-09-13 10:50 - 2013-07-06 01:23 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Dropbox2013-09-12 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache2013-09-12 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore2013-09-12 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions2013-09-12 01:38 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe2013-09-11 21:10 - 2013-07-30 03:15 - 00000000 ____D C:\Windows\system32\MRT2013-09-11 21:09 - 2013-07-08 14:30 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-09 19:49 - 2013-09-09 19:49 - 00000000 ____D C:\Users\Hosam\AppData\Local\MercurySteam2013-09-07 21:44 - 2013-09-07 10:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup2013-09-07 21:44 - 2013-07-06 00:43 - 00000000 ___RD C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-09-05 05:00 - 2013-08-11 15:28 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Notepad++2013-09-04 22:40 - 2013-09-04 22:40 - 00000000 ____D C:\Windows\UbiSoft2013-09-04 22:11 - 2013-09-04 22:10 - 00000935 _____ C:\Windows\disney.ini2013-09-04 19:22 - 2013-09-04 19:22 - 00000000 ____D C:\ProgramData\Orbit2013-09-04 00:12 - 2013-09-29 00:46 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe64x2013-09-01 22:09 - 2013-09-01 22:09 - 00000811 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaintsRowIV.lnk2013-09-01 03:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF ZeroAccess:C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess:C:\Windows\assembly\GAC_64\Desktop.ini Files to move or delete:====================ZeroAccess:C:\Users\Hosam\AppData\Local\Google\Desktop\InstallZeroAccess:C:\Program Files (x86)\Google\Desktop\Install Some content of TEMP:====================C:\Users\Hosam\AppData\Local\Temp\41027.exeC:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exeC:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dllC:\Users\Hosam\AppData\Local\Temp\ose00000.exeC:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dllC:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exeC:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exeC:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exeC:\Users\Hosam\AppData\Local\Temp\_is1C22.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-30 03:01 ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02Ran by Hosam at 2013-10-01 00:53:55Running from C:\Users\Hosam\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU Version: 3.3.1.30059)7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)Adobe AIR (x32 Version: 3.1.0.4880)Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)Adobe Flash Professional CS6 (x32 Version: 12.0)Adobe Help Manager (x32 Version: 4.0.244)Adobe Widget Browser (x32 Version: 2.0 Build 348)Adobe Widget Browser (x32 Version: 2.0.348)Amarok (remove only) (x32 Version: 2.7.0-1)AMD Processor Driver (x32 Version: 1.3.2.0053)Apple Application Support (x32 Version: 2.3.6)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (x32 Version: 2.1.3.127)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.4.4)BioShock (x32 Version: 2.5.0000)Bonjour (Version: 3.0.0.10)Castlevania: Lords of Shadow - Ultimate Edition (x32)CCleaner (Version: 4.04)Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)Disney's Donald Duck (x32)Dota 2 (x32)Dropbox (HKCU Version: 2.2.13)DuckTales Remastered (x32 Version: 1)FIFA 13 (x32 Version: 1.1.0.0)Google Chrome (x32 Version: 29.0.1547.76)Google Update Helper (x32 Version: 1.3.21.153)Internet Download Manager (x32)iTunes (Version: 11.1.0.126)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0)Mozilla Maintenance Service (x32 Version: 26.0a2)MpcStar 5.4 (x32 Version: 5.4)Notepad++ (x32 Version: 6.5)NVIDIA Control Panel 311.06 (Version: 311.06)NVIDIA Graphics Driver 311.06 (Version: 311.06)NVIDIA Install Application (Version: 2.1002.108.688)NVIDIA PhysX (x32 Version: 9.11.1111)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)PCSX2 - Playstation 2 Emulator (x32)PDF Settings CS6 (x32 Version: 11.0)PowerISO (x32 Version: 5.5)PunkBuster Services (x32 Version: 0.993)Revo Uninstaller 1.95 (x32 Version: 1.95)Speccy (Version: 1.23)Steam (x32 Version: 1.0.0.0)System Requirements Lab CYRI (x32 Version: 6.0.7.0)The King Of Fighters XIII (x32 Version: 1)Tom Clancy's Ghost Recon Future Soldier (x32 Version: 1.4)Total War ROME II (x32 Version: 6.0)Ubisoft Game Launcher (x32 Version: 1.0.0.0)Unity Web Player (HKCU Version: )Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition (x32)Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817630) 32-Bit Edition (x32)Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition (x32)Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32)Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition (x32)Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32)Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition (x32)Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32)Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32)Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition (x32)Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition (x32)VLC media player 2.0.8 (x32 Version: 2.0.8)WinRAR 5.00 beta 5 (64-bit) (Version: 5.00.5)World of Warcraft (x32) ==================== Restore Points ========================= 27-09-2013 11:46:22 Revo Uninstaller's restore point - Castle of Illusion28-09-2013 01:11:28 Revo Uninstaller's restore point - Dishonored The Brigmore Witches28-09-2013 01:18:03 Revo Uninstaller's restore point - Dishonored28-09-2013 10:05:16 Installed DirectX30-09-2013 15:13:11 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.130030-09-2013 15:23:33 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300 ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-08-11 15:24 - 00001749 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 adobe.activate.com127.0.0.1 hl2rcv.adobe.com127.0.0.1 209.34.83.73:443127.0.0.1 209.34.83.73:43127.0.0.1 209.34.83.73127.0.0.1 209.34.83.67:443127.0.0.1 209.34.83.67:43127.0.0.1 209.34.83.67127.0.0.1 ood.opsource.net127.0.0.1 CRL.VERISIGN.NET127.0.0.1 199.7.52.190:80127.0.0.1 199.7.52.190127.0.0.1 adobeereg.com127.0.0.1 OCSP.SPO1.VERISIGN.COM127.0.0.1 199.7.54.72:80 There are 2 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {084CBE9E-8AD3-47DA-A2AD-E6B7D9EC0852} - System32\Tasks\User_Feed_Synchronization-{D0511745-73F5-4538-8B21-894D09C03C9A} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)Task: {19B8316E-50D4-4B14-871C-6657F40CC70A} - \AutoKMS No Task FileTask: {52638C25-6FC0-4964-BCB5-F70C858C6587} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)Task: {6677232A-DD09-4D97-B025-9A4F3330D2A4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)Task: {6F4EB890-F316-427B-AAD5-BB0FB459A833} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)Task: {984B3EE7-6177-456D-9EA7-61B28C2A388D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)Task: {9D83E77B-A957-4893-96DA-DFFAACEF8D4D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)Task: {A0892E4D-2F85-4EA7-907D-9B255B5156CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)Task: {D82F5656-1C23-43FC-8066-6A2ED43F75F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {F9EF32F2-ED6C-42C9-8BB9-246C8CB1785B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-07-01 08:20 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll2013-07-26 14:46 - 2013-09-21 20:35 - 01121192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-07-15 14:32 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll2013-09-22 19:59 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll2013-09-22 19:59 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll2013-09-22 19:59 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll2013-09-22 19:59 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll2013-09-22 19:59 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll2013-09-22 19:59 - 2013-09-17 05:21 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/01/2013 00:21:20 AM) (Source: Software Protection Platform Service) (User: )Description: License Activation (slui.exe) failed with the following error code:hr=0xC004F074Command-line arguments:RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/30/2013 11:14:12 PM) (Source: Software Protection Platform Service) (User: )Description: License Activation (slui.exe) failed with the following error code:hr=0xC004F074Command-line arguments:RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/30/2013 11:14:07 PM) (Source: Software Protection Platform Service) (User: )Description: License Activation (slui.exe) failed with the following error code:hr=0xC004F074Command-line arguments:RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors:=============Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%2147942405 Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%2147942405 Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%2147942405 Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%2147942405 Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%2147942405 Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%2147942405 Error: (09/30/2013 11:13:43 PM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%2147942405 Error: (09/30/2013 11:13:43 PM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%2147942405 Error: (09/30/2013 11:13:35 PM) (Source: Service Control Manager) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%2147942405 Error: (09/30/2013 11:13:35 PM) (Source: Service Control Manager) (User: )Description: The Function Discovery Resource Publication service terminated with the following error: %%2147942405 Microsoft Office Sessions:=========================Error: (10/01/2013 00:21:20 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/30/2013 11:14:12 PM) (Source: Software Protection Platform Service)(User: )Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable Error: (09/30/2013 11:14:07 PM) (Source: Software Protection Platform Service)(User: )Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 ==================== Memory info =========================== Percentage of memory in use: 51%Total physical RAM: 4093.55 MBAvailable physical RAM: 1998.1 MBTotal Pagefile: 4925.55 MBAvailable Pagefile: 2158.18 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:73.14 GB) (Free:9.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (I) (Fixed) (Total:126.95 GB) (Free:7.75 GB) NTFSDrive e: (II) (Fixed) (Total:126.95 GB) (Free:28.28 GB) NTFSDrive f: (III) (Fixed) (Total:142.07 GB) (Free:9.09 GB) NTFSDrive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 596 GB) (Disk ID: D9F44E41)Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Active) - (Size=73 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=523 GB) - (Type=OF Extended) ==================== End Of Log ============================
  4. RogueKiller RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Hosam [Admin rights]Mode : Scan -- Date : 10/01/2013 00:08:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] postgre.exe -- C:\Users\Hosam\AppData\Roaming\Adobe64x\postgre.exe [-] -> KILLED [TermProc][ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 16 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND[RUN][ZeroAccess] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND[ZeroAccess][Folder] Install : C:\Users\Hosam\AppData\Local\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 adobe.activate.com127.0.0.1 hl2rcv.adobe.com127.0.0.1 209.34.83.73:443127.0.0.1 209.34.83.73:43127.0.0.1 209.34.83.73127.0.0.1 209.34.83.67:443[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AACS-00G8B1 ATA Device +++++--- User ---[MBR] b95359d1dd27d5cccdd94f01b10eb30c[bSP] 61c1e9781f6bd58575b6a85f5d4329b5 : Linux MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153602046 | Size: 535478 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10012013_000857.txt >> Attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume2Install Date: 06-Jul-13 00:42:52System Uptime: 30-Sep-13 23:13:01 (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2PProcessor: AMD Athlon II X2 250 Processor | Socket M2 | 3000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 73 GiB total, 9.908 GiB free.D: is FIXED (NTFS) - 127 GiB total, 7.753 GiB free.E: is FIXED (NTFS) - 127 GiB total, 28.279 GiB free.F: is FIXED (NTFS) - 142 GiB total, 9.093 GiB free.G: is FIXED (NTFS) - 0 GiB total, 0.023 GiB free.H: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP80: 27-Sep-13 13:46:22 - Revo Uninstaller's restore point - Castle of IllusionRP81: 28-Sep-13 03:11:28 - Revo Uninstaller's restore point - Dishonored The Brigmore WitchesRP82: 28-Sep-13 03:18:03 - Revo Uninstaller's restore point - DishonoredRP83: 28-Sep-13 12:05:16 - Installed DirectXRP84: 30-Sep-13 17:13:11 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300RP85: 30-Sep-13 17:23:33 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300.==== Installed Programs ======================.µTorrent7-Zip 9.20 (x64 edition)Adobe AIRAdobe Flash Player 11 PluginAdobe Flash Professional CS6Adobe Help ManagerAdobe Widget BrowserAmarok (remove only)AMD Processor DriverApple Application SupportApple Mobile Device SupportApple Software UpdateAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverBioShockBonjourCastlevania: Lords of Shadow - Ultimate EditionCCleanerDefinition Update for Microsoft Office 2013 (KB2760587) 32-Bit EditionDisney's Donald DuckDota 2DropboxDuckTales RemasteredFIFA 13Google ChromeGoogle Update HelperInternet Download ManageriTunesJava 7 Update 25Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 64-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 64-bit MUI (English) 2013Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Word MUI (English) 2013Microsoft XNA Framework Redistributable 3.1Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mozilla Firefox 23.0 (x86 en-US)Mozilla Maintenance ServiceMpcStar 5.4Notepad++NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA PhysXNVIDIA Stereoscopic 3D DriverOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPCSX2 - Playstation 2 EmulatorPDF Settings CS6PowerISOPunkBuster ServicesRevo Uninstaller 1.95Security Update for Microsoft Excel 2013 (KB2768017) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2810009) 32-Bit EditionSpeccySteamSystem Requirements Lab CYRIThe King Of Fighters XIIITom Clancy's Ghost Recon Future SoldierTotal War ROME IIUbisoft Game LauncherUnity Web PlayerUpdate for Microsoft Access 2013 (KB2752093) 32-Bit EditionUpdate for Microsoft Lync 2013 (KB2817621) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760267) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760533) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760539) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760553) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817311) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817493) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817624) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817626) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817630) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817632) 32-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 32-Bit EditionUpdate for Microsoft Outlook 2013 (KB2825632) 32-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 32-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 32-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817622) 32-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 32-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit EditionUpdate for Microsoft Word 2013 (KB2817308) 32-Bit EditionUpdate for Microsoft Word 2013 (KB2817627) 32-Bit EditionVLC media player 2.0.8WinRAR 5.00 beta 5 (64-bit)World of Warcraft.==== Event Viewer Messages From Past Week ========.30-Sep-13 23:13:43, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: General access denied error30-Sep-13 23:13:43, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error30-Sep-13 23:13:25, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.30-Sep-13 23:13:23, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.30-Sep-13 18:14:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.29-Sep-13 14:42:16, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.31. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer.28-Sep-13 01:36:16, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.26-Sep-13 14:42:18, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).25-Sep-13 11:25:52, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.24-Sep-13 21:35:45, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.24-Sep-13 20:36:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.24-Sep-13 20:36:09, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.25.2Run by Hosam at 0:19:56 on 2013-10-01Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.4094.2295 [GMT 2:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\dashost.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Download Manager\IDMan.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exeC:\Program Files (x86)\Internet Download Manager\IEMonitor.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Users\Hosam\Downloads\RogueKillerX64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onbootuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Arkane] C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exeuRun: [AdobeUpdate] wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe"uRun: [AdobeBridge] <no file>mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startupmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [DriverCD] H:\Run.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\Hosam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exemPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htmIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllLSP: mswsock.dllTCP: Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer = 41.128.225.225,41.128.225.226Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-mPolicies-System: PromptOnSecureDesktop = dword:0x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.default\FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-09-23 00:07; mozilla_cc@internetdownloadmanager.com; C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5.============= SERVICES / DRIVERS ===============.R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-30 701512]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 WSServiceCrk;Windows Store service crack;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2013-7-17 29696]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\l1c51x64.sys [2013-7-22 90224]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-30 25928]S2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-9-18 172920]S3 AtiDCM;AtiDCM;C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [2013-7-22 23312]S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2013-7-29 16152]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]FileExt: .js: JSFile - HKCR\Unknown\Shell=C:\Windows\SysWow64\OpenWith.exe "%1" [default=openas].=============== Created Last 30 ================.2013-09-30 21:25:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-30 21:25:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-30 01:00:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCE602A2-F2F7-490B-B532-2B1228495B18}\mpengine.dll2013-09-28 22:46:10 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Adobe64x2013-09-28 22:34:05 -------- d-----w- C:\DirectX2013-09-28 22:33:28 -------- d-sh--w- C:\Users\Hosam\lbsan2013-09-28 01:36:37 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-09-26 22:04:04 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-09-26 22:03:56 -------- d-----w- C:\Users\Hosam\AppData\Local\PunkBuster2013-09-26 22:02:30 -------- d-----w- C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher2013-09-26 18:47:58 304816 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin2013-09-26 18:40:19 -------- d-----w- C:\Users\Hosam\.local2013-09-26 18:35:49 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Amarok2013-09-26 18:34:01 -------- d-----w- C:\Program Files (x86)\Amarok2013-09-24 11:55:54 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple Computer2013-09-24 11:55:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-09-24 11:55:19 -------- d-----w- C:\Program Files\iPod2013-09-24 11:55:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-24 11:55:18 -------- d-----w- C:\Program Files\iTunes2013-09-24 11:55:18 -------- d-----w- C:\Program Files (x86)\iTunes2013-09-24 11:55:10 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple2013-09-24 11:54:45 -------- d-----w- C:\Program Files\Bonjour2013-09-24 11:54:45 -------- d-----w- C:\Program Files (x86)\Bonjour2013-09-24 03:40:25 -------- d-----w- C:\Program Files\Speccy2013-09-24 02:50:26 -------- d-----w- C:\Users\Hosam\AppData\Local\Arma 32013-09-24 02:50:26 -------- d-----w- C:\ProgramData\Bohemia Interactive2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-09-23 17:46:50 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-09-23 17:46:50 3233712 ----a-w- C:\Windows\SysWow64\pbsvc.exe2013-09-23 17:34:44 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Ubisoft2013-09-22 22:25:42 -------- d-----w- C:\ProgramData\Origin2013-09-20 04:21:51 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Unity2013-09-18 10:56:01 172920 ----a-w- C:\Windows\System32\drivers\idmwfp.sys2013-09-18 10:36:19 -------- d-----w- C:\Users\Hosam\AppData\Roaming\The Creative Assembly2013-09-18 04:55:52 144896 ----a-w- C:\Windows\System32\tssdisai.dll2013-09-16 17:16:42 -------- d-----w- C:\Windows\AutoKMS2013-09-16 17:14:46 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Toolkit2013-09-16 17:10:17 -------- d-----w- C:\Windows\PCHEALTH2013-09-16 17:09:20 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Help2013-09-16 13:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2013-09-15 11:18:39 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-09-13 09:46:50 -------- d-----w- C:\Users\Hosam\AppData\Local\Unity2013-09-11 23:41:39 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-11 23:41:39 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-11 15:01:21 4917760 ----a-w- C:\Windows\System32\sppsvc.exe2013-09-11 14:56:47 4038144 ----a-w- C:\Windows\System32\win32k.sys2013-09-09 17:49:43 -------- d-----w- C:\Users\Hosam\AppData\Local\MercurySteam2013-09-07 08:39:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup2013-09-04 20:40:52 -------- d-----w- C:\Windows\UbiSoft2013-09-04 17:22:57 -------- d-----w- C:\ProgramData\Orbit.==================== Find3M ====================.2013-08-27 00:09:17 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll2013-08-27 00:09:17 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll2013-08-23 11:35:18 87345 ----a-w- C:\ProgramData\1377257689.bdinstall.bin2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll2013-08-13 19:48:17 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2013-08-04 15:30:01 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys2013-07-31 14:28:16 232065 ----a-w- C:\ProgramData\1375280627.bdinstall.bin2013-07-21 23:36:09 1660 ----a-w- C:\Windows\System32\ASOROSet.bin2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-08 18:15:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-08 18:15:44 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-08 18:15:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-08 12:55:34 510101 ----a-w- C:\Windows\System32\twitchsdk_32_release.dll2013-07-08 07:20:43 383985 ----a-w- C:\ProgramData\1373267891.bdinstall.bin2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-04 13:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys2013-07-04 13:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys2013-07-04 13:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll.============= FINISH: 0:20:37.63 ===============
  5. Attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume2Install Date: 06-Jul-13 00:42:52System Uptime: 30-Sep-13 23:13:01 (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2PProcessor: AMD Athlon II X2 250 Processor | Socket M2 | 3000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 73 GiB total, 9.908 GiB free.D: is FIXED (NTFS) - 127 GiB total, 7.753 GiB free.E: is FIXED (NTFS) - 127 GiB total, 28.279 GiB free.F: is FIXED (NTFS) - 142 GiB total, 9.093 GiB free.G: is FIXED (NTFS) - 0 GiB total, 0.023 GiB free.H: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP80: 27-Sep-13 13:46:22 - Revo Uninstaller's restore point - Castle of IllusionRP81: 28-Sep-13 03:11:28 - Revo Uninstaller's restore point - Dishonored The Brigmore WitchesRP82: 28-Sep-13 03:18:03 - Revo Uninstaller's restore point - DishonoredRP83: 28-Sep-13 12:05:16 - Installed DirectXRP84: 30-Sep-13 17:13:11 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300RP85: 30-Sep-13 17:23:33 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)Adobe AIRAdobe Flash Player 11 PluginAdobe Flash Professional CS6Adobe Help ManagerAdobe Widget BrowserAmarok (remove only)AMD Processor DriverApple Application SupportApple Mobile Device SupportApple Software UpdateAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverBioShockBonjourCastlevania: Lords of Shadow - Ultimate EditionCCleanerDefinition Update for Microsoft Office 2013 (KB2760587) 32-Bit EditionDisney's Donald DuckDota 2DropboxDuckTales RemasteredFIFA 13Google ChromeGoogle Update HelperInternet Download ManageriTunesJava 7 Update 25Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 64-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 64-bit MUI (English) 2013Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Word MUI (English) 2013Microsoft XNA Framework Redistributable 3.1Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mozilla Firefox 23.0 (x86 en-US)Mozilla Maintenance ServiceMpcStar 5.4Notepad++NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA PhysXNVIDIA Stereoscopic 3D DriverOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPCSX2 - Playstation 2 EmulatorPDF Settings CS6PowerISOPunkBuster ServicesRevo Uninstaller 1.95Security Update for Microsoft Excel 2013 (KB2768017) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2810009) 32-Bit EditionSpeccySteamSystem Requirements Lab CYRIThe King Of Fighters XIIITom Clancy's Ghost Recon Future SoldierTotal War ROME IIUbisoft Game LauncherUnity Web PlayerUpdate for Microsoft Access 2013 (KB2752093) 32-Bit EditionUpdate for Microsoft Lync 2013 (KB2817621) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760267) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760533) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760539) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760553) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817311) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817493) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817624) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817626) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817630) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817632) 32-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 32-Bit EditionUpdate for Microsoft Outlook 2013 (KB2825632) 32-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 32-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 32-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817622) 32-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 32-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit EditionUpdate for Microsoft Word 2013 (KB2817308) 32-Bit EditionUpdate for Microsoft Word 2013 (KB2817627) 32-Bit EditionVLC media player 2.0.8WinRAR 5.00 beta 5 (64-bit)World of Warcraft.==== Event Viewer Messages From Past Week ========.30-Sep-13 23:13:43, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: General access denied error30-Sep-13 23:13:43, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: General access denied error30-Sep-13 23:13:25, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.30-Sep-13 23:13:23, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.30-Sep-13 18:14:16, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.29-Sep-13 14:42:16, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.31. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer.28-Sep-13 01:36:16, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.26-Sep-13 14:42:18, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).25-Sep-13 11:25:52, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.24-Sep-13 21:35:45, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.24-Sep-13 20:36:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.24-Sep-13 20:36:09, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688 BrowserJavaVersion: 10.25.2Run by Hosam at 0:19:56 on 2013-10-01Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.4094.2295 [GMT 2:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\dashost.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Download Manager\IDMan.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exeC:\Program Files (x86)\Internet Download Manager\IEMonitor.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Windows Media Player\wmplayer.exeC:\Users\Hosam\Downloads\RogueKillerX64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onbootuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [Arkane] C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exeuRun: [AdobeUpdate] wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe"uRun: [AdobeBridge] <no file>mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startupmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [DriverCD] H:\Run.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\Hosam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exemPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htmIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllLSP: mswsock.dllTCP: Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer = 41.128.225.225,41.128.225.226Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-mPolicies-System: PromptOnSecureDesktop = dword:0x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.default\FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-09-23 00:07; mozilla_cc@internetdownloadmanager.com; C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5.============= SERVICES / DRIVERS ===============.R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-30 701512]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 WSServiceCrk;Windows Store service crack;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2013-7-17 29696]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\l1c51x64.sys [2013-7-22 90224]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-30 25928]S2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-9-18 172920]S3 AtiDCM;AtiDCM;C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [2013-7-22 23312]S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2013-7-29 16152]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]FileExt: .js: JSFile - HKCR\Unknown\Shell=C:\Windows\SysWow64\OpenWith.exe "%1" [default=openas].=============== Created Last 30 ================.2013-09-30 21:25:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-30 21:25:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-30 01:00:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCE602A2-F2F7-490B-B532-2B1228495B18}\mpengine.dll2013-09-28 22:46:10 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Adobe64x2013-09-28 22:34:05 -------- d-----w- C:\DirectX2013-09-28 22:33:28 -------- d-sh--w- C:\Users\Hosam\lbsan2013-09-28 01:36:37 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-09-26 22:04:04 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-09-26 22:03:56 -------- d-----w- C:\Users\Hosam\AppData\Local\PunkBuster2013-09-26 22:02:30 -------- d-----w- C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher2013-09-26 18:47:58 304816 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin2013-09-26 18:40:19 -------- d-----w- C:\Users\Hosam\.local2013-09-26 18:35:49 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Amarok2013-09-26 18:34:01 -------- d-----w- C:\Program Files (x86)\Amarok2013-09-24 11:55:54 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple Computer2013-09-24 11:55:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-09-24 11:55:19 -------- d-----w- C:\Program Files\iPod2013-09-24 11:55:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-09-24 11:55:18 -------- d-----w- C:\Program Files\iTunes2013-09-24 11:55:18 -------- d-----w- C:\Program Files (x86)\iTunes2013-09-24 11:55:10 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple2013-09-24 11:54:45 -------- d-----w- C:\Program Files\Bonjour2013-09-24 11:54:45 -------- d-----w- C:\Program Files (x86)\Bonjour2013-09-24 03:40:25 -------- d-----w- C:\Program Files\Speccy2013-09-24 02:50:26 -------- d-----w- C:\Users\Hosam\AppData\Local\Arma 32013-09-24 02:50:26 -------- d-----w- C:\ProgramData\Bohemia Interactive2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-09-23 17:46:50 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2013-09-23 17:46:50 3233712 ----a-w- C:\Windows\SysWow64\pbsvc.exe2013-09-23 17:34:44 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Ubisoft2013-09-22 22:25:42 -------- d-----w- C:\ProgramData\Origin2013-09-20 04:21:51 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Unity2013-09-18 10:56:01 172920 ----a-w- C:\Windows\System32\drivers\idmwfp.sys2013-09-18 10:36:19 -------- d-----w- C:\Users\Hosam\AppData\Roaming\The Creative Assembly2013-09-18 04:55:52 144896 ----a-w- C:\Windows\System32\tssdisai.dll2013-09-16 17:16:42 -------- d-----w- C:\Windows\AutoKMS2013-09-16 17:14:46 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Toolkit2013-09-16 17:10:17 -------- d-----w- C:\Windows\PCHEALTH2013-09-16 17:09:20 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Help2013-09-16 13:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2013-09-15 11:18:39 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-09-13 09:46:50 -------- d-----w- C:\Users\Hosam\AppData\Local\Unity2013-09-11 23:41:39 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-11 23:41:39 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-11 15:01:21 4917760 ----a-w- C:\Windows\System32\sppsvc.exe2013-09-11 14:56:47 4038144 ----a-w- C:\Windows\System32\win32k.sys2013-09-09 17:49:43 -------- d-----w- C:\Users\Hosam\AppData\Local\MercurySteam2013-09-07 08:39:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup2013-09-04 20:40:52 -------- d-----w- C:\Windows\UbiSoft2013-09-04 17:22:57 -------- d-----w- C:\ProgramData\Orbit.==================== Find3M ====================.2013-08-27 00:09:17 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll2013-08-27 00:09:17 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll2013-08-23 11:35:18 87345 ----a-w- C:\ProgramData\1377257689.bdinstall.bin2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll2013-08-13 19:48:17 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll2013-08-04 15:30:01 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys2013-07-31 14:28:16 232065 ----a-w- C:\ProgramData\1375280627.bdinstall.bin2013-07-21 23:36:09 1660 ----a-w- C:\Windows\System32\ASOROSet.bin2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-08 18:15:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-08 18:15:44 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-08 18:15:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-08 12:55:34 510101 ----a-w- C:\Windows\System32\twitchsdk_32_release.dll2013-07-08 07:20:43 383985 ----a-w- C:\ProgramData\1373267891.bdinstall.bin2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-04 13:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys2013-07-04 13:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys2013-07-04 13:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll.============= FINISH: 0:20:37.63 =============== RogueKiller RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Hosam [Admin rights]Mode : Scan -- Date : 10/01/2013 00:08:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] postgre.exe -- C:\Users\Hosam\AppData\Roaming\Adobe64x\postgre.exe [-] -> KILLED [TermProc][ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 16 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND[RUN][ZeroAccess] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\ \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND[DNS][PUM] HKLM\[...]\CCSet\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND[ZeroAccess][Folder] Install : C:\Users\Hosam\AppData\Local\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com127.0.0.1 ereg.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 wip3.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 ereg.wip3.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 wwis-dubc1-vip60.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 adobe.activate.com127.0.0.1 hl2rcv.adobe.com127.0.0.1 209.34.83.73:443127.0.0.1 209.34.83.73:43127.0.0.1 209.34.83.73127.0.0.1 209.34.83.67:443[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AACS-00G8B1 ATA Device +++++--- User ---[MBR] b95359d1dd27d5cccdd94f01b10eb30c[bSP] 61c1e9781f6bd58575b6a85f5d4329b5 : Linux MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153602046 | Size: 535478 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10012013_000857.txt >>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.