Jump to content

Can't enable malicious website blocking


HMS10
 Share

Recommended Posts

RogueKiller
 

RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Hosam [Admin rights]
Mode : Scan -- Date : 10/01/2013 00:08:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] postgre.exe -- C:\Users\Hosam\AppData\Roaming\Adobe64x\postgre.exe [-] -> KILLED [TermProc]
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 16 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Arkane (C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : AdobeUpdate (wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe" [x][-][-]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-1730054569-3771080232-4104756401-1001\[...]\Run : Google Update ("C:\Users\Hosam\AppData\Local\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\???\???\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" >) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???๛\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < [x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer (41.128.225.225,41.128.225.226) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] SymSrv.yes : C:\Program Files\Windows Defender\SymSrv.yes >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\Hosam\AppData\Local\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] b95359d1dd27d5cccdd94f01b10eb30c
[bSP] 61c1e9781f6bd58575b6a85f5d4329b5 : Linux MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153602046 | Size: 535478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10012013_000857.txt >>
 
Attach
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 06-Jul-13 00:42:52
System Uptime: 30-Sep-13 23:13:01 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-78LMT-S2P
Processor: AMD Athlon II X2 250 Processor | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 9.908 GiB free.
D: is FIXED (NTFS) - 127 GiB total, 7.753 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 28.279 GiB free.
F: is FIXED (NTFS) - 142 GiB total, 9.093 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.023 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP80: 27-Sep-13 13:46:22 - Revo Uninstaller's restore point - Castle of Illusion
RP81: 28-Sep-13 03:11:28 - Revo Uninstaller's restore point - Dishonored The Brigmore Witches
RP82: 28-Sep-13 03:18:03 - Revo Uninstaller's restore point - Dishonored
RP83: 28-Sep-13 12:05:16 - Installed DirectX
RP84: 30-Sep-13 17:13:11 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP85: 30-Sep-13 17:23:33 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS6
Adobe Help Manager
Adobe Widget Browser
Amarok (remove only)
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
BioShock
Bonjour
Castlevania: Lords of Shadow - Ultimate Edition
CCleaner
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Disney's Donald Duck
Dota 2
Dropbox
DuckTales Remastered
FIFA 13
Google Chrome
Google Update Helper
Internet Download Manager
iTunes
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MpcStar 5.4
Notepad++
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Outils de vérification linguistique 2013 de Microsoft Office - Français
PCSX2 - Playstation 2 Emulator
PDF Settings CS6
PowerISO
PunkBuster Services
Revo Uninstaller 1.95
Security Update for Microsoft Excel 2013 (KB2768017) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Speccy
Steam
System Requirements Lab CYRI
The King Of Fighters XIII
Tom Clancy's Ghost Recon Future Soldier
Total War ROME II
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817630) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition
VLC media player 2.0.8
WinRAR 5.00 beta 5 (64-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
30-Sep-13 23:13:43, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  General access denied error
30-Sep-13 23:13:43, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  General access denied error
30-Sep-13 23:13:25, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends on the following service: BFE. This service might not be installed.
30-Sep-13 23:13:23, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
30-Sep-13 18:14:16, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
29-Sep-13 14:42:16, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.31. The computer with the IP address 192.168.0.32 did not allow the name to be claimed by this computer.
28-Sep-13 01:36:16, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
26-Sep-13 14:42:18, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
25-Sep-13 11:25:52, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
24-Sep-13 21:35:45, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
24-Sep-13 20:36:09, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
24-Sep-13 20:36:09, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by Hosam at 0:19:56 on 2013-10-01
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.4094.2295 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dashost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Hosam\Downloads\RogueKillerX64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Arkane] C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe
uRun: [AdobeUpdate] wscript "C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs" "C:\Users\Hosam\AppData\Roaming\Adobe64x\bat.exe"
uRun: [AdobeBridge] <no file>
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DriverCD] H:\Run.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Hosam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
LSP: mswsock.dll
TCP: Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A} : NameServer = 41.128.225.225,41.128.225.226
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-23 00:07; mozilla_cc@internetdownloadmanager.com; C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-30 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 WSServiceCrk;Windows Store service crack;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2013-7-17 29696]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\l1c51x64.sys [2013-7-22 90224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-30 25928]
S2 IDMWFP;IDMWFP;C:\Windows\System32\Drivers\idmwfp.sys [2013-9-18 172920]
S3 AtiDCM;AtiDCM;C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [2013-7-22 23312]
S3 SWDUMon;SWDUMon;C:\Windows\System32\Drivers\SWDUMon.sys [2013-7-29 16152]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
FileExt: .js: JSFile - HKCR\Unknown\Shell=C:\Windows\SysWow64\OpenWith.exe "%1" [default=openas]
.
=============== Created Last 30 ================
.
2013-09-30 21:25:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-30 21:25:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 01:00:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCE602A2-F2F7-490B-B532-2B1228495B18}\mpengine.dll
2013-09-28 22:46:10 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Adobe64x
2013-09-28 22:34:05 -------- d-----w- C:\DirectX
2013-09-28 22:33:28 -------- d-sh--w- C:\Users\Hosam\lbsan
2013-09-28 01:36:37 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-26 22:04:04 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-26 22:03:56 -------- d-----w- C:\Users\Hosam\AppData\Local\PunkBuster
2013-09-26 22:02:30 -------- d-----w- C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher
2013-09-26 18:47:58 304816 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10218.bin
2013-09-26 18:40:19 -------- d-----w- C:\Users\Hosam\.local
2013-09-26 18:35:49 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Amarok
2013-09-26 18:34:01 -------- d-----w- C:\Program Files (x86)\Amarok
2013-09-24 11:55:54 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple Computer
2013-09-24 11:55:40 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-24 11:55:19 -------- d-----w- C:\Program Files\iPod
2013-09-24 11:55:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 11:55:18 -------- d-----w- C:\Program Files\iTunes
2013-09-24 11:55:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-24 11:55:10 -------- d-----w- C:\Users\Hosam\AppData\Local\Apple
2013-09-24 11:54:45 -------- d-----w- C:\Program Files\Bonjour
2013-09-24 11:54:45 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-09-24 03:40:25 -------- d-----w- C:\Program Files\Speccy
2013-09-24 02:50:26 -------- d-----w- C:\Users\Hosam\AppData\Local\Arma 3
2013-09-24 02:50:26 -------- d-----w- C:\ProgramData\Bohemia Interactive
2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-09-23 17:46:56 298032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-23 17:46:50 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-09-23 17:46:50 3233712 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2013-09-23 17:34:44 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Ubisoft
2013-09-22 22:25:42 -------- d-----w- C:\ProgramData\Origin
2013-09-20 04:21:51 -------- d-----w- C:\Users\Hosam\AppData\Roaming\Unity
2013-09-18 10:56:01 172920 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-09-18 10:36:19 -------- d-----w- C:\Users\Hosam\AppData\Roaming\The Creative Assembly
2013-09-18 04:55:52 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-09-16 17:16:42 -------- d-----w- C:\Windows\AutoKMS
2013-09-16 17:14:46 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Toolkit
2013-09-16 17:10:17 -------- d-----w- C:\Windows\PCHEALTH
2013-09-16 17:09:20 -------- d-----w- C:\Users\Hosam\AppData\Local\Microsoft Help
2013-09-16 13:48:09 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-09-15 11:18:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-09-13 09:46:50 -------- d-----w- C:\Users\Hosam\AppData\Local\Unity
2013-09-11 23:41:39 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 23:41:39 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-11 15:01:21 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-09-11 14:56:47 4038144 ----a-w- C:\Windows\System32\win32k.sys
2013-09-09 17:49:43 -------- d-----w- C:\Users\Hosam\AppData\Local\MercurySteam
2013-09-07 08:39:28 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-09-04 20:40:52 -------- d-----w- C:\Windows\UbiSoft
2013-09-04 17:22:57 -------- d-----w- C:\ProgramData\Orbit
.
==================== Find3M  ====================
.
2013-08-27 00:09:17 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2013-08-27 00:09:17 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2013-08-23 11:35:18 87345 ----a-w- C:\ProgramData\1377257689.bdinstall.bin
2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
2013-08-13 19:48:17 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-08-04 15:30:01 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-07-31 14:28:16 232065 ----a-w- C:\ProgramData\1375280627.bdinstall.bin
2013-07-21 23:36:09 1660 ----a-w- C:\Windows\System32\ASOROSet.bin
2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-07-08 18:15:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-08 18:15:44 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-08 18:15:44 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-08 12:55:34 510101 ----a-w- C:\Windows\System32\twitchsdk_32_release.dll
2013-07-08 07:20:43 383985 ----a-w- C:\ProgramData\1373267891.bdinstall.bin
2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll
2013-07-04 13:58:48 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-07-04 13:57:00 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-07-04 13:57:00 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
============= FINISH:  0:20:37.63 ===============
 

 

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

First 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Hosam (administrator) on HMS10 on 01-10-2013 00:52:28
Running from C:\Users\Hosam\Downloads
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [iDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3665488 2013-09-23] (Tonec Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [Arkane] - C:\Users\Hosam\AppData\Roaming\DC717A\DC717A.exe [44968 2012-07-26] (Microsoft Corporation)
HKCU\...\Run: [AdobeUpdate] - C:\Users\Hosam\AppData\Roaming\Adobe64x\invis.vbs [78 2012-07-02] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: I - "I:\setup.exe" 
MountPoints2: J - "J:\setup.exe" 
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DriverCD] - H:\Run.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Startup: C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hosam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * 䳵祛ȹ退湩彴湉瑳污偬摥潲
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://egypt.msn.com/?rd=1&ucc=EG&dcc=EG&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD17702DFD479CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKCU - {6C8F34D5-443B-4ca0-9617-C0689C4EF88B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{CF18EF84-D13E-45CF-9A82-B9194490786A}: [NameServer]41.128.225.225,41.128.225.226
 
FireFox:
========
FF ProfilePath: C:\Users\Hosam\AppData\Roaming\Mozilla\Firefox\Profiles\y4ne3xyr.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hosam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Hosam\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Unfollowers.me) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbaokcchpeocidhfccllamniooiefin\1.2_0
CHR Extension: (WOT) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0
CHR Extension: (YouTube) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (TrafficLight) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.14_0
CHR Extension: (Google Search) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0
CHR Extension: (Yet another flags) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmchcmgddbhmbkakammmklpoonoiiomk\0.9.9.9_0
CHR Extension: (Stylish) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (AirDroid) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd\2.0.4_0
CHR Extension: (IDM Integration Module) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.17.7_0
CHR Extension: (IDM Integration) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_0
CHR Extension: (Awesome New Tab Page) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Checker Plus for Gmail\u2122) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.8.2_0
CHR Extension: (Bitdefender QuickScan) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0
CHR Extension: (Outlook.com) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0
CHR Extension: (Gmail) - C:\Users\Hosam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
 
==================== Services (Whitelisted) =================
 
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WSServiceCrk; C:\Windows\system32\wsservice_crk.dll [118272 2012-11-27] (DeadPihto)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 AR5416; C:\Windows\system32\DRIVERS\athwx.sys [2073120 2009-09-07] (Atheros Communications, Inc.)
S3 AtiDCM; C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [23312 2010-02-10] (Advanced Micro Devices, Inc.)
S3 AtiDCM; C:\Users\Hosam\AppData\Local\Temp\atidcmxx.sys [23312 2010-02-10] (Advanced Micro Devices, Inc.)
R3 L1C; C:\Windows\system32\DRIVERS\l1c51x64.sys [90224 2011-08-11] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-08-04] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST
2013-10-01 00:50 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\Hosam\Downloads\FRST64.exe
2013-10-01 00:20 - 2013-10-01 00:20 - 00019345 _____ C:\Users\Hosam\Desktop\dds.txt
2013-10-01 00:20 - 2013-10-01 00:20 - 00009441 _____ C:\Users\Hosam\Desktop\attach.txt
2013-10-01 00:18 - 2013-10-01 00:19 - 00688992 ____R (Swearware) C:\Users\Hosam\Downloads\dds.com
2013-10-01 00:08 - 2013-10-01 00:08 - 00005340 _____ C:\Users\Hosam\Desktop\RKreport[0]_S_10012013_000857.txt
2013-10-01 00:06 - 2013-10-01 00:28 - 00000000 ____D C:\Users\Hosam\Desktop\RK_Quarantine
2013-10-01 00:06 - 2013-10-01 00:06 - 03969024 _____ C:\Users\Hosam\Downloads\RogueKillerX64.exe
2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-09-30 23:25 - 2013-09-30 23:25 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 23:25 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-30 23:24 - 2013-09-30 23:24 - 00201822 _____ C:\Users\Hosam\Documents\cc_20130930_232406.reg
2013-09-30 17:14 - 2013-09-30 17:14 - 00014534 _____ C:\Users\Hosam\Downloads\[kickass.to]malwarebytes.anti.malware.pro.v1.75.0.1300.incl.keygen.brd.tordigger.torrent
2013-09-30 12:14 - 2013-09-30 12:14 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com
2013-09-30 12:08 - 2013-09-30 12:11 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-30 12:06 - 2013-09-30 12:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-29 15:20 - 2013-09-29 15:20 - 00013767 _____ C:\Users\Hosam\Downloads\[kickass.to]adobe.flash.pro.cs6.thethingy.torrent
2013-09-29 02:03 - 2013-09-29 02:03 - 00021032 _____ C:\Users\Hosam\Downloads\[kickass.to]fifa.14.pc.demo.crack.torrent
2013-09-29 01:57 - 2013-09-29 01:57 - 00016608 _____ C:\Users\Hosam\Downloads\[kickass.to]deadpool.max.1.1.12.2.1.6.x.mas.special.complete.requested.torrent
2013-09-29 01:48 - 2013-09-29 01:48 - 00022671 _____ C:\Users\Hosam\Downloads\[kickass.to]dead.by.sunrise.discography.2009.2010.torrent
2013-09-29 00:46 - 2013-09-04 00:12 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe64x
2013-09-29 00:34 - 2013-09-29 00:34 - 00000000 ____D C:\DirectX
2013-09-29 00:33 - 2013-09-29 23:04 - 00000000 __SHD C:\Users\Hosam\lbsan
2013-09-28 12:05 - 2013-09-28 12:05 - 00000545 _____ C:\Users\Public\Desktop\The King Of Fighters XIII.lnk
2013-09-28 03:46 - 2013-09-28 03:46 - 00000955 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Future Soldier.lnk
2013-09-27 12:45 - 2013-09-27 12:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Mozilla
2013-09-27 00:04 - 2013-09-30 00:43 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-27 00:03 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\PunkBuster
2013-09-27 00:02 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher
2013-09-26 20:35 - 2013-09-26 20:40 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Amarok
2013-09-26 20:34 - 2013-09-26 20:35 - 00000000 ____D C:\Program Files (x86)\Amarok
2013-09-24 13:55 - 2013-09-24 14:16 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iPod
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-24 13:55 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\ProgramData\Apple
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Bonjour
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-24 05:40 - 2013-09-24 05:40 - 00000000 ____D C:\Program Files\Speccy
2013-09-24 04:50 - 2013-09-28 04:58 - 00000000 ____D C:\Users\Hosam\AppData\Local\Arma 3
2013-09-24 04:50 - 2013-09-24 04:54 - 00000000 ____D C:\Users\Hosam\Documents\Arma 3
2013-09-24 04:50 - 2013-09-24 04:50 - 00001023 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arma3.lnk
2013-09-24 04:50 - 2013-09-24 04:50 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-09-23 19:46 - 2013-09-30 00:43 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-23 19:46 - 2013-09-28 03:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-23 19:46 - 2013-09-27 01:13 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-23 19:46 - 2012-08-08 18:32 - 03233712 _____ C:\Windows\SysWOW64\pbsvc.exe
2013-09-23 19:45 - 2013-09-23 19:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-23 19:34 - 2013-09-23 19:34 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Ubisoft
2013-09-23 00:25 - 2013-09-23 00:25 - 00000000 ____D C:\ProgramData\Origin
2013-09-23 00:05 - 2013-09-23 00:05 - 00001013 _____ C:\Users\Hosam\Desktop\Internet Download Manager.lnk
2013-09-22 03:48 - 2013-09-22 03:50 - 13751134 _____ C:\Users\Hosam\Downloads\com.bbm.apk
2013-09-20 06:21 - 2013-09-20 06:21 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Unity
2013-09-18 12:56 - 2013-06-27 11:57 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-09-18 12:36 - 2013-09-18 12:36 - 00000797 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome2.lnk
2013-09-18 06:55 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-17 23:46 - 2013-10-01 00:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 23:46 - 2013-09-17 23:46 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-09-16 19:16 - 2013-09-17 03:42 - 00000000 ____D C:\Windows\AutoKMS
2013-09-16 19:14 - 2013-09-16 19:14 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Toolkit
2013-09-16 19:10 - 2013-09-16 19:10 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 19:09 - 2013-09-27 19:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Help
2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 __RHD C:\MSOCache
2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-16 15:53 - 2013-09-16 16:02 - 00000706 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2013-09-15 13:19 - 2013-09-16 01:46 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\vlc
2013-09-15 13:18 - 2013-09-15 13:18 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-15 13:18 - 2013-09-15 13:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-09-13 11:46 - 2013-09-13 11:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Unity
2013-09-12 10:42 - 2013-09-16 22:30 - 04925616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 01:41 - 2013-09-19 01:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 01:41 - 2013-09-19 01:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 17:02 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 17:02 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 17:02 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 17:02 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 17:02 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 17:02 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 17:02 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 17:02 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 17:02 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 17:02 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 17:02 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 17:02 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 17:02 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 17:02 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 17:02 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 17:02 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 17:02 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 17:02 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 17:02 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 17:02 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 17:02 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 17:02 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 17:02 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 17:02 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 17:02 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-11 17:02 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 17:02 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 17:02 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 17:02 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 17:02 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 17:02 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 17:02 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 17:02 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 17:02 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 17:02 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 17:02 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 17:02 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 17:02 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 17:02 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 17:02 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 17:02 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 17:02 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-11 17:01 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 17:01 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 17:01 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 17:01 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 17:01 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 17:01 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 17:01 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 17:01 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 17:01 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 17:01 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 17:01 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 17:01 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 17:01 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 16:59 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 16:59 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 16:59 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 16:59 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 16:59 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 16:59 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 16:59 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 16:59 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 16:59 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 16:59 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 16:59 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 16:56 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 19:49 - 2013-09-09 19:49 - 00000000 ____D C:\Users\Hosam\AppData\Local\MercurySteam
2013-09-07 11:06 - 2013-09-17 19:18 - 00000000 ____D C:\Users\Hosam\Documents\xwidget
2013-09-07 10:39 - 2013-09-07 21:44 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-04 22:40 - 2013-09-04 22:40 - 00000000 ____D C:\Windows\UbiSoft
2013-09-04 22:10 - 2013-09-04 22:11 - 00000935 _____ C:\Windows\disney.ini
2013-09-04 19:23 - 2013-09-26 23:54 - 00000000 ____D C:\Users\Hosam\Documents\Ubisoft
2013-09-04 19:22 - 2013-09-04 19:22 - 00000000 ____D C:\ProgramData\Orbit
2013-09-01 22:09 - 2013-09-01 22:09 - 00000811 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaintsRowIV.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST
2013-10-01 00:51 - 2013-10-01 00:50 - 01953880 _____ (Farbar) C:\Users\Hosam\Downloads\FRST64.exe
2013-10-01 00:43 - 2013-07-06 00:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1730054569-3771080232-4104756401-1001
2013-10-01 00:42 - 2013-09-17 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 00:38 - 2013-07-08 09:18 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\QuickScan
2013-10-01 00:28 - 2013-10-01 00:06 - 00000000 ____D C:\Users\Hosam\Desktop\RK_Quarantine
2013-10-01 00:28 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\DMCache
2013-10-01 00:21 - 2013-07-06 00:42 - 01796550 _____ C:\Windows\WindowsUpdate.log
2013-10-01 00:20 - 2013-10-01 00:20 - 00019345 _____ C:\Users\Hosam\Desktop\dds.txt
2013-10-01 00:20 - 2013-10-01 00:20 - 00009441 _____ C:\Users\Hosam\Desktop\attach.txt
2013-10-01 00:19 - 2013-10-01 00:18 - 00688992 ____R (Swearware) C:\Users\Hosam\Downloads\dds.com
2013-10-01 00:08 - 2013-10-01 00:08 - 00005340 _____ C:\Users\Hosam\Desktop\RKreport[0]_S_10012013_000857.txt
2013-10-01 00:06 - 2013-10-01 00:06 - 03969024 _____ C:\Users\Hosam\Downloads\RogueKillerX64.exe
2013-10-01 00:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-09-30 23:57 - 2013-09-30 23:57 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-09-30 23:56 - 2013-07-06 06:46 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-30 23:25 - 2013-09-30 23:25 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-30 23:25 - 2013-09-30 23:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 23:24 - 2013-09-30 23:24 - 00201822 _____ C:\Users\Hosam\Documents\cc_20130930_232406.reg
2013-09-30 23:14 - 2013-08-04 16:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-30 23:13 - 2013-07-24 18:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-30 23:13 - 2013-07-06 06:46 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 23:13 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-30 18:14 - 2013-07-06 07:20 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\uTorrent
2013-09-30 18:14 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-30 17:14 - 2013-09-30 17:14 - 00014534 _____ C:\Users\Hosam\Downloads\[kickass.to]malwarebytes.anti.malware.pro.v1.75.0.1300.incl.keygen.brd.tordigger.torrent
2013-09-30 15:35 - 2013-07-07 14:27 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D0511745-73F5-4538-8B21-894D09C03C9A}
2013-09-30 12:14 - 2013-09-30 12:14 - 00003496 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com
2013-09-30 12:12 - 2013-07-09 05:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-09-30 12:11 - 2013-09-30 12:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-30 12:11 - 2013-07-09 05:05 - 00000000 ____D C:\Users\Hosam\AppData\Local\Adobe
2013-09-30 12:10 - 2013-09-30 12:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-30 12:10 - 2013-08-09 02:16 - 00000000 ____D C:\Program Files\Adobe
2013-09-30 12:09 - 2013-07-09 05:06 - 00000000 ____D C:\ProgramData\Adobe
2013-09-30 12:09 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe
2013-09-30 00:43 - 2013-09-27 00:04 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-30 00:43 - 2013-09-23 19:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-29 23:34 - 2013-07-06 09:36 - 00049410 _____ C:\Windows\PFRO.log
2013-09-29 23:04 - 2013-09-29 00:33 - 00000000 __SHD C:\Users\Hosam\lbsan
2013-09-29 22:08 - 2012-07-26 04:16 - 00000000 __SHD C:\Users\Hosam\AppData\Roaming\DC717A
2013-09-29 15:20 - 2013-09-29 15:20 - 00013767 _____ C:\Users\Hosam\Downloads\[kickass.to]adobe.flash.pro.cs6.thethingy.torrent
2013-09-29 14:42 - 2013-07-06 06:46 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-29 14:41 - 2013-07-06 06:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Google
2013-09-29 02:03 - 2013-09-29 02:03 - 00021032 _____ C:\Users\Hosam\Downloads\[kickass.to]fifa.14.pc.demo.crack.torrent
2013-09-29 01:57 - 2013-09-29 01:57 - 00016608 _____ C:\Users\Hosam\Downloads\[kickass.to]deadpool.max.1.1.12.2.1.6.x.mas.special.complete.requested.torrent
2013-09-29 01:48 - 2013-09-29 01:48 - 00022671 _____ C:\Users\Hosam\Downloads\[kickass.to]dead.by.sunrise.discography.2009.2010.torrent
2013-09-29 01:23 - 2013-07-07 13:57 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-29 00:34 - 2013-09-29 00:34 - 00000000 ____D C:\DirectX
2013-09-29 00:33 - 2013-07-06 00:42 - 00000000 ____D C:\Users\Hosam
2013-09-28 23:42 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-28 14:54 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\Downloads\Video
2013-09-28 14:41 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\Downloads\Compressed
2013-09-28 12:06 - 2013-07-06 21:20 - 00446700 _____ C:\Windows\DirectX.log
2013-09-28 12:05 - 2013-09-28 12:05 - 00000545 _____ C:\Users\Public\Desktop\The King Of Fighters XIII.lnk
2013-09-28 04:58 - 2013-09-24 04:50 - 00000000 ____D C:\Users\Hosam\AppData\Local\Arma 3
2013-09-28 03:46 - 2013-09-28 03:46 - 00000955 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Future Soldier.lnk
2013-09-28 03:46 - 2013-09-23 19:46 - 00298032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-27 19:24 - 2013-09-16 19:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-27 13:48 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Local\VirtualStore
2013-09-27 12:45 - 2013-09-27 12:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Mozilla
2013-09-27 01:13 - 2013-09-23 19:46 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-27 00:03 - 2013-09-27 00:03 - 00000000 ____D C:\Users\Hosam\AppData\Local\PunkBuster
2013-09-27 00:03 - 2013-09-27 00:02 - 00000000 ____D C:\Users\Hosam\AppData\Local\Ubisoft Game Launcher
2013-09-26 23:54 - 2013-09-04 19:23 - 00000000 ____D C:\Users\Hosam\Documents\Ubisoft
2013-09-26 20:40 - 2013-09-26 20:35 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Amarok
2013-09-26 20:35 - 2013-09-26 20:34 - 00000000 ____D C:\Program Files (x86)\Amarok
2013-09-26 17:00 - 2013-07-06 00:43 - 00000000 ____D C:\Users\Hosam\AppData\Local\Packages
2013-09-26 14:52 - 2012-07-26 09:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 20:52 - 2013-07-07 15:54 - 00000000 ____D C:\Users\Hosam\Documents\FIFA 13
2013-09-25 10:53 - 2013-07-06 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-25 03:19 - 2013-07-06 21:18 - 00000000 ____D C:\Users\Hosam\AppData\Local\Mozilla
2013-09-24 17:02 - 2012-07-26 09:21 - 00016741 _____ C:\Windows\setupact.log
2013-09-24 14:16 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Users\Hosam\AppData\Local\Apple
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iTunes
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files\iPod
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-24 13:55 - 2013-09-24 13:55 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\ProgramData\Apple
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files\Bonjour
2013-09-24 13:54 - 2013-09-24 13:54 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-24 05:40 - 2013-09-24 05:40 - 00000000 ____D C:\Program Files\Speccy
2013-09-24 04:54 - 2013-09-24 04:50 - 00000000 ____D C:\Users\Hosam\Documents\Arma 3
2013-09-24 04:50 - 2013-09-24 04:50 - 00001023 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\arma3.lnk
2013-09-24 04:50 - 2013-09-24 04:50 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-09-23 19:45 - 2013-09-23 19:45 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-09-23 19:45 - 2013-07-22 18:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-23 19:34 - 2013-09-23 19:34 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Ubisoft
2013-09-23 02:23 - 2013-07-06 20:45 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-09-23 00:25 - 2013-09-23 00:25 - 00000000 ____D C:\ProgramData\Origin
2013-09-23 00:05 - 2013-09-23 00:05 - 00001013 _____ C:\Users\Hosam\Desktop\Internet Download Manager.lnk
2013-09-23 00:05 - 2013-07-06 20:45 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\IDM
2013-09-22 03:50 - 2013-09-22 03:48 - 13751134 _____ C:\Users\Hosam\Downloads\com.bbm.apk
2013-09-20 06:21 - 2013-09-20 06:21 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Unity
2013-09-19 01:26 - 2013-09-12 01:41 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-09-12 01:41 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 12:36 - 2013-09-18 12:36 - 00000797 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome2.lnk
2013-09-17 23:46 - 2013-09-17 23:46 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-17 19:18 - 2013-09-07 11:06 - 00000000 ____D C:\Users\Hosam\Documents\xwidget
2013-09-17 03:42 - 2013-09-16 19:16 - 00000000 ____D C:\Windows\AutoKMS
2013-09-17 03:29 - 2013-08-01 21:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-16 22:30 - 2013-09-12 10:42 - 04925616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-09-16 20:24 - 2013-09-16 20:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-09-16 19:14 - 2013-09-16 19:14 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Toolkit
2013-09-16 19:10 - 2013-09-16 19:10 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Users\Hosam\AppData\Local\Microsoft Help
2013-09-16 19:09 - 2013-09-16 19:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-16 19:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 __RHD C:\MSOCache
2013-09-16 19:08 - 2013-09-16 19:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-16 16:02 - 2013-09-16 15:53 - 00000706 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2013-09-16 01:46 - 2013-09-15 13:19 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\vlc
2013-09-15 13:18 - 2013-09-15 13:18 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-15 13:18 - 2013-09-15 13:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-09-13 11:46 - 2013-09-13 11:46 - 00000000 ____D C:\Users\Hosam\AppData\Local\Unity
2013-09-13 10:50 - 2013-07-06 01:28 - 00000000 ___RD C:\Users\Hosam\Dropbox
2013-09-13 10:50 - 2013-07-06 01:23 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Dropbox
2013-09-12 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-12 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-12 01:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-12 01:38 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-11 21:10 - 2013-07-30 03:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:09 - 2013-07-08 14:30 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-09 19:49 - 2013-09-09 19:49 - 00000000 ____D C:\Users\Hosam\AppData\Local\MercurySteam
2013-09-07 21:44 - 2013-09-07 10:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-07 21:44 - 2013-07-06 00:43 - 00000000 ___RD C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-05 05:00 - 2013-08-11 15:28 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Notepad++
2013-09-04 22:40 - 2013-09-04 22:40 - 00000000 ____D C:\Windows\UbiSoft
2013-09-04 22:11 - 2013-09-04 22:10 - 00000935 _____ C:\Windows\disney.ini
2013-09-04 19:22 - 2013-09-04 19:22 - 00000000 ____D C:\ProgramData\Orbit
2013-09-04 00:12 - 2013-09-29 00:46 - 00000000 ____D C:\Users\Hosam\AppData\Roaming\Adobe64x
2013-09-01 22:09 - 2013-09-01 22:09 - 00000811 _____ C:\Users\Hosam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaintsRowIV.lnk
2013-09-01 03:53 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Hosam\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
 
Some content of TEMP:
====================
C:\Users\Hosam\AppData\Local\Temp\41027.exe
C:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exe
C:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Hosam\AppData\Local\Temp\ose00000.exe
C:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dll
C:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exe
C:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exe
C:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Hosam\AppData\Local\Temp\_is1C22.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-09-30 03:01
 
==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Hosam at 2013-10-01 00:53:55
Running from C:\Users\Hosam\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.1.30059)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Flash Professional CS6 (x32 Version: 12.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Amarok (remove only) (x32 Version: 2.7.0-1)
AMD Processor Driver (x32 Version: 1.3.2.0053)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.4.4)
BioShock (x32 Version: 2.5.0000)
Bonjour (Version: 3.0.0.10)
Castlevania: Lords of Shadow - Ultimate Edition (x32)
CCleaner (Version: 4.04)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Disney's Donald Duck (x32)
Dota 2 (x32)
Dropbox (HKCU Version: 2.2.13)
DuckTales Remastered (x32 Version: 1)
FIFA 13 (x32 Version: 1.1.0.0)
Google Chrome (x32 Version: 29.0.1547.76)
Google Update Helper (x32 Version: 1.3.21.153)
Internet Download Manager (x32)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 26.0a2)
MpcStar 5.4 (x32 Version: 5.4)
Notepad++ (x32 Version: 6.5)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.11.1111)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)
PCSX2 - Playstation 2 Emulator (x32)
PDF Settings CS6 (x32 Version: 11.0)
PowerISO (x32 Version: 5.5)
PunkBuster Services (x32 Version: 0.993)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Speccy (Version: 1.23)
Steam (x32 Version: 1.0.0.0)
System Requirements Lab CYRI (x32 Version: 6.0.7.0)
The King Of Fighters XIII (x32 Version: 1)
Tom Clancy's Ghost Recon Future Soldier (x32 Version: 1.4)
Total War ROME II (x32 Version: 6.0)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Update for Microsoft Access 2013 (KB2752093) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760533) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817624) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817630) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817632) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32)
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2817308) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2817627) 32-Bit Edition (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WinRAR 5.00 beta 5 (64-bit) (Version: 5.00.5)
World of Warcraft (x32)
 
==================== Restore Points  =========================
 
27-09-2013 11:46:22 Revo Uninstaller's restore point - Castle of Illusion
28-09-2013 01:11:28 Revo Uninstaller's restore point - Dishonored The Brigmore Witches
28-09-2013 01:18:03 Revo Uninstaller's restore point - Dishonored
28-09-2013 10:05:16 Installed DirectX
30-09-2013 15:13:11 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
30-09-2013 15:23:33 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
 
==================== Hosts content: ==========================
 
2012-07-26 07:26 - 2013-08-11 15:24 - 00001749 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
 
There are 2 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {084CBE9E-8AD3-47DA-A2AD-E6B7D9EC0852} - System32\Tasks\User_Feed_Synchronization-{D0511745-73F5-4538-8B21-894D09C03C9A} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {19B8316E-50D4-4B14-871C-6657F40CC70A} - \AutoKMS No Task File
Task: {52638C25-6FC0-4964-BCB5-F70C858C6587} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {6677232A-DD09-4D97-B025-9A4F3330D2A4} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {6F4EB890-F316-427B-AAD5-BB0FB459A833} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06] (Google Inc.)
Task: {984B3EE7-6177-456D-9EA7-61B28C2A388D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hms10@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {9D83E77B-A957-4893-96DA-DFFAACEF8D4D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {A0892E4D-2F85-4EA7-907D-9B255B5156CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)
Task: {D82F5656-1C23-43FC-8066-6A2ED43F75F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {F9EF32F2-ED6C-42C9-8BB9-246C8CB1785B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-01 08:20 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 14:46 - 2013-09-21 20:35 - 01121192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 14:32 - 2013-09-11 00:20 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-09-22 19:59 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-22 19:59 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-22 19:59 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-22 19:59 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-22 19:59 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-22 19:59 - 2013-09-17 05:21 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/01/2013 00:21:20 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/30/2013 11:14:12 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/30/2013 11:14:07 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HMS10)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%2147942405
 
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%2147942405
 
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%2147942405
 
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%2147942405
 
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%2147942405
 
Error: (10/01/2013 00:21:03 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%2147942405
 
Error: (09/30/2013 11:13:43 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%2147942405
 
Error: (09/30/2013 11:13:43 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%2147942405
 
Error: (09/30/2013 11:13:35 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%2147942405
 
Error: (09/30/2013 11:13:35 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%2147942405
 
 
Microsoft Office Sessions:
=========================
Error: (10/01/2013 00:21:20 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/30/2013 11:14:12 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (09/30/2013 11:14:07 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
Error: (09/30/2013 06:14:17 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HMS10)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 4093.55 MB
Available physical RAM: 1998.1 MB
Total Pagefile: 4925.55 MB
Available Pagefile: 2158.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:73.14 GB) (Free:9.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (I) (Fixed) (Total:126.95 GB) (Free:7.75 GB) NTFS
Drive e: (II) (Fixed) (Total:126.95 GB) (Free:28.28 GB) NTFS
Drive f: (III) (Fixed) (Total:142.07 GB) (Free:9.09 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: D9F44E41)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=523 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02

Ran by Hosam at 2013-10-01 01:24:34 Run:1

Running from C:\Users\Hosam\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Run: [AdobeBridge] - [x]

MountPoints2: I - "I:\setup.exe" 

MountPoints2: J - "J:\setup.exe" 

Winsock: Catalog5 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Winsock: Catalog5-x64 04 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

cmd: netsh winsock reset

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\   \...\???\{80b4f3dc-b95f-5388-a1b5-be65b9c79738}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

C:\Program Files (x86)\Google\Desktop\Install

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

C:\Users\Hosam\AppData\Local\Google\Desktop\Install

C:\Users\Hosam\AppData\Local\Temp\41027.exe

C:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exe

C:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Hosam\AppData\Local\Temp\ose00000.exe

C:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dll

C:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exe

C:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exe

C:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Hosam\AppData\Local\Temp\_is1C22.exe

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

End

 

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => Key deleted successfully.

Winsock: Catalog5 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

Winsock: Catalog5-x64 entry 000000000004\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

 

=========  netsh winsock reset =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

*etadpug => Service deleted successfully.

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

C:\Users\Hosam\AppData\Local\Google\Desktop\Install => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\41027.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\NEwBSDynDNS.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\SRLDetectionLibrary2064022866688269491.dll => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\ubi40FF.tmp.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\ubi84FF.tmp.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.

C:\Users\Hosam\AppData\Local\Temp\_is1C22.exe => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\SymSrv.yes" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

Link to post
Share on other sites

Re-boot your PC then continue:

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

 

Attach DrWeb log to your next reply, it will be excessive...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.