Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Fady (administrator) on FEDZY on 08-04-2015 21:55:09 Running from C:\Users\Fady\Desktop Loaded Profiles: Fady (Available profiles: Fady & Guest) Platform: Windows 8 Single Language (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6883840 2012-09-01] (Pegatron Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION) HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-25] (SUPERAntiSpyware) HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe /tray HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [1025656 2015-04-08] (Link64 GmbH) HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Policies\Explorer: [] HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-1451804644-2025619606-565389536-1001\...\MountPoints2: {cbb99dbd-7dc9-11e4-8034-20689dff3dab} - "E:\WD SmartWare.exe" autoplay=true ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.) BootExecute: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.1.0.24 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.1.0.24 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.1.0.24 HKU\S-1-5-21-1451804644-2025619606-565389536-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKU\S-1-5-21-1451804644-2025619606-565389536-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp HKU\S-1-5-21-1451804644-2025619606-565389536-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1451804644-2025619606-565389536-1001 -> {1B8D72A0-6E6F-4499-A430-C28C4DBE3B21} URL = BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll [2012-08-22] (Symantec Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll [2012-08-22] (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 62.240.110.198 62.240.110.197 Tcpip\..\Interfaces\{4EF93B54-73EB-4677-A724-FEBA4FE805C0}: [NameServer] 62.240.110.197,62.240.110.198 Tcpip\..\Interfaces\{C9A18D5D-30D0-4062-8618-632C2C81A9C4}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\Fady\AppData\Roaming\Mozilla\Firefox\Profiles\rwhckx38.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-05] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-07-24] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-04-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-04-08] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn [2015-04-08] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://toshiba13.msn.com/ CHR StartupUrls: Default -> "about:blank" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll () CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Profile: C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13] CHR Extension: (YouTube) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13] CHR Extension: (Google Search) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-13] CHR Extension: (Bookmark Manager) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-23] CHR Extension: (Pulse) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehllpiamddoghfbfbgmajdcifkpjopm [2013-08-04] CHR Extension: (Speed Dial 2) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-04-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08] CHR Extension: (Stop Video Download For YouTube) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgmjigkhbgepkepgiieeoeigkdifndi [2015-04-08] CHR Extension: (Google Wallet) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24] CHR Extension: (Gmail) - C:\Users\Fady\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13] CHR HKU\S-1-5-21-1451804644-2025619606-565389536-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] R2 HPSLPSVC; C:\Users\Fady\AppData\Local\Temp\7zS2C7C\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [143928 2012-08-19] (Symantec Corporation) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-02-09] (Disc Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-01-23] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-01-23] (Symantec Corporation) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-04-08] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20150407.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20150407.057\ENG64.SYS [129752 2015-01-23] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20150407.057\EX64.SYS [2137304 2015-01-23] (Symantec Corporation) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1406000.01B\SymELAM.sys [23448 2012-06-21] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2015-01-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) S3 Tosrfcom; No ImagePath S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [230400 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 21:55 - 2015-04-08 21:55 - 00024412 _____ () C:\Users\Fady\Desktop\FRST.txt 2015-04-08 21:49 - 2015-04-08 21:49 - 00033663 _____ () C:\Users\Fady\Downloads\Addition.txt 2015-04-08 21:48 - 2015-04-08 21:49 - 00034797 _____ () C:\Users\Fady\Downloads\FRST.txt 2015-04-08 21:47 - 2015-04-08 21:47 - 02095616 _____ (Farbar) C:\Users\Fady\Downloads\FRST64 (1).exe 2015-04-08 19:14 - 2015-04-08 19:14 - 00000000 ____D () C:\Users\Fady\.appwork 2015-04-08 19:06 - 2015-04-08 19:11 - 00000000 ____D () C:\ProgramData\VideoDownloaderUltimateWinApp 2015-04-08 19:06 - 2015-04-08 19:06 - 00000897 _____ () C:\Users\Fady\Desktop\Video Downloader Ultimate.lnk 2015-04-08 19:04 - 2015-04-08 19:05 - 01615480 _____ (Link64 GmbH) C:\Users\Fady\Downloads\VideoDownloaderUltimate_winapp_installer.exe 2015-04-08 18:30 - 2015-04-08 18:31 - 02347384 _____ (ESET) C:\Users\Fady\Downloads\esetsmartinstaller_enu.exe 2015-04-08 18:24 - 2015-04-08 18:24 - 02095616 _____ (Farbar) C:\Users\Fady\Desktop\FRST64.exe 2015-04-08 17:11 - 2015-04-08 21:55 - 00000000 ____D () C:\FRST 2015-04-08 17:11 - 2015-04-08 17:11 - 00000207 _____ () C:\windows\tweaking.com-regbackup-FEDZY-Windows-8-Single-Language-(64-bit).dat 2015-04-08 17:11 - 2015-04-08 17:11 - 00000000 ____D () C:\RegBackup 2015-04-08 17:10 - 2015-04-08 17:10 - 02686959 _____ (Thisisu) C:\Users\Fady\Downloads\JRT.exe 2015-04-08 16:42 - 2015-04-08 16:42 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys 2015-04-08 16:40 - 2015-04-08 16:40 - 00002072 _____ () C:\windows\system32\.crusader 2015-04-08 16:21 - 2015-04-08 16:40 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-04-08 15:48 - 2015-04-08 15:48 - 00281368 _____ () C:\windows\Minidump\040815-37812-01.dmp 2015-04-08 15:25 - 2015-04-08 21:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-08 15:25 - 2015-04-08 15:44 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-08 15:25 - 2015-04-08 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-08 15:25 - 2015-04-08 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-08 15:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-04-08 15:25 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-04-08 15:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-04-08 14:22 - 2015-04-08 14:23 - 11028616 _____ (SurfRight B.V.) C:\Users\Fady\Downloads\HitmanPro_x64.exe 2015-04-08 14:21 - 2015-04-08 14:21 - 00000161 _____ () C:\windows\system32\netcfg-877687.txt 2015-04-08 14:21 - 2015-04-08 14:21 - 00000148 _____ () C:\windows\system32\netcfg-891765.txt 2015-04-08 14:21 - 2015-04-08 14:21 - 00000148 _____ () C:\windows\system32\netcfg-890640.txt 2015-04-08 14:01 - 2015-04-08 14:02 - 02217984 _____ () C:\Users\Fady\Downloads\adwcleaner_4.201.exe 2015-04-08 13:57 - 2015-04-08 13:57 - 00001166 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-08 11:15 - 2015-04-08 11:15 - 00000000 ____D () C:\Users\Fady\AppData\Local\MediaHuman 2015-04-08 11:07 - 2015-04-08 11:14 - 17314456 _____ ( ) C:\Users\Fady\Downloads\YouTubeDownloader.exe 2015-04-08 11:07 - 2015-04-08 11:07 - 00000000 ____D () C:\Users\Fady\AppData\Local\4kdownload.com 2015-04-08 11:05 - 2015-04-08 11:05 - 00000000 ____D () C:\Users\Fady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-07 11:50 - 2015-04-07 11:50 - 00281368 _____ () C:\windows\Minidump\040715-39421-01.dmp 2015-04-06 10:38 - 2015-04-07 15:27 - 00000000 ____D () C:\Learning 2015-03-28 22:42 - 2015-03-28 22:42 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2015-03-28 09:49 - 2015-03-28 09:49 - 00010826 _____ () C:\Users\Fady\Downloads\2DB7.tmp 2015-03-28 09:46 - 2015-03-28 09:46 - 00010826 _____ () C:\Users\Fady\Downloads\F07F.tmp 2015-03-24 21:35 - 2015-03-24 21:35 - 00907352 _____ () C:\windows\Minidump\032415-33187-01.dmp 2015-03-14 17:34 - 2015-03-14 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-03-14 17:33 - 2015-03-14 17:34 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-03-14 17:33 - 2015-03-14 17:34 - 00000000 ____D () C:\Program Files\iTunes 2015-03-14 17:33 - 2015-03-14 17:33 - 00000000 ____D () C:\Program Files\iPod 2015-03-14 17:33 - 2015-03-14 17:33 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-03-14 17:19 - 2015-03-14 17:21 - 152428336 _____ (Apple Inc.) C:\Users\Fady\Downloads\itunes6464setup.exe 2015-03-13 11:56 - 2015-03-13 11:56 - 00928216 _____ () C:\windows\Minidump\031315-39187-01.dmp 2015-03-09 19:29 - 2015-03-09 19:30 - 00281480 _____ () C:\windows\Minidump\030915-44906-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 21:36 - 2014-09-16 15:41 - 00004942 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for FEDZY-Fady FeDzY 2015-04-08 21:30 - 2013-06-13 16:31 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1451804644-2025619606-565389536-1001 2015-04-08 21:25 - 2014-06-21 10:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-04-08 21:25 - 2013-06-13 16:47 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-08 21:23 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-04-08 19:35 - 2013-06-13 16:22 - 01608795 _____ () C:\windows\WindowsUpdate.log 2015-04-08 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2015-04-08 19:14 - 2013-06-13 16:22 - 00000000 ____D () C:\Users\Fady 2015-04-08 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2015-04-08 18:57 - 2013-06-13 16:47 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-08 17:04 - 2013-06-19 10:29 - 01640960 ___SH () C:\Users\Fady\Desktop\Thumbs.db 2015-04-08 16:42 - 2012-09-03 08:41 - 06360506 _____ () C:\windows\PFRO.log 2015-04-08 16:17 - 2014-01-16 18:02 - 00000000 ____D () C:\Users\Fady\AppData\Roaming\rmi 2015-04-08 15:48 - 2014-07-20 16:17 - 00000000 ____D () C:\windows\Minidump 2015-04-08 15:47 - 2014-07-23 08:10 - 915587734 _____ () C:\windows\MEMORY.DMP 2015-04-08 15:24 - 2013-06-13 21:06 - 00000000 ____D () C:\Users\Fady\AppData\Roaming\BitComet 2015-04-08 14:07 - 2014-09-12 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-08 14:06 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI 2015-04-08 13:57 - 2013-06-26 09:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-08 13:52 - 2013-06-13 16:47 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-04-08 13:52 - 2013-06-13 16:47 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-08 11:14 - 2013-08-17 00:20 - 00510976 ___SH () C:\Users\Fady\Downloads\Thumbs.db 2015-04-08 10:24 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2015-04-07 17:33 - 2012-07-26 09:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI 2015-04-07 16:42 - 2013-06-13 16:22 - 00000000 ____D () C:\Users\Fady\AppData\Local\Packages 2015-04-06 13:49 - 2013-11-08 18:07 - 00000000 ____D () C:\Users\Fady\Desktop\Work 2015-04-05 18:03 - 2014-05-09 09:29 - 00000000 ____D () C:\Users\Fady\Desktop\Accounting 2015-04-03 14:20 - 2012-09-02 23:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA 2015-04-03 14:20 - 2012-09-02 23:50 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA 2015-04-03 06:57 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF 2015-03-29 20:58 - 2012-07-26 09:21 - 00051301 _____ () C:\windows\setupact.log 2015-03-28 17:06 - 2013-06-13 19:31 - 00000000 ____D () C:\Users\Fady\AppData\Local\Microsoft Help 2015-03-26 10:20 - 2013-06-14 20:34 - 00000000 ____D () C:\Users\Fady\AppData\Local\CrashDumps 2015-03-26 10:19 - 2014-05-13 17:55 - 00001030 _____ () C:\Users\Fady\Documents\plot.log 2015-03-17 20:50 - 2015-01-23 19:03 - 00000000 ____D () C:\ProgramData\Norton 2015-03-14 17:33 - 2013-12-13 09:49 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-03-14 16:30 - 2015-01-21 21:36 - 00000000 ____D () C:\Users\Fady\Desktop\iClarified ==================== Files in the root of some directories ======= 2013-08-25 12:55 - 2013-08-25 12:55 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2013-12-02 22:38 - 2013-12-02 22:39 - 0000390 _____ () C:\Users\Fady\AppData\Roaming\burnaware.ini 2015-02-19 10:00 - 2015-02-19 10:00 - 0058880 _____ () C:\Users\Fady\AppData\Local\N360 2015-02-19 10:00 - 2015-02-19 10:00 - 0055808 _____ () C:\Users\Fady\AppData\Local\NAV 2015-02-19 10:00 - 2015-02-19 10:00 - 0054272 _____ () C:\Users\Fady\AppData\Local\NIS 2013-06-25 15:30 - 2013-06-25 15:30 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Fady\AppData\Local\Temp\EsgInstallerx64Stub.exe C:\Users\Fady\AppData\Local\Temp\FreeStudio.exe C:\Users\Fady\AppData\Local\Temp\FreeVideoCallRecorder.exe C:\Users\Fady\AppData\Local\Temp\proxy_vole6788084545271080619.dll C:\Users\Fady\AppData\Local\Temp\Quarantine.exe C:\Users\Fady\AppData\Local\Temp\sqlite3.dll C:\Users\Fady\AppData\Local\Temp\UmmyVideoDownloader.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-03 07:23 ==================== End Of Log ============================