Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I think my computer is infected [Closed]

Started by ihabsaid , Sep 27 2015 01:20 AM

Hard disk error malware computer infected

This topic is locked

#1
ihabsaid

Posted 27 September 2015 - 01:20 AM

New Member

Member
1 posts

Hi all,

Suddenly yesterday, I have been receiving an error on my computer stating that Windows has discovered a hard disk error. It says I need to back-up my harddirve before I lose everything.

I have done that - backed up the computer on an external drive - this includes a system image and folders.

Can you confirm whether the error message I have recieved is genuine or malware? ps. no error messages today!

Thank you for all your help!

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Ihab (administrator) on OWNER-PC (26-09-2015 07:27:18)
Running from C:\Users\Ihab.owner-PC\Downloads
Loaded Profiles: Ihab (Available Profiles: owner & Ihab & Daniel & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxeccoms.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Word_17.6131.10061.0_x64__8wekyb3d8bbwe\WordIm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.6131.10061.0_x64__8wekyb3d8bbwe\xlim.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-05] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2372800 2014-11-26] (Microsoft Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2015-04-08] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710720 2015-09-25] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [B2DA25E02FDD0BFF25C29E6CD6A9724FF53B74D4._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-12] (Google Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [Google Update] => C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-04] (Google Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\RunOnce: [Uninstall C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\RunOnce: [Uninstall C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\RunOnce: [Uninstall C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\RunOnce: [Uninstall C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-09-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ihab.owner-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ihab.owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-01-23]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
Startup: C:\Users\Ihab.owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ihab.owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-01-23]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
Startup: C:\Users\Ihab.owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-3441355507-501977229-3566188338-1007\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{16d63739-c64c-40fb-9d4d-d11e36b4fa72}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6017ea3b-8210-4f62-984b-752e79e8a789}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3441355507-501977229-3566188338-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3441355507-501977229-3566188338-1006 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3441355507-501977229-3566188338-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3441355507-501977229-3566188338-1006 -> {CE1E069A-C025-4CB4-9EB1-39885C50AC23} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3441355507-501977229-3566188338-1006 -> {DB79EB74-CC0A-464F-AA36-BEFBB3F0399D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Ihab.owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\x1a95lwn.default-1438113692987
FF Homepage: www.bing.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll [2014-07-24] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3441355507-501977229-3566188338-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ihab.owner-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3441355507-501977229-3566188338-1006: @talk.google.com/O1DPlugin -> C:\Users\Ihab.owner-PC\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3441355507-501977229-3566188338-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-3441355507-501977229-3566188338-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ihab.owner-PC\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ihab.owner-PC\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: New Tab by Yahoo - C:\Users\Ihab.owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\x1a95lwn.default-1438113692987\Extensions\[email protected] [2015-09-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-04]
CHR Extension: (Google Docs) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (YouTube) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google Search) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (iCloud Bookmarks) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-08-16]
CHR Extension: (The Economist) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj [2014-04-04]
CHR Extension: (Pin It Button) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-08]
CHR Extension: (JW.ORG) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnggdeoambkcbgckfmhjbediblojbbd [2014-04-04]
CHR Extension: (Google Play) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-04-04]
CHR Extension: (Build with Chrome) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2014-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Poppit!) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Gmail) - C:\Users\Ihab.owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
CHR HKU\S-1-5-21-3441355507-501977229-3566188338-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-04] (Dropbox, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lxec_device; C:\windows\system32\lxeccoms.exe [1052328 2010-04-15] ( )
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-05] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-05] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-05] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-04] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 07:27 - 2015-09-26 07:31 - 00043937 _____ C:\Users\Ihab.owner-PC\Downloads\FRST.txt
2015-09-26 07:26 - 2015-09-26 07:28 - 00000000 ____D C:\FRST
2015-09-26 07:25 - 2015-09-26 07:25 - 02192384 _____ (Farbar) C:\Users\Ihab.owner-PC\Downloads\FRST64.exe
2015-09-26 07:22 - 2015-09-26 07:22 - 00016148 _____ C:\WINDOWS\system32\OWNER-PC_Ihab_HistoryPrediction.bin
2015-09-25 23:56 - 2015-09-25 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-24 05:16 - 2015-09-24 05:16 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll
2015-09-22 18:42 - 2015-09-22 18:42 - 18819272 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-09-18 18:43 - 2015-09-18 18:43 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Local\YSearchUtil
2015-09-18 18:43 - 2015-09-18 18:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-18 18:40 - 2015-09-18 18:40 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Roaming\Sun
2015-09-18 18:40 - 2015-09-18 18:40 - 00000000 ____D C:\Users\Ihab.owner-PC\.oracle_jre_usage
2015-09-18 18:34 - 2015-09-18 18:34 - 00000000 ___HD C:\OneDriveTemp
2015-09-18 18:27 - 2015-09-18 18:27 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-18 18:27 - 2015-09-18 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-18 18:25 - 2015-09-18 18:26 - 00000000 ____D C:\Program Files\iTunes
2015-09-18 18:25 - 2015-09-18 18:25 - 00000000 ____D C:\Program Files\iPod
2015-09-18 18:25 - 2015-09-18 18:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-18 18:17 - 2015-09-18 18:17 - 00000000 ____D C:\Program Files\Bonjour
2015-09-18 18:17 - 2015-09-18 18:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-18 18:16 - 2015-09-18 18:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-18 18:16 - 2015-09-18 18:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-17 10:35 - 2015-09-17 10:35 - 00001650 _____ C:\Users\Ihab.owner-PC\Downloads\launch (1).ica
2015-09-17 09:21 - 2015-09-17 09:21 - 00016148 _____ C:\WINDOWS\system32\OWNER-PC_Daniel_HistoryPrediction.bin
2015-09-16 18:43 - 2015-09-16 18:43 - 00263194 _____ C:\Users\Ihab.owner-PC\Downloads\km_e-Bi_E_201510(1).epub
2015-09-16 18:43 - 2015-09-16 18:43 - 00256192 _____ C:\Users\Ihab.owner-PC\Downloads\km_e-Bi_E_201511.epub
2015-09-10 06:06 - 2015-09-10 06:06 - 00096768 _____ C:\Users\Daniel\Documents\Daniels.pub
2015-09-09 20:48 - 2015-09-02 02:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 20:48 - 2015-09-02 01:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 20:48 - 2015-09-02 01:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 20:48 - 2015-08-27 07:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 20:48 - 2015-08-27 07:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 20:48 - 2015-08-27 07:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 20:48 - 2015-08-27 06:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 20:48 - 2015-08-27 06:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 20:48 - 2015-08-27 06:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 20:48 - 2015-08-27 06:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 20:48 - 2015-08-27 06:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 20:48 - 2015-08-27 06:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 20:48 - 2015-08-27 06:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 20:48 - 2015-08-27 06:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 20:48 - 2015-08-27 06:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 20:48 - 2015-08-27 06:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 20:48 - 2015-08-27 06:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 20:48 - 2015-08-27 06:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 20:48 - 2015-08-27 06:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 20:48 - 2015-08-27 06:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 20:48 - 2015-08-27 06:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 20:48 - 2015-08-27 06:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 20:48 - 2015-08-27 06:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 20:48 - 2015-08-27 06:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 20:48 - 2015-08-27 06:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 20:48 - 2015-08-27 06:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 20:48 - 2015-08-27 06:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 20:48 - 2015-08-27 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 20:48 - 2015-08-27 06:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 20:48 - 2015-08-27 06:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 20:48 - 2015-08-27 06:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 20:48 - 2015-08-27 06:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 16:00 - 2015-09-09 16:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\Dropbox
2015-09-05 09:11 - 2015-09-05 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-04 17:56 - 2015-09-04 17:56 - 00660960 _____ (Dropbox, Inc.) C:\Users\Ihab.owner-PC\Downloads\DropboxInstaller(1).exe
2015-09-04 17:06 - 2015-08-20 07:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-04 17:06 - 2015-08-20 07:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-04 17:06 - 2015-08-20 07:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-04 17:06 - 2015-08-20 06:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-04 17:06 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-04 17:06 - 2015-08-20 06:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-04 17:06 - 2015-08-18 08:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-04 17:06 - 2015-08-18 08:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-04 17:06 - 2015-08-18 08:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-04 17:06 - 2015-08-18 08:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-04 17:06 - 2015-08-18 08:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-04 17:06 - 2015-08-18 08:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-04 17:06 - 2015-08-18 08:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-04 17:06 - 2015-08-18 08:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-04 17:06 - 2015-08-18 08:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-04 17:06 - 2015-08-18 07:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-04 17:06 - 2015-08-18 07:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-04 17:06 - 2015-08-18 07:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-04 17:06 - 2015-08-18 07:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-04 17:06 - 2015-08-18 07:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-04 17:06 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-04 17:06 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-04 17:06 - 2015-08-18 05:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-04 17:05 - 2015-08-20 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-04 17:05 - 2015-08-18 08:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-04 17:05 - 2015-08-18 08:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-04 17:05 - 2015-08-18 07:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-04 17:05 - 2015-08-18 07:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-04 17:05 - 2015-08-18 07:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-04 17:05 - 2015-08-18 07:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-04 17:05 - 2015-08-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-04 17:05 - 2015-08-18 07:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-04 17:05 - 2015-08-18 07:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-04 17:05 - 2015-08-18 07:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-04 17:05 - 2015-08-18 07:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-04 17:05 - 2015-08-18 07:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-04 17:05 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-04 17:05 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-04 17:05 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-04 17:05 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-04 17:05 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-04 16:52 - 2015-09-26 06:57 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-04 16:52 - 2015-09-25 23:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-04 16:52 - 2015-09-25 16:57 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-04 16:52 - 2015-09-04 16:52 - 00660960 _____ (Dropbox, Inc.) C:\Users\Ihab.owner-PC\Downloads\DropboxInstaller.exe
2015-09-04 16:52 - 2015-09-04 16:52 - 00003982 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-09-04 16:52 - 2015-09-04 16:52 - 00003750 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-08-28 09:11 - 2015-08-28 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 09:47 - 2015-08-27 09:49 - 01942912 _____ (MGTEK) C:\Users\Ihab.owner-PC\Downloads\dopisp(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 07:32 - 2014-05-15 07:55 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Roaming\Skype
2015-09-26 07:27 - 2015-07-10 13:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-26 07:21 - 2015-07-17 17:06 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-26 06:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-26 06:45 - 2012-09-18 20:35 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1004UA.job
2015-09-26 06:42 - 2012-04-13 03:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-26 06:41 - 2014-08-05 21:34 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1006UA.job
2015-09-26 06:21 - 2012-07-10 14:02 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 04:03 - 2015-08-04 21:05 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E019867-82F6-48EE-9E8E-A14596997C3E}
2015-09-25 23:57 - 2014-08-05 18:25 - 00000000 ___RD C:\Users\Ihab.owner-PC\Dropbox
2015-09-25 23:57 - 2014-08-01 10:51 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Roaming\Dropbox
2015-09-25 22:45 - 2012-09-18 20:35 - 00000852 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1004Core.job
2015-09-25 21:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-25 18:33 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-09-25 14:55 - 2015-08-04 18:00 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 14:53 - 2015-07-10 13:20 - 00025023 _____ C:\WINDOWS\setupact.log
2015-09-25 11:41 - 2014-08-05 21:34 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1006Core.job
2015-09-21 21:43 - 2014-08-10 06:13 - 00000000 ____D C:\Users\Ihab.owner-PC\OneDrive
2015-09-21 21:41 - 2015-05-29 15:29 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Roaming\Raptr
2015-09-21 21:41 - 2014-08-05 19:46 - 00000000 ___RD C:\Users\Ihab.owner-PC\Google Drive
2015-09-21 21:40 - 2015-04-17 07:58 - 00000000 ___RD C:\Users\Ihab.owner-PC\iCloudDrive
2015-09-21 21:34 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-21 21:33 - 2015-08-04 17:52 - 00009022 _____ C:\WINDOWS\PFRO.log
2015-09-21 21:33 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 21:26 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 19:52 - 2015-07-13 21:20 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Local\47E85322-76D0-46B2-83A7-776C5162EF09.aplzod
2015-09-19 07:26 - 2015-05-28 17:15 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Local\Dropbox
2015-09-18 23:42 - 2014-08-05 18:25 - 00001310 _____ C:\Users\Ihab.owner-PC\Desktop\Dropbox.lnk
2015-09-18 18:41 - 2014-04-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2015-09-18 18:41 - 2010-03-27 00:19 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-18 18:40 - 2015-08-04 18:01 - 00000000 ____D C:\Users\Ihab.owner-PC
2015-09-18 18:40 - 2014-10-16 10:04 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-18 18:40 - 2014-10-16 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-18 18:25 - 2012-08-01 21:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-18 18:16 - 2012-04-13 14:19 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-18 11:36 - 2015-07-17 17:04 - 00004054 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1006UA
2015-09-18 11:36 - 2015-07-17 17:04 - 00003678 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3441355507-501977229-3566188338-1006Core
2015-09-17 10:32 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-17 06:16 - 2015-07-17 17:06 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 06:16 - 2012-07-10 14:02 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 05:57 - 2015-08-04 20:35 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F0AB954-B399-4B37-A86D-5DEBEB41CFCD}
2015-09-17 05:54 - 2015-06-06 09:59 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Raptr
2015-09-16 18:08 - 2015-08-04 20:37 - 00000000 ____D C:\Users\Ihab.owner-PC\AppData\Local\Packages
2015-09-16 18:08 - 2015-08-04 20:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages
2015-09-15 17:12 - 2015-07-10 12:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 17:12 - 2015-07-10 12:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 15:38 - 2015-08-04 20:32 - 00000000 ___RD C:\Users\Daniel\OneDrive
2015-09-14 15:37 - 2015-08-04 20:32 - 00002387 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 15:35 - 2015-08-04 20:30 - 00000000 ____D C:\Users\Daniel\AppData\Local\MicrosoftEdge
2015-09-11 17:06 - 2015-08-04 20:56 - 00002408 _____ C:\Users\Ihab.owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-10 16:36 - 2015-08-05 02:45 - 00000000 ____D C:\Windows.old
2015-09-10 06:14 - 2014-09-23 16:52 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Apple Computer
2015-09-10 06:11 - 2015-07-10 13:20 - 00362088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 06:08 - 2015-07-10 14:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 06:08 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 22:01 - 2011-09-28 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 21:55 - 2013-07-27 14:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-05 09:11 - 2013-02-04 21:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-05 09:11 - 2011-10-19 21:16 - 00000000 ____D C:\ProgramData\Skype
2015-09-05 03:51 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-05 03:33 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-04 18:19 - 2012-09-13 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-08-28 09:39 - 2015-07-28 20:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 12:10 - 2015-08-04 18:01 - 00000000 ____D C:\Users\Daniel
2015-08-27 09:49 - 2014-09-17 13:29 - 00002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MGTEK dopisp.lnk
2015-08-27 09:49 - 2014-09-17 13:29 - 00002019 _____ C:\Users\Public\Desktop\MGTEK dopisp.lnk

==================== Files in the root of some directories =======

2014-12-18 07:09 - 2015-04-14 07:08 - 0000093 _____ () C:\Users\Ihab.owner-PC\AppData\Roaming\ARCompanion.log
2015-01-31 08:52 - 2015-01-31 08:52 - 0038479 _____ () C:\Users\Ihab.owner-PC\AppData\Roaming\Comma Separated Values.ADR
2014-04-04 18:16 - 2014-04-04 18:18 - 0004608 _____ () C:\Users\Ihab.owner-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-01 01:02 - 2012-02-01 01:02 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-01-06 03:18 - 2012-01-06 03:18 - 0000252 _____ () C:\ProgramData\FastPics.log
2012-01-06 03:18 - 2012-12-23 16:54 - 0057465 _____ () C:\ProgramData\lxec.log
2012-01-24 02:39 - 2012-01-31 23:51 - 0000431 _____ () C:\ProgramData\lxecDiagnostics.log
2011-12-28 19:49 - 2012-09-06 13:09 - 0032458 _____ () C:\ProgramData\lxecJSW.log
2012-01-06 03:16 - 2012-12-23 16:54 - 0016413 _____ () C:\ProgramData\lxecscan.log
2012-02-01 01:02 - 2012-02-01 01:02 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-01-09 13:01 - 2012-01-09 13:01 - 16434977 _____ () C:\ProgramData\SPL10C2.tmp
2012-01-24 12:47 - 2012-01-24 12:47 - 4629004 _____ () C:\ProgramData\SPL2AA8.tmp
2012-01-23 16:42 - 2012-01-23 16:42 - 4629004 _____ () C:\ProgramData\SPL300F.tmp
2012-01-23 16:41 - 2012-01-23 16:41 - 4629004 _____ () C:\ProgramData\SPL326.tmp
2012-01-24 02:37 - 2012-01-24 02:37 - 4629004 _____ () C:\ProgramData\SPL3552.tmp
2012-01-06 14:29 - 2012-01-06 14:29 - 16434977 _____ () C:\ProgramData\SPL3DF9.tmp
2012-01-19 17:56 - 2012-01-19 17:56 - 16434977 _____ () C:\ProgramData\SPL4597.tmp
2012-01-06 03:10 - 2012-01-06 03:10 - 16434977 _____ () C:\ProgramData\SPL734E.tmp
2012-01-05 16:17 - 2012-01-05 16:17 - 16434977 _____ () C:\ProgramData\SPL7EAC.tmp
2012-01-15 13:47 - 2012-01-15 13:47 - 16434977 _____ () C:\ProgramData\SPL85B2.tmp
2012-01-31 22:34 - 2012-01-31 22:34 - 4629004 _____ () C:\ProgramData\SPL865E.tmp
2012-01-06 03:25 - 2012-01-06 03:25 - 16434977 _____ () C:\ProgramData\SPL931A.tmp
2012-01-31 23:39 - 2012-01-31 23:39 - 4629004 _____ () C:\ProgramData\SPL9423.tmp
2012-01-05 16:17 - 2012-01-05 16:17 - 16434977 _____ () C:\ProgramData\SPL9596.tmp
2012-01-24 12:47 - 2012-01-24 12:47 - 4629004 _____ () C:\ProgramData\SPL95C9.tmp
2012-01-06 14:22 - 2012-01-06 14:22 - 16434977 _____ () C:\ProgramData\SPL9636.tmp
2012-01-24 02:36 - 2012-01-24 02:36 - 4629004 _____ () C:\ProgramData\SPL9DA6.tmp
2012-01-12 09:18 - 2012-01-12 09:18 - 16434977 _____ () C:\ProgramData\SPLA36F.tmp
2012-01-15 13:47 - 2012-01-15 13:47 - 16434977 _____ () C:\ProgramData\SPLAC07.tmp
2012-01-06 00:08 - 2012-01-06 00:08 - 16434977 _____ () C:\ProgramData\SPLB46F.tmp
2012-06-05 14:30 - 2012-06-05 14:30 - 0015436 _____ () C:\ProgramData\SPLB617.tmp
2012-01-12 09:18 - 2012-01-12 09:18 - 16434977 _____ () C:\ProgramData\SPLC032.tmp
2012-01-31 19:27 - 2012-01-31 19:27 - 4629004 _____ () C:\ProgramData\SPLC59F.tmp
2012-01-31 22:34 - 2012-01-31 22:34 - 4629004 _____ () C:\ProgramData\SPLCEF1.tmp
2012-01-06 14:23 - 2012-01-06 14:23 - 16434977 _____ () C:\ProgramData\SPLD92E.tmp
2012-01-31 23:39 - 2012-01-31 23:39 - 4629004 _____ () C:\ProgramData\SPLD9CA.tmp
2012-01-06 00:08 - 2012-01-06 00:08 - 16434977 _____ () C:\ProgramData\SPLE23.tmp
2012-01-06 03:25 - 2012-01-06 03:25 - 16434977 _____ () C:\ProgramData\SPLE5DB.tmp
2012-01-09 13:01 - 2012-01-09 13:01 - 16434977 _____ () C:\ProgramData\SPLE780.tmp
2012-01-19 17:56 - 2012-01-19 17:56 - 16434977 _____ () C:\ProgramData\SPLEEFF.tmp
2012-01-31 19:27 - 2012-01-31 19:27 - 4629004 _____ () C:\ProgramData\SPLF630.tmp
2012-01-06 03:15 - 2012-01-06 03:15 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mbsbg.dll
C:\Users\Ihab.owner-PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnp2d0p.dll
C:\Users\Ihab.owner-PC\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Ihab.owner-PC\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Ihab.owner-PC\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ihab.owner-PC\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ihab.owner-PC\AppData\Local\Temp\tmpEA23.exe
C:\Users\Ihab.owner-PC\AppData\Local\Temp\ytb.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-24 13:34

==================== End of FRST.txt ============================

Attached Files

Addition.txt 57.79KB 222 downloads

#2
pystryker

Posted 27 September 2015 - 06:21 AM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks To Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

If you are receiving help for this issue at another forum, please let me know so I can close this thread.
Please download to and run all requested tools from your Desktop.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello

I'm not seeing any malware in your logs, however I do see some things that need to be tidied up. Let's take care of those and run a couple of further scans.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Ihab.owner-PC\Downloads to your Desktop or the fix will not work.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
GroupPolicyUsers\S-1-5-21-3441355507-501977229-3566188338-1007\User: Restriction <======= ATTENTION
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\ProgramData\*.tmp
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3441355507-501977229-3566188338-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ihab.owner-PC\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {0E531911-7029-470D-B89B-E9171CEDE511} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1A5180A3-04F5-4851-9917-C0155360A178} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {49905CA4-EDEC-4EAD-869B-F03664F56EF9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6918FF6F-C9FE-41D1-832F-F348F1B66976} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {8487E952-83DD-4B55-AC87-67AF026F5D6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {86F008F4-8C18-47DA-B474-8826C8C5D4C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A546F8CA-3E2C-4F09-A35A-08C9DD69747C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B5B2B63B-53FF-4E2B-B6D9-82BF2BC692FF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BBF89FC2-8457-4E5A-948F-2E7D67A5E983} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F8024380-830C-4E87-A924-6F7D420B95A5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FD2C2A9C-8786-4B30-8130-BC44E97D0052} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF4FB6F0-5811-4D08-A088-BA5F92A60930} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 2: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
Please Check the following options:
- Reset Proxy Settings
- Reset Winsock Settings
- Reset TCP/IP Settings
- Reset Firewall Settings
- Reset IPSec Settings
- Reset BITS Queue
- Reset Internet Explorer Policies
- Reset Chrome Policies
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
- Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\

Step 4: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.
FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

#3
pystryker

Posted 29 September 2015 - 04:34 AM

Trusted Helper

Malware Removal
3,912 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Hard disk error, malware, computer infected

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,622 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,704 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,853 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,705 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,590 views	DR M 03 Feb 2022