cooperator

Honorary Members
  • Content count

    231
  • Joined

  • Last visited

About cooperator

  • Rank
    Advanced Member

Profile Information

  • Location
    people's Democratic Republic of Yemen
  1. Why does no one reply to me? Could anyone at this splendid forum take some of his precious time out to reply to my previous points to finish this matter?
  2. Could anyone at this splendid forum take some of his precious time out to reply to my previous points to finish this matter?
  3. Thanks a lot, Could you please go through my four points below, and reply to them? My problem with my computer and systme is that my computer system is very slow in response, and even when loading, it takes a long time to be settled , and even webpages sometiem get unrespoinnding, and sometimes takes a long time to be shown/ opened (in MS IE, FireFox, Google Chrome) while connected to internt to a braondband connection with a speed of 512Kbps. 1- I have not Yet proceeded with running fixdamage.exe since I noticed "Some user settings may be lost after applying this procedure. If you are not experiencing any broken or corrupt service issues with your system then please don't continue" 2- After I run the FRST(FRST and Addition files are attached) in your STEP 08, and I didn't find anything, then I run the AdwCleaner by following your STEP 05? 3- However, how to know FRST detected bad files and must be removed as long as there is no fixlist shown after finishing the FRST? 4- I have tried run AdCleaner as your STEP 05, This is the logfile of AdwCleaner.exe, however, there are no results in the 'service' Since I you am not sure to what I keep and what I remove, I post the log for review. (Are all items found adware/spyware/foistware?) # AdwCleaner v5.036 - Logfile created 27/02/2016 at 13:35:48# Updated 22/02/2016 by Xplode# Database : 2016-02-27.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe# Option : Scan# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\Program Files (x86)\eSupport.comFolder Found : C:\Program Files (x86)\myfree codecFolder Found : C:\Program Files (x86)\tencentFolder Found : C:\Program Files (x86)\Common Files\Innovative SolutionsFolder Found : C:\ProgramData\Innovative SolutionsFolder Found : C:\ProgramData\tencentFolder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codecFolder Found : D:\Users\Aeidh\AppData\Local\Innovative SolutionsFolder Found : D:\Users\Aeidh\AppData\Roaming\tencentFolder Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tencentFolder Found : D:\Users\Lardhi\AppData\Roaming\tencentFolder Found : D:\Users\Mohammad\AppData\Local\DriverToolkitFolder Found : D:\Users\Mohammad\AppData\Local\eSupport.comFolder Found : D:\Users\Mohammad\AppData\Local\Innovative SolutionsFolder Found : D:\Users\Mohammad\AppData\Roaming\tencentFolder Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tencent ***** [ Files ] ***** File Found : D:\Users\Aeidh\AppData\Roaming\Mozilla\Firefox\Profiles\2wb7y8w7.default\searchplugins\safesearch.xmlFile Found : D:\Users\Lardhi\AppData\Roaming\Mozilla\Firefox\Profiles\9ex2dkrv.default\searchplugins\safesearch.xmlFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\04uig4hm.default\searchplugins\safesearch.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnk ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** Task Found : update-S-1-5-21-3353856634-2765868531-2667151896-1044Task Found : update-sysTask Found : update-S-1-5-21-3353856634-2765868531-2667151896-1044Task Found : update-sys ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}Key Found : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}Key Found : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}Key Found : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}Key Found : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}Key Found : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}Key Found : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}Key Found : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}Key Found : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}Key Found : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}Key Found : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}Key Found : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}Key Found : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}Key Found : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer ***** [ Web browsers ] ***** [D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : nortonsafe.search.ask.com[D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com[D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : nortonsafe.search.ask.com[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask ************************* D:\AdwCleaner\AdwCleaner[s3].txt - [5001 bytes] - [27/02/2016 13:35:48] ########## EOF - D:\AdwCleaner\AdwCleaner[s3].txt - [5074 bytes] ########## 5- you don't think I can also follow the other steps (Run fixdamage.exe , STEP 04, STEP 06, STEP 07), you mentioned. FRST.txt Addition.txt
  4. First of all: Thank you so much indeed for accepting my request with respect to reopening this related topic. Secondly: since I have been faced with the same issues discussed here, and when trying downloading 'FRST', and While the real protection of 'Microsoft Security Essentials' and 'Malwarebytes Anti-Malware' is disabled, When I run 'FIRST', it only took about 2 minutes, and then saved 'addition', and 'FRST' files . However, there are no entries which can be removed in the fixlist. There is no fixlist at all saved. So, what benefit is there from running FIRST as long as there are no entities shown to be fixed ???? NOTE::: I have removed the FRST.txt and Addition.txt files contents since whenever posting the post, I found 'error 'post too long' What should I do to fix this? So, Since there is no option to attach files in 'basic reply', I had to edit my post in full editor to find a chance to attach the files to this post? Thirdly: What difference is there between 'FRST' and 'AdwCleaner'? Fourthly: Should I be going ahead to be running the AdwCleaner tool after FRST didn't find anything? Fifthly: I tried running the AdwCleanr. Now, whenever running the AdwCleaner 5.0.3.6 as admin, then I see 'Database corrupted. Please uninstalled AdwCleaner and download it again', although when I clicked on 'scan' button in that AdwCleaner, then I found "loading database' is in progress so far. But I don't know why I have been faced with that error 'Database corrupted. Please uninstalled AdwCleaner and download it again' "AdvancedSetup" told me that "Basically ignore it, go find the download and run it.", and he sent me a link below, but that link is not dedicated only for the error "Database corrupted. Please uninstalled AdwCleaner and download it again''. So, I have not found any troubleshooting for this error in this link below http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx I really uninstalled the AdwCleaner, and downloaded another download, but the same error appeared again. Although I run AdwarCleaner, and exited the error popup(window), and then clicked on 'Scan', however, found 'loading database' has been in progress, but it wasn't progressing quickly. So, I had to close the AdwCleanr since I thought due to that error ' "Database corrupted', the loading database didn't finish.AdvancedSetup, on 27 Feb 2016 - 02:49 AM, said: Addition.txt FRST.txt
  5. I am sorry for delaying in reply. However, I was expecting that I have finished all scans as long as there were no things detected when running the tool again(as shown in my previous post). Do I need to scan my pc with Farbar Recovery Scan Tool again.
  6. Thanks a lot, I know that pirating software can be harmful and useless for a user's OSs since everything pirated will result in getting problems in a system over time. I really removed that folder in the first time you told me, but I would like to be familar to what I did in order to help others in the feature with what is benefit and harful for their systems. I was honest with you, and told you that that was piracy, or otherwise I wouldn't post the the results of the scanning porgrams if I didn't want to be honest. Moreover, MrCharlie who suggested those steps for me, and he said When it's done you'd see: Pending: Please uncheck elements you don't want removed. •Look over the log especially under Files/Folders for any program you want to save. However, you only brought your attention to that only folder, and you ignored replying on 'What benefit is there from running with 'Farrar Recovery Scan Tool', as long as I didn't use it to remove anything, although it didn't detect anything to let it delete. I will only use AdwCleaner to delete anything it found. This is the log file after deleting the potential threats:: # AdwCleaner v4.106 - Report created 31/12/2014 at 14:01:52# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Deleted : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Deleted : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFile Deleted : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Deleted : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xml***** [ Scheduled Tasks ] *****Task Deleted : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Deleted : HKCU\Software\Myfree CodecKey Deleted : HKLM\SOFTWARE\Myfree Codec***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15648 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [15328 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [7355 octets] - [31/12/2014 13:26:15]AdwCleaner[S0].txt - [6987 octets] - [31/12/2014 14:01:52]########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [7047 octets] ##########This is the log file after restarting the computer to delete the threats:: # AdwCleaner v4.106 - Report created 31/12/2014 at 13:26:15# Updated 21/12/2014 by Xplode# Database : 2014-12-30.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15325 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [8075 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [7159 octets] - [31/12/2014 13:26:15]########## EOF - D:\AdwCleaner\AdwCleaner[R2].txt - [7219 octets] ########### AdwCleaner v4.106 - Report created 31/12/2014 at 14:16:37# Updated 21/12/2014 by Xplode# Database : 2014-12-30.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95*************************AdwCleaner[R0].txt - [15648 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [15328 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [8148 octets] - [31/12/2014 13:26:15]AdwCleaner[S0].txt - [7175 octets] - [31/12/2014 14:01:52]########## EOF - D:\AdwCleaner\AdwCleaner[R2].txt - [8268 octets] ##########
  7. Thanks a lot, What benefit is there from running with 'Farbar Recovery Scan Tool', as long as I didn't use it to remove anything, although it didn't detect anything to let it delete. I will only use AdwCleaner to delete anything it found. That folder seems to be a Attempting To Activate Office 2010 KMS Products. If it was a threat, then why wouldn't we let the AdwCleaner remove it? Also, I think I will need to reactive Office 2010 if I deteted that folder.
  8. Could anyone at this splendid forum please reply to me to finish this pending problem?
  9. Thanks a lot, I disabled my Microsoft Security Essential . And I first run 'Farbar Recovery Scan Tool', and this is its 'First' file. However, there are no results showing me if there are some files infected. Also, I didn't see any options to delete elements while scannin with ''Farbar Recovery Scan Tool' Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014Ran by Mohammad (administrator) on MOHAMMAD-PC on 30-12-2014 15:50:06Running from D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus softwareLoaded Profile: Mohammad (Available profiles: Lardhi & Aeidh & Mohammad)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(HP) C:\Windows\System32\HPSIsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Dropbox, Inc.) D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe(http://getfireshot.com) D:\Users\Mohammad\AppData\Roaming\FireShot\fireshot-chrome-plugin.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coNatHst.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Farbar) D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\Farbar Recovery Scan Tool (FRST64).exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-11-04] (IDT, Inc.)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2014-11-03] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [SkyDrive] => D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-11] (Microsoft Corporation)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3491264 2012-06-10] (Tonec Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [Facebook Update] => D:\Users\Mohammad\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-11] (Facebook Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [GoogleChromeAutoLaunch_30531D3AC6252412E560A942A1E06104] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {21cde78c-bf4f-11e2-ab09-e02a82d4d697} - F:\SETUP.EXEHKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {585d11ff-cfae-11e3-9ba3-e02a82d4d697} - H:\SISetup.exeHKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {6a7e3af9-e17f-11e3-bcc1-e02a82d4d697} - H:\SISetup.exeHKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION Startup: D:\Users\Aeidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Lardhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [1NZOverlayExcluded] -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [1NZOverlayPending] -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [1NZOverlaySynced] -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/SearchScopes: HKU\S-1-5-21-3353856634-2765868531-2667151896-1038 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.98.59.dll (getfireshot.com)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.98.59.dll (getfireshot.com)Toolbar: HKU\S-1-5-21-3353856634-2765868531-2667151896-1038 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)FireFox:========FF ProfilePath: D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.defaultFF SearchEngineOrder.3: Bing FF Homepage: about:homeFF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3353856634-2765868531-2667151896-1038: @Skype Limited.com/Facebook Video Calling Plugin -> D:\Users\Mohammad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF SearchPlugin: D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFF Extension: IDM CC - D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\Extensions\mozilla_cc@internetdownloadmanager.com [2014-12-08]FF Extension: FireShot - D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-12-10]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-13]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-25]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-03-29]FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2014-12-30]FF HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5 [2013-12-31]FF HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5Chrome: =======CHR HomePage: Default -> CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ffCHR Profile: D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]CHR Extension: (YouTube) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]CHR Extension: (Google Search) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]CHR Extension: (Google Calendar) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-12-08]CHR Extension: (Web page captures from browser) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomlbefjpamblimccfdomfgpgokdljcg [2014-11-04]CHR Extension: (Norton Identity Safe) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-03]CHR Extension: (Website Logon) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-06-25]CHR Extension: (Hangouts) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-12-08]CHR Extension: (Skype Click to Call) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-16]CHR Extension: (Capture Webpage Screenshot - FireShot) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-11-04]CHR Extension: (Norton Safe) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-11-01]CHR Extension: (Google Wallet) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16]CHR Extension: (Norton Security Toolbar) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-11-03]CHR Extension: (Gmail) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-11-03]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-11-03]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-20] (Symantec Corporation)S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-18] (Puran Software) [File not signed]R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [166384 2014-09-09] (Windows (R) Win 7 DDK provider)S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-17] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-17] ()S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)S3 ALSysIO; \??\D:\Users\Mohammad\AppData\Local\Temp\ALSysIO64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-30 15:42 - 2014-12-30 15:45 - 00000112 _____ () C:\Windows\setupact.log2014-12-30 15:42 - 2014-12-30 15:42 - 00000000 _____ () C:\Windows\setuperr.log2014-12-30 13:45 - 2014-12-30 13:45 - 00001249 _____ () D:\Users\Mohammad\Desktop\AdwCleaner.txt2014-12-30 13:04 - 2014-12-30 15:50 - 00000000 ____D () C:\FRST2014-12-30 03:33 - 2014-12-30 03:33 - 00000000 ____D () D:\Users\Mohammad\Downloads\Welcome to EaseUS LiveChat_files2014-12-29 01:52 - 2014-12-29 01:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task2014-12-27 01:46 - 2014-12-27 01:46 - 00001911 _____ () D:\Users\Public\Desktop\LightScribe.lnk2014-12-26 14:10 - 2014-12-26 19:11 - 00000000 ____D () D:\Users\Mohammad\Desktop\Connecting between two Wireless laptops connected wirelessly to the same Wireless Router2014-12-26 13:34 - 2014-12-26 13:34 - 00001176 _____ () D:\Users\Public\Desktop\EaseUS Todo PCTrans 6.5.lnk2014-12-26 04:10 - 2014-12-26 04:13 - 00000000 ____D () D:\Users\Mohammad\Desktop\Playing Media Streaming2014-12-26 02:19 - 2014-12-26 02:19 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices2014-12-25 07:17 - 2014-12-25 07:26 - 00000000 ____D () C:\Program Files (x86)\Picture Merge Genius2014-12-25 07:17 - 2014-12-25 07:17 - 00000872 _____ () D:\Users\Mohammad\Desktop\Picture Merge Genius.lnk2014-12-25 07:12 - 2014-12-25 07:14 - 00231808 _____ () D:\Users\Mohammad\Downloads\PictureMergeGeniusEn.exe2014-12-25 02:22 - 2014-12-27 01:09 - 00000000 ____D () D:\Users\Mohammad\Desktop\Problem with reading CDs,DVDs2014-12-24 22:21 - 2014-12-26 20:57 - 00000175 _____ () C:\rescuepe.log2014-12-24 03:43 - 2014-12-24 04:43 - 00000000 ____D () D:\Users\Mohammad\Desktop\Scanning2014-12-24 03:00 - 2014-12-24 03:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5BD9715C.sys2014-12-21 07:35 - 2014-12-21 07:35 - 00051849 _____ () D:\Users\Mohammad\Downloads\70F3.tmp2014-12-21 07:35 - 2014-12-21 07:35 - 00000000 ____D () D:\Users\Mohammad\Desktop\Arvixe Web Hosting - Powered by Kayako Help Desk Software_files2014-12-18 23:37 - 2014-12-18 23:37 - 00000000 ____D () D:\Users\Mohammad\Desktop\My ISP's IP address2014-12-18 01:33 - 2014-12-13 08:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-18 01:33 - 2014-12-13 06:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-17 06:49 - 2014-12-17 06:58 - 00000910 _____ () D:\Users\Mohammad\Desktop\Core Temp.lnk2014-12-17 06:49 - 2014-12-17 06:49 - 00000000 ____D () C:\Program Files\Core Temp2014-12-16 06:08 - 2014-12-16 06:08 - 00000000 ____D () D:\Users\Mohammad\Desktop\Printing a scanned image page as a selectable text with printer driver software2014-12-14 07:51 - 2014-12-14 07:51 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-14 01:19 - 2014-12-04 05:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-14 01:19 - 2014-12-04 05:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-14 01:19 - 2014-12-02 02:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-13 05:41 - 2014-11-27 04:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-13 05:41 - 2014-11-27 04:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-13 05:41 - 2014-11-22 06:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-13 05:41 - 2014-11-22 06:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-13 05:41 - 2014-11-22 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-13 05:41 - 2014-11-22 05:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-13 05:41 - 2014-11-22 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-13 05:41 - 2014-11-22 05:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-13 05:41 - 2014-11-22 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-13 05:41 - 2014-11-22 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-13 05:41 - 2014-11-22 05:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-13 05:41 - 2014-11-22 05:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-13 05:41 - 2014-11-22 05:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-13 05:41 - 2014-11-22 05:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-13 05:41 - 2014-11-22 05:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-13 05:41 - 2014-11-22 05:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-13 05:41 - 2014-11-22 05:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-13 05:41 - 2014-11-22 05:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-13 05:41 - 2014-11-22 05:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-13 05:41 - 2014-11-22 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-13 05:41 - 2014-11-22 05:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-13 05:41 - 2014-11-22 05:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-13 05:41 - 2014-11-22 05:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-13 05:41 - 2014-11-22 05:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-13 05:41 - 2014-11-22 05:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-13 05:41 - 2014-11-22 05:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-13 05:41 - 2014-11-22 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-13 05:41 - 2014-11-22 05:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-13 05:41 - 2014-11-22 05:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-13 05:41 - 2014-11-22 04:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-13 05:41 - 2014-11-22 04:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-13 05:41 - 2014-11-22 04:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-13 05:41 - 2014-11-22 04:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-13 05:41 - 2014-11-22 04:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-13 05:41 - 2014-11-22 04:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-13 05:41 - 2014-11-22 04:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-13 05:41 - 2014-11-22 04:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-13 05:41 - 2014-11-22 04:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-13 05:41 - 2014-11-22 04:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-13 05:41 - 2014-11-22 04:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-13 05:41 - 2014-11-22 04:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-13 05:41 - 2014-11-22 04:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-13 05:41 - 2014-11-22 04:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-13 05:41 - 2014-11-22 04:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-13 05:41 - 2014-11-22 04:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-13 05:41 - 2014-11-22 04:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-13 05:41 - 2014-11-22 04:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-13 05:41 - 2014-11-22 04:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-13 05:41 - 2014-11-22 04:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-13 05:41 - 2014-11-22 04:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-13 05:41 - 2014-11-22 04:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-13 05:41 - 2014-11-22 04:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-13 05:41 - 2014-11-22 03:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-13 05:41 - 2014-11-22 03:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-12 06:06 - 2014-10-18 05:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-12 06:06 - 2014-10-18 04:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-12 06:06 - 2014-07-07 05:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-12 06:06 - 2014-07-07 05:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-12 06:06 - 2014-07-07 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-12 06:06 - 2014-07-07 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-12 06:06 - 2014-07-07 04:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-12 06:06 - 2014-07-07 04:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-12 06:06 - 2014-07-07 04:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-12 06:06 - 2014-07-07 04:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-12 00:47 - 2014-11-08 06:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-12 00:47 - 2014-11-08 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-12 00:31 - 2014-11-11 06:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-12 00:31 - 2014-11-11 05:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-12 00:26 - 2014-11-11 04:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-11 23:50 - 2014-10-03 05:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-11 23:50 - 2014-10-03 05:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-11 23:50 - 2014-10-03 04:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-11 23:50 - 2014-10-03 04:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-11 07:07 - 2014-12-11 07:11 - 00002438 _____ () D:\Users\Mohammad\Desktop\How do individuals running forums offset the costing of renting services.txt2014-12-11 06:54 - 2014-10-30 05:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-11 06:54 - 2014-10-30 04:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-08 00:50 - 2014-12-08 00:50 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-07 01:53 - 2014-12-30 03:44 - 00000000 ____D () D:\Users\Mohammad\Desktop\Contacting Norton Support about NIS2014-12-06 23:31 - 2014-12-26 05:49 - 00000000 ____D () D:\Users\Mohammad\Desktop\Internet Subscription2014-12-06 02:54 - 2014-12-06 02:58 - 02321819 _____ () D:\Users\Mohammad\Documents\Sound Recorded while talking to HP Customer Care.wma2014-12-02 04:18 - 2014-12-02 04:18 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\corz2014-12-02 04:15 - 2014-12-02 04:15 - 00476461 _____ () D:\Users\Mohammad\Downloads\Long Path Fixer for Windows x64.zip2014-12-02 04:14 - 2014-12-02 04:14 - 00782117 _____ () D:\Users\Mohammad\Downloads\long_path_tool.zip2014-12-02 04:11 - 2014-12-02 04:12 - 00230656 _____ () D:\Users\Mohammad\Downloads\long_path_tool.exe2014-12-02 01:04 - 2014-12-02 01:04 - 00000000 ____D () C:\k2014-12-01 15:02 - 2014-12-01 15:02 - 00000000 ____D () D:\Users\Lardhi\AppData\Local\Hewlett-Packard2014-12-01 15:01 - 2014-12-01 15:01 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\Intel Corporation2014-12-01 15:00 - 2014-12-01 15:00 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Hewlett-Packard2014-12-01 14:53 - 2014-12-01 14:53 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Intel Corporation2014-12-01 14:53 - 2014-12-01 14:53 - 00000000 ____D () D:\Users\Aeidh\AppData\Local\Hewlett-Packard==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-30 15:49 - 2014-05-09 19:19 - 01973709 _____ () C:\Windows\WindowsUpdate.log2014-12-30 15:47 - 2014-04-15 01:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-30 15:46 - 2014-10-31 11:12 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat2014-12-30 15:46 - 2013-06-17 00:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-30 15:45 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-30 15:44 - 2013-12-31 23:15 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\DMCache2014-12-30 15:41 - 2014-01-01 04:32 - 00000000 ___RD () D:\Users\Mohammad\SkyDrive2014-12-30 15:38 - 2013-12-31 23:05 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Skype2014-12-30 15:36 - 2013-12-31 23:15 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\IDM2014-12-30 15:27 - 2013-06-17 00:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-12-30 15:25 - 2013-05-08 14:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-30 14:03 - 2014-02-11 19:58 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3353856634-2765868531-2667151896-1038UA.job2014-12-30 13:08 - 2014-01-01 00:21 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Dropbox2014-12-30 13:08 - 2013-05-27 06:10 - 00000000 ___RD () D:\Users\Mohammad\Dropbox2014-12-30 13:06 - 2009-07-14 07:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-12-30 13:06 - 2009-07-14 07:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-12-30 03:28 - 2014-02-10 16:45 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\PrimoPDF2014-12-30 02:21 - 2014-11-01 14:21 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMohammad2014-12-30 02:21 - 2014-11-01 14:21 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForMohammad.job2014-12-29 05:54 - 2014-01-01 23:18 - 00000000 ____D () D:\Users\Mohammad\AppData\Local\CrashDumps2014-12-29 05:54 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Tracing2014-12-29 05:54 - 2001-12-18 11:10 - 00000635 _____ () C:\Windows\wafi2000.ini2014-12-29 05:51 - 2014-10-01 21:13 - 00000000 ____D () D:\Users\Mohammad\Desktop\English2014-12-29 05:49 - 2013-05-18 03:12 - 00001687 _____ () C:\Windows\ata live update.ini2014-12-29 05:36 - 2014-09-22 04:33 - 00000000 ____D () D:\Users\Mohammad\Desktop\Temp things2014-12-29 05:28 - 2013-11-19 06:41 - 00000000 ____D () C:\Program Files (x86)\Golden Al-Wafi Translator2014-12-29 01:54 - 2014-11-03 00:53 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-12-29 01:54 - 2014-11-02 00:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-12-27 01:35 - 2014-11-01 14:13 - 00000000 ____D () C:\swsetup2014-12-27 01:21 - 2009-07-14 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-12-27 00:54 - 2009-07-14 08:13 - 00785874 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-26 22:33 - 2013-05-22 17:44 - 00000000 ____D () D:\Users\Public\CyberLink2014-12-26 20:03 - 2014-02-11 19:58 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3353856634-2765868531-2667151896-1038Core.job2014-12-26 15:06 - 2013-12-31 23:11 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\DMCache2014-12-26 14:37 - 2014-01-01 04:49 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Dropbox2014-12-26 13:34 - 2013-12-21 16:41 - 00000000 ____D () C:\Program Files (x86)\EaseUS2014-12-26 12:57 - 2014-11-09 12:47 - 00000236 _____ () D:\Users\Mohammad\Desktop\Installing programs.txt2014-12-26 07:21 - 2013-05-27 06:00 - 00000000 ___RD () D:\Users\Aeidh\Dropbox2014-12-25 23:38 - 2009-07-14 08:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-12-24 22:40 - 2014-11-22 04:58 - 00000000 ____D () D:\Users\Mohammad\Desktop\Service, Compnies2014-12-24 04:52 - 2013-11-03 16:25 - 00000000 ____D () D:\Users\Mohammad\Documents\Outlook Files2014-12-24 04:12 - 2014-11-01 11:56 - 00000000 ____D () D:\Users\Mohammad\Desktop\Laptop Brands2014-12-24 02:58 - 2014-11-01 12:48 - 00000000 ____D () C:\Windows\Hewlett-Packard2014-12-20 23:12 - 2014-10-27 15:34 - 00000000 ____D () D:\Users\Mohammad\Desktop\System Software2014-12-19 01:43 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache2014-12-19 00:09 - 2014-01-01 00:24 - 00001011 _____ () D:\Users\Mohammad\Desktop\Dropbox.lnk2014-12-19 00:09 - 2014-01-01 00:21 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-12-18 00:06 - 2013-05-13 03:22 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-12-17 07:12 - 2014-05-09 00:44 - 00000000 ____D () C:\Windows\AutoKMS2014-12-17 01:55 - 2014-11-07 14:13 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Screenshot Studio2014-12-14 07:51 - 2014-05-04 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-12-14 07:51 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat2014-12-14 00:09 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-12-13 08:21 - 2013-08-25 01:44 - 00000000 ____D () C:\Windows\system32\MRT2014-12-13 08:15 - 2013-05-23 23:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-12-13 05:47 - 2013-08-23 08:32 - 00002063 _____ () D:\Users\Public\Desktop\Google Chrome.lnk2014-12-11 05:46 - 2014-11-08 16:08 - 00000000 ____D () D:\Users\Mohammad\Desktop\Application Software2014-12-11 02:01 - 2014-04-12 17:44 - 00000424 _____ () D:\Users\Mohammad\Desktop\notes1.txt2014-12-10 12:51 - 2013-05-03 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-12-10 00:07 - 2013-05-03 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-12-08 13:33 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration2014-12-07 02:08 - 2014-06-07 00:24 - 00372736 _____ () D:\Users\Mohammad\Documents\Database1.accdb2014-12-07 01:50 - 2014-11-04 02:53 - 00000000 ____D () D:\Users\Mohammad\Desktop\HP Software2014-12-07 01:35 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Downloads\Compressed2014-12-07 00:20 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Downloads\Video2014-12-04 03:21 - 2014-04-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-04 03:21 - 2013-05-22 17:44 - 00000990 _____ () D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-01 16:09 - 2013-05-10 02:01 - 00000000 ____D () C:\Windows\pss2014-12-01 15:05 - 2013-05-27 06:22 - 00000000 ___RD () D:\Users\Lardhi\Dropbox2014-12-01 15:04 - 2014-05-27 01:02 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\DropboxMaster2014-12-01 15:04 - 2013-05-27 06:18 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\Dropbox2014-12-01 15:01 - 2014-03-07 05:46 - 00000000 ___RD () D:\Users\Lardhi\Virtual Machines2014-12-01 15:01 - 2013-05-23 01:59 - 00119104 _____ () D:\Users\Lardhi\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-01 14:53 - 2014-03-07 05:47 - 00000000 ___RD () D:\Users\Aeidh\Virtual Machines2014-12-01 14:52 - 2013-12-31 22:04 - 00119104 _____ () D:\Users\Aeidh\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-01 14:52 - 2013-12-31 22:04 - 00000258 __RSH () D:\Users\Aeidh\ntuser.pol2014-12-01 14:52 - 2013-12-31 22:04 - 00000000 ____D () D:\Users\AeidhSome content of TEMP:====================D:\Users\Lardhi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhtfwv.dllD:\Users\Mohammad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdnespa.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-12-26 00:52==================== End Of Log ============================I also scan my computer with that tool 'AdwCleaner, this is its log: (Yes, here are some elements can be chosen ot be deleted) # AdwCleaner v4.105 - Report created 23/12/2014 at 21:52:29# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\antivirus software\AdwCleaner\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : c2cautoupdatesvcService Found : c2cpnrsvc***** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefiKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [7824 octets] - [23/12/2014 21:52:29]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [7884 octets] ########### AdwCleaner v4.106 - Report created 30/12/2014 at 16:02:26# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15067 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [7582 octets] - [24/12/2014 04:20:44]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [15188 octets] ########## What next step should I proceed with?
  10. Thanks a lot, First: I didn't scan my computer with AdwCleaner while on Safe mode, however, while on normal mode. I only sacnned my computer with MBAM and Microsoft Essential Secuirty while on safe mode since I was advised to do that by a friend at an An arabic forum. Second: when Uninstalling the AdwCleaner and let it remove itself. Then restart the computer 2 times and run the following FRST scan.? What you mean with Run First scan. With what I scan? IF you meant with AdwCleaner, then I would be saying I did that before. What you mean with this Farbar Recovery Scan Tool? Is it another tool other than AdwCleaner? Must I scan my computer with Farbar Recovery Scan Tool or AdWCleaner? Finally: No need to scan the computer with MBAM?
  11. Hi, I am now writing you to inform that I'm still having a problem with detecting some things maybe not good, but they Malware suggested that these threats should be guarantied. According to my thread here https://forums.malwa...te-deleting-it/, which was closed due to inactivity from me. I sent private messages for that moderator closed my thread asking if you could open the mentioned thread again for further replies. However, I didn't receive any reply. Thus, I decided to open a new thread: Could anyone please at this splendid forum take some of their precious time out to go through my points below, and address these points to me? First of all: Two Registry Keys are only detected by Malwarebytes Anti-Malware. However, far too many other things were detected by AdwCleaner Thanks for MrCharlie who suggested those steps for me: Please download AdwCleaner by Xplode and save to your Desktop.•Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator•Click on the Scan button.•AdwCleaner will begin...be patient as the scan may take some time to complete.•When it's done you'll see: Pending: Please uncheck elements you don't want removed.•Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.•Look over the log especially under Files/Folders for any program you want to save.•If there's a program you may want to save, just unchecked it from AdwCleaner.•If you're not sure, post the log for review. (all items found are adware/spyware/foistware)•If you're ready to clean it all up.....click the Clean button.•After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.•Copy and paste the contents of that logfile in your next reply.•A copy of that logfile will also be saved in the C:\AdwCleaner folder.•Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine•To restore an item that has been deleted:•Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.These are my details:: I followed these steps: Firstly: I downloaded the AdwCleaner v4.105, scanned my computer with adwcleaner. When it's done I saw : 'Pending: Please uncheck elements you don't want removed, and this the report of its results below: # AdwCleaner v4.105 - Report created 23/12/2014 at 21:52:29# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\antivirus software\AdwCleaner\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : c2cautoupdatesvcService Found : c2cpnrsvc***** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefiKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [7824 octets] - [23/12/2014 21:52:29]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [7884 octets] ##########NB: I didn't take any actions, and I closed the tool of Adwcleaner. Secondly: I have run my Windows 7 in Safe mode with enabling Network. Thirdly: I scanned my computer with Malwarebytes Anti-Malware with a custom scan(full scanning with enabling the 'scan Rootkit').(It lasted about 3 hours). Then, it showed me only these two registry keys below:: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/23/14Scan Time: 10:47:45 PMLogfile: After full scanning with enabling the Rekit.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.12.23.07Rootkit Database: v2014.12.23.02License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MohammadScan Type: Custom ScanResult: CompletedObjects Scanned: 627506Time Elapsed: 3 hr, 0 min, 31 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.7Go.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gjajpkikblccgefaibcafkfbanllpefi, , [1a2a1056d3a9e353f8cca7b34eb528d8], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [54f0a8be2b51be7842ef085592718e72], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)Fourthly: I have taken taken the action of quarantining all potential threats detected, although MlawarBytes informed me that there were Non Malware. And restarted my PC. Fifthly: While in the safe mode, I have also run the Microsoft security Essential simultaneously with Malware in Safe mode, however, it didn't detect anything. Sixthly: When I restarted my computer to complete quarantining the threats, the file of taken actions was saved somewhere, but I didn't find it on Desktop. Finally: When I got to Windows, I decided to scan the computer again with Adwcleaner, however, I was promoted there was a new version of Adwcleaner, I downloaded the latest version of Adwcleaner_4.106 , and I scanned my computer with it again. When it's done I saw : 'Pending: Please uncheck elements you don't want removed, and this the report of its results below. However, this time, AdwCleaner didn't find any Services, and these are results:: # AdwCleaner v4.106 - Report created 24/12/2014 at 04:20:44# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [8028 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [7386 octets] - [24/12/2014 04:20:44]########## EOF - D:\AdwCleaner\AdwCleaner[R1].txt - [7446 octets] ##########Moreover, only one time and before scanning my computer nor with Malwarebytes Anti-Malware, or AdwCleaner, this error faced me once my Windows got started. My questions are: firstly: Where was the file of taken actions by MalwareAnti Bytes saved? Secondly: According to the results above, Why did Malwarebytes Anti-Malware only detect 'two registry keys', however, Adwcleaner_4.105 and even Adwcleaner_4.106 still detected more other files maybe infected even after all threats detected by Malwarebytes Anti-Malware were qurantined? Does this mean that I should rely on Malwarebytes Anti-Malware ? Thirdly: Why did Adwcleaner_4.106.105 find services infected in the first time, however, it didn't find them in the next time, although I didn't take any action with Adwcleaner_4.106 ? Fourthly: Could you please let if I can delete all qurantined threats, although that Malware informed that there were not threates when qurantined? Sixthly: Although there are no infected services found by Adwcleaner_4.106, however, there are still more other threats detected. So, What should I do with the other results detected by Adwcleaner_4.106 ? Finally: For my cousity only: I was having the standalone file of adwcleaner_4.105, however, when I run it again I was promoted that this is out of date, and I directed to download adwcleaner_4.106. However, once the adwcleaner_4.106 was downloaded and run, I found the adwcleaner_4.105 was removed, although it was saved in antoher location other the location where adwcleaner_4.106 was saved. Why? Then, I would not be able to save the stanalone program of adwcleaner at all?????
  12. Hello everyone. I have a MalwarButes AntiMalwar registered and up to date. I booted to safe mode with enbleing netwring, then run full scan of my OS partition, and the other partition, I found a threat. After that, I let MalwarBytes deleted all threats. Next, I restart my computer. After about three days while using internet, I have also scanned my OS partition and the other partition. I found the same threat detected again, although it was removed in the fist scan. Is the same threat possible to be gained again from browsing the internet? OR IS IT AUTOMATICALLY REINSTALLED ITSELF WHEN ACCESSING THE INTERNET???? This is the threat detected: Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B} (PUP.Optional.BestToolbars) Threat sounds as though it is a toolbar. However, I really don't see any newly strange toolbar in all my browsers. Note: I have not installed any program since the previous scan, except I browse the internet Besides, the Norton Internet Security didn't detect anything at all in all scans What is the problem? Any comments would be highly appreciated.
  13. Could you please reply me to close this issue? What is the matter?
  14. But why it is not reachable, despite internet access? . I have Norton Internet Security and it is up to date. So, I think that my computer is not infected. Also, what do you meant with pinging any of those sites from a friends computer