ComboFix 15-10-23.01 - Mahmoud 10/23/2015  20:15:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1256.20.1033.18.6092.3879 [GMT 3:00]
Running from: g:\programs\ComboFix.exe
AV: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: ESET NOD32 Antivirus 9.0.318.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
c:\program files (x86)\OApps
c:\programdata\Download keeEper
c:\programdata\savenshareo
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\5193685d9a0bb.tlb
c:\programdata\SearchNewTab\51937497754be.tlb
c:\programdata\SearchNewTab\51b363cd4b9be.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\ssavEnshhare
c:\programdata\ssavEnshhare\51fc0d4fd96a5.tlb
c:\programdata\ssavEnshhare\data\ssaVenshhaRE .dat
c:\programdata\ssavEnshhare\settings.ini
c:\programdata\ssavEnshhare\uninstall.exe
c:\programdata\Weeekapp
c:\programdata\Weeekapp\51fc0de196a43.tlb
c:\programdata\Weeekapp\data\Weeekapp.dat
c:\programdata\Weeekapp\settings.ini
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\background.html
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\content.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\eXvLM6B.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\lsdb.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\manifest.json
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgndcahbmcdgmoplhiccmnhekkobdcj\1.6\sqlite.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\background.html
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\content.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\dnSaj0.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\lsdb.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\manifest.json
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicbgjjokgjokaflgabeimbkonooip\5.10\sqlite.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\background.html
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\content.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\k70sSOajo.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\lsdb.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\manifest.json
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnceockmknkblljanfndejiefakhdmg\5.10\sqlite.js
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\001151.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\001153.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\001164.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\001171.log
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\CURRENT
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\LOCK
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\LOG
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\LOG.old
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khgndcahbmcdgmoplhiccmnhekkobdcj\MANIFEST-001170
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\001477.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\001497.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\001510.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\001513.log
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\CURRENT
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\LOCK
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\LOG
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\LOG.old
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkicbgjjokgjokaflgabeimbkonooip\MANIFEST-001512
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\001477.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\001497.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\001510.ldb
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\001513.log
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\CURRENT
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\LOCK
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\LOG
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\LOG.old
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnnceockmknkblljanfndejiefakhdmg\MANIFEST-001512
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khgndcahbmcdgmoplhiccmnhekkobdcj_0.localstorage-journal
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khgndcahbmcdgmoplhiccmnhekkobdcj_0.localstorage
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mhkicbgjjokgjokaflgabeimbkonooip_0.localstorage-journal
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mhkicbgjjokgjokaflgabeimbkonooip_0.localstorage
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnnceockmknkblljanfndejiefakhdmg_0.localstorage-journal
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnnceockmknkblljanfndejiefakhdmg_0.localstorage
c:\users\Afa2eef\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Afa2eef\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2D87776D-EC44-430D-B649-6CCD75A18F42}.xps
c:\users\Mahmoud\AppData\Roaming\337
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\gamelogin.exe
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\gl.db
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_bk_wnd.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_close.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_hide.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_max.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_min.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_restore.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\game_system.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\menu_bg.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\menu_item_over.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\pic-error.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\pic-info.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\pic-question.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\pic-warning.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\popup_dialog_bk.bmp
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\cmn\prepare.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\resource.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\image\default\torntv\app_icon_en_us.png
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\en_us\game_login.ini
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\es_es\game_login.ini
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\protocol.txt
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\pt_br\game_login.ini
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\tr_tr\game_login.ini
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\language\zh_tw\game_login.ini
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\layout\default\game.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\layout\default\game_login_torntv_all.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\layout\default\msgbox.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\layout\default\newwindow.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\main
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\style\style.xml
c:\users\Mahmoud\AppData\Roaming\337\youtv_dsk\TrayDownloader.exe
c:\users\Mahmoud\AppData\Roaming\Desktopicon
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\579sba62zbqt@yoehlmgvvlfr.net
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\579sba62zbqt@yoehlmgvvlfr.net\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\579sba62zbqt@yoehlmgvvlfr.net\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\579sba62zbqt@yoehlmgvvlfr.net\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\8crgxgdc@wzrgee.org
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\8crgxgdc@wzrgee.org\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\8crgxgdc@wzrgee.org\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\8crgxgdc@wzrgee.org\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auaeea@axvt.org
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auaeea@axvt.org\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auaeea@axvt.org\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auaeea@axvt.org\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auuaaobxw@s-a.org
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auuaaobxw@s-a.org\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auuaaobxw@s-a.org\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auuaaobxw@s-a.org\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\dqqiuau-1d@e-souexwff.net
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\dqqiuau-1d@e-souexwff.net\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\dqqiuau-1d@e-souexwff.net\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\dqqiuau-1d@e-souexwff.net\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ftj-ehdrw@d-bbeoj.com
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ftj-ehdrw@d-bbeoj.com\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ftj-ehdrw@d-bbeoj.com\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ftj-ehdrw@d-bbeoj.com\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk\content\zy.xul
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\k_ya3uyo@ntuu-aiixt.net
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\k_ya3uyo@ntuu-aiixt.net\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\k_ya3uyo@ntuu-aiixt.net\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\k_ya3uyo@ntuu-aiixt.net\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\mn1zp@axivettslt.com
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\mn1zp@axivettslt.com\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\mn1zp@axivettslt.com\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\mn1zp@axivettslt.com\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\oyulf@zjqe.co.uk
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\oyulf@zjqe.co.uk\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\oyulf@zjqe.co.uk\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\oyulf@zjqe.co.uk\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ue2iu19x@rbjk-yfuu.com
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ue2iu19x@rbjk-yfuu.com\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ue2iu19x@rbjk-yfuu.com\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ue2iu19x@rbjk-yfuu.com\install.rdf
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\yimrz@oeaegaqk.org
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\yimrz@oeaegaqk.org\bootstrap.js
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\yimrz@oeaegaqk.org\chrome.manifest
c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\yimrz@oeaegaqk.org\install.rdf
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\TBD2414.tmp
c:\windows\SysWow64\TBD2492.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-23 to 2015-10-23  )))))))))))))))))))))))))))))))
.
.
2015-10-23 17:51 . 2015-10-23 17:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-10-23 17:51 . 2015-10-23 17:51	--------	d-----w-	c:\users\Afa2eef\AppData\Local\temp
2015-10-23 17:15 . 2015-10-23 17:15	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{26112AAB-0160-440A-9927-0F79E37F0A83}\offreg.2008.dll
2015-10-23 12:53 . 2015-10-23 12:54	--------	d-----w-	c:\users\Mahmoud\AppData\Roaming\ZHP
2015-10-23 05:22 . 2011-05-06 06:01	1658368	----a-w-	c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-09 01:05 . 2015-09-09 01:05	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{26112AAB-0160-440A-9927-0F79E37F0A83}\offreg.5616.dll
2015-08-25 21:19 . 2015-08-25 21:19	778440	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-25 21:19 . 2011-07-16 12:41	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-20 01:18 . 2015-09-09 00:58	11745192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{26112AAB-0160-440A-9927-0F79E37F0A83}\mpengine.dll
2015-07-30 09:41 . 2015-07-30 09:41	170792	----a-w-	c:\windows\system32\drivers\epfwwfpr.sys
2015-07-30 09:41 . 2012-03-14 06:40	264040	----a-w-	c:\windows\system32\drivers\eamonm.sys
2015-07-30 09:41 . 2012-03-14 06:40	186784	----a-w-	c:\windows\system32\drivers\ehdrv.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"googletalk"="c:\users\Mahmoud\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\users\Afa2eef\Downloads\uTorrent-3.3.exe" [2013-01-19 1077584]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Dropbox Update"="c:\users\Mahmoud\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-08-31 136048]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" [2012-11-08 3372720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2013-05-14 198160]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
"BrowserPlugInHelper"="c:\program files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe" [2013-09-04 1966992]
"DelaypluginInstall"="c:\programdata\Wondershare\Player\DelayPluginI.exe" [2013-09-28 1960008]
"Skype"="c:\programdata\Skype\Skype.vbs" [2012-09-18 103]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\users\Mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
bm.lnk - c:\users\Mahmoud\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [2013-7-2 74118]
Dropbox.lnk - c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-8-31 36711472]
GameRanger.lnk - c:\users\Mahmoud\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [2015-1-22 1792664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-6-17 1333024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120308.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120308.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VmbService;ÎÏãÉ Vodafone Mobile Broadband;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-16 20:06	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-25 21:19]
.
2015-10-23 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1000Core.job
- c:\users\Mahmoud\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-31 16:46]
.
2015-10-23 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1000UA.job
- c:\users\Mahmoud\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-31 16:46]
.
2015-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1000Core.job
- c:\users\Mahmoud\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-15 23:42]
.
2015-10-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1000UA.job
- c:\users\Mahmoud\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-15 23:42]
.
2015-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1004Core.job
- c:\users\Afa2eef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-20 00:11]
.
2015-10-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1928098380-3744966502-37342962-1004UA.job
- c:\users\Afa2eef\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-20 00:11]
.
2015-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 07:53]
.
2015-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 07:53]
.
2015-10-21 c:\windows\Tasks\HPCeeScheduleForMahmoud.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	232712	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	232712	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	232712	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	232712	----a-w-	c:\users\Mahmoud\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02	25112	----a-w-	c:\program files (x86)\IDM615\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1382357413&from=wpc&uid=HitachiXHTS547564A9E384_J2130053H1MH8AH1MH8AX
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\users\Mahmoud\Downloads\FlashGet 1.81_Full_Tr_Portable\FlashGet 1.81 Portable\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\users\Mahmoud\Downloads\FlashGet 1.81_Full_Tr_Portable\FlashGet 1.81 Portable\FlashGet\jc_link.htm
IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\IDM615\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\IDM615\IEExt.htm
Trusted Zone: com\*.Wondershare
Trusted Zone: eset.com\help
TCP: Interfaces\{7AEDA1B9-1059-472C-B03E-9A18F3995161}: NameServer = 62.240.110.197 62.240.110.198
TCP: Interfaces\{8A2EA6C5-CE87-4F34-9666-34D0C50E356B}: NameServer = 62.240.110.197 62.240.110.198
FF - ProfilePath - c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchiseasy.info/?pid=298&r=2013/08/28&hid=1373912961250097813&lg=EN&cc=EG&unqvl=33&l=1&q=
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; i3d4ay@xbxk-.co.uk; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\i3d4ay@xbxk-.co.uk
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; mn1zp@axivettslt.com; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\mn1zp@axivettslt.com
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; auuaaobxw@s-a.org; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auuaaobxw@s-a.org
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; auaeea@axvt.org; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\auaeea@axvt.org
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; 8crgxgdc@wzrgee.org; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\8crgxgdc@wzrgee.org
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; yimrz@oeaegaqk.org; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\yimrz@oeaegaqk.org
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; 579sba62zbqt@yoehlmgvvlfr.net; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\579sba62zbqt@yoehlmgvvlfr.net
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; ftj-ehdrw@d-bbeoj.com; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ftj-ehdrw@d-bbeoj.com
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; k_ya3uyo@ntuu-aiixt.net; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\k_ya3uyo@ntuu-aiixt.net
FF - ExtSQL: !HIDDEN! 2013-10-14 10:58; ue2iu19x@rbjk-yfuu.com; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\ue2iu19x@rbjk-yfuu.com
FF - ExtSQL: !HIDDEN! 2013-10-26 14:42; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF - ExtSQL: !HIDDEN! 2014-03-28 15:36; quick_start@gmail.com; c:\users\Mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\m9y1z992.default\extensions\quick_start@gmail.com
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 0c2e2ef90000000000009439e55db228
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15861
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.510:17
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119291&tt=gc_
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0C2E9439E55DB228&affID=128235&tsp=5276
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0C2E9439E55DB228&affID=128235&tsp=5276
FF - user.js: extensions.buenosearch.id - 0c2e2ef90000000000009439e55db228
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16233
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.70:06
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - ar
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-GameTracker - c:\program files (x86)\GameTracker\GTLite.exe
Wow6432Node-HKCU-Run-RatioFaker - c:\program files (x86)\Ratio Faker\RatioFaker.exe
Wow6432Node-HKCU-Run-Viber - c:\users\Mahmoud\AppData\Local\Viber\Viber.exe
Wow6432Node-HKCU-Run-VoipBuster - c:\program files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
Wow6432Node-HKCU-Run-IDMan - c:\program files (x86)\IDM615\IDMan.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Wow6432Node-HKLM-Run-HDD Regenerator - c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
Wow6432Node-HKLM-Run-Yahoo Messenger - (no file)
Wow6432Node-HKLM-Run-CSV To vCard VCF Converter Software.exe - (no file)
c:\users\Mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Mahmoud\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
AddRemove-FinalAlert - c:\program files (x86)\FinalAlert\SMUninstall.exe
AddRemove-Need For Speed.Most Wanted 2012.Limited Edition.~A175A0FD_is1 - e:\need for speed.most wanted 2012.limited edition.v 1.1.0.0 + 3 dlc\Uninstall\unins000.exe
AddRemove-Wubi - j:\ubuntu\uninstall-wubi.exe
AddRemove-{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1 - g:\call of duty black ops 2\unins000.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c4,
   03,92,bb,e5,07,ba,95,b8,17,8f,6a,fc,db
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f3,48,
   76,91,39,e1,02,b1,ed,b6,22,8c,45,40,14
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,3b,1b,7e,97,8b,
   9e,b3,bf,a7,06,bc,2f,a6,82,b3,f2,78,43
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,2b,
   8b,3d,1f,d9,0f,91,cf,13,24,75,4c,22,de
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,4f,
   31,c9,08,03,03,b7,a0,8d,e9,64,6a,03,89
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,1e,
   e4,65,9f,48,0b,a0,38,d4,a9,2a,92,14,1b
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f1,
   a6,5a,91,b6,54,a3,ee,42,e0,ca,4e,f4,17
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,dc,52,
   2b,5e,e7,a3,0e,97,73,0e,49,17,25,d3,d2
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,3b,1b,16,5c,2d,
   34,7a,f9,d3,02,80,9e,7b,e8,ba,0a,3f,ef
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,3b,1b,9e,69,4d,
   ea,d0,d2,6a,02,8f,54,0a,5b,ab,7c,4c,a2
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,36,
   56,81,3a,1c,02,8f,f6,bf,9b,06,71,38,6d
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,93,
   83,12,17,bb,0c,86,d4,9e,c6,68,ac,3c,a4
"{4BB987E6-D7BA-500B-B774-1EE5D6E782A6}"=hex:51,66,7a,6c,4c,1d,3b,1b,f6,98,a2,
   50,85,84,6d,15,a8,77,5c,a5,d5,a3,c3,be
"{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,a6,d0,3e,
   63,35,1a,0d,06,80,25,08,3b,5f,b8,40,b1
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,3b,1b,e1,e4,71,
   64,5a,b3,41,03,bd,fe,c3,43,65,72,3c,19
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*g*p*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ad01ab-7669-11e1-b78d-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28d7f5e3-ab82-11e2-8b92-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28d7f60e-ab82-11e2-8b92-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86febe28-10a8-11e2-997f-806e6f6e6963}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6e117fc-4af7-11e1-b620-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4c51dc-3d30-11e1-80c6-806e6f6e6963}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4c521b-3d30-11e1-80c6-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e578a515-a443-11e2-8c20-3859f9ebae72}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8490fbd-3b36-11e1-b1c7-806e6f6e6963}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000_Classes\Wow6432Node\CLSID\{5393838f-df3e-4f57-98cc-45c56fd60b1c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):00,a2,e2,83,78,42,e8,cf,a2,81,d4,b4,f0,da,d1,e7,42,6f,43,96,3d,
   fa,91,33,1c,4d,0c,c2,46,32,6a,83,d8,19,44,5e,c3,ac,ff,06,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,b0,84,ec,e2,f6,49,2c,0b,88,28,62,12,eb,3b,f5,ac,0b,3c,ec,3d,
   4e,c8,ed,ae,e5,5d,79,97,5c,47,c7,9c,70,d5,6f,0b,7e,e8,b4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1928098380-3744966502-37342962-1000_Classes\Wow6432Node\CLSID\{d339b54a-d0d4-4d61-a864-21bfe14a2ae5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000076
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-23  20:59:47
ComboFix-quarantined-files.txt  2015-10-23 17:59
.
Pre-Run: 1,698,213,888 bytes free
Post-Run: 12,804,575,232 bytes free
.
- - End Of File - - 0E3758FD0E246D4A09D2A53AB1C490D3