Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
Ran by mahmoud (administrator) on MAHMOUD-PC (07-07-2016 05:36:31)
Running from C:\Users\mahmoud\Desktop
Loaded Profiles: mahmoud (Available Profiles: mahmoud)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [BingSvc] => C:\Users\mahmoud\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Updates] => D:\Updates.exe
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Backup] => D:\Backup.exe
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: I - I:\AutoRun.exe
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {23c08915-3536-11e4-bb99-00241db3bfdf} - I:\AutoRun.exe
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {23c08924-3536-11e4-bb99-00241db3bfdf} - H:\AutoRun.exe
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {67b6eed7-3538-11e4-8044-00241db3bfdf} - I:\AutoRun.exe
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2015-06-06]
ShortcutTarget: rvlkl.lnk -> C:\ProgramData\rvlkl\rvlkl.exe (Logixoft)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{87B743D1-8DE3-4DB0-84D2-DA01EDCED2D1}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{BE3FE845-247D-4EED-B466-92D5A9EFD2F9}: [NameServer] 213.131.65.20 213.131.66.246
Tcpip\..\Interfaces\{EC970D08-6561-4F14-995C-AD0B405A2BDB}: [NameServer]
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms}
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421685461&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms}
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=dspp&ts=1421685461&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {22CAB4EA-F03B-4770-8647-6F1A1FB30DF3} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1451377036&z=d97620abd9f27ef7e67891egbz2w1g4c3m5mae2c4c&from=wpm12253&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {B95D85AF-32A6-47A6-AC8A-09206679C13C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-08-14] (Adobe Systems Incorporated)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll => No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-18] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
FireFox:
========
FF ProfilePath: C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-08-14] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yoursites123.xml [2015-12-29]
FF Extension: rainalarmmdienerde - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\rain-alarm@mdiener.de [2015-01-24] [not signed]
FF Extension: FF Toolbar - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\fftoolbar2014@etech.com [2015-01-24] [not signed]
FF Extension: disco games - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\63zEXSF@gmail.com [2015-04-09] [not signed]
FF Extension: jid0c1av474BVPIHcGJfBp3GkhlhAa4jetpack - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack [2015-04-09] [not signed]
FF Extension: Search Enginer - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\sweetsearch@gmail.com [2015-05-20] [not signed]
FF Extension: Default NewTab - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\default_newtabff@gmail.com [2015-08-27] [not signed]
FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\deskCutv2@gmail.com [2016-05-01] [not signed]
FF Extension: Default SearchProtected - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\defsearchp@gmail.com.xpi [2016-02-21] [not signed]
FF Extension: YahooToolsProtected - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\yahooprotected@gmail.com.xpi [2016-02-21] [not signed]
FF Extension: Bing Search - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\Extensions\bingsearch.full@microsoft.com [2015-04-20] [not signed]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\quick_searchff@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\sweetsearch@gmail.com
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\defsearchp@gmail.com => not found
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\deskCutv2@gmail.com
FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\yahooprotected@gmail.com => not found
FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5 [2016-07-07] [not signed]
FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1451377036&z=d97620abd9f27ef7e67891egbz2w1g4c3m5mae2c4c&from=wpm12253&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
Chrome:
=======
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=ar-xl
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.eg/"
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-20]
CHR Extension: (Google Docs) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-20]
CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-20]
CHR Extension: (YouTube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-20]
CHR Extension: (Google Search) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]
CHR Extension: (Google Sheets) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-20]
CHR Extension: (EditThisCookie) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-06-10]
CHR Extension: (Cookie Monster) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfiffgdeofcbmemekinaajmenfgenplh [2015-06-10]
CHR Extension: (Skype Click to Call) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Hola Better Internet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcmfkkjmkcfgelgdpndepmimbmkbpfp [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (عروض Google التقديمية) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-03]
CHR Extension: (محرّر مستندات Google) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-03]
CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (Youtube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (Bing) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-07-03]
CHR Extension: (جداول بيانات Google ) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-03]
CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-03]
CHR Extension: (Skype) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-07-03]
CHR Extension: (IDM Integration Module) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-18]
CHR HKU\S-1-5-21-453311672-2777936180-2027923614-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] () [File not signed]
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 IhPul; C:\Users\mahmoud\AppData\Roaming\TSv\TSvr.exe [377064 2016-05-12] (tsvr.com)
S2 Mobinil USB Modem. RunOuc; C:\Program Files\Mobinil USB Modem\UpdateDog\ouc.exe [655712 2012-05-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 PicexaService; C:\Program Files\Picexa\PicexaSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-07 05:36 - 2016-07-07 05:36 - 00020865 _____ C:\Users\mahmoud\Desktop\FRST.txt
2016-07-07 05:36 - 2016-07-07 05:36 - 00000000 ____D C:\FRST
2016-07-07 05:36 - 2016-07-07 05:35 - 01740288 _____ (Farbar) C:\Users\mahmoud\Desktop\FRST.exe
2016-07-07 05:34 - 2016-07-07 05:35 - 01740288 _____ (Farbar) C:\Users\mahmoud\Downloads\FRST.exe
2016-07-07 05:28 - 2016-07-07 05:28 - 00144520 _____ C:\Windows\Minidump\070716-25287-01.dmp
2016-07-06 07:16 - 2016-07-06 07:16 - 00144512 _____ C:\Windows\Minidump\070616-25396-01.dmp
2016-07-06 07:14 - 2016-07-06 07:15 - 00144512 _____ C:\Windows\Minidump\070616-27424-01.dmp
2016-07-06 07:12 - 2016-07-06 07:12 - 00144512 _____ C:\Windows\Minidump\070616-28158-01.dmp
2016-07-06 04:30 - 2016-07-06 04:30 - 00144512 _____ C:\Windows\Minidump\070616-25599-02.dmp
2016-07-06 04:26 - 2016-07-06 04:26 - 00144520 _____ C:\Windows\Minidump\070616-25740-01.dmp
2016-07-06 04:21 - 2016-07-06 04:21 - 00144512 _____ C:\Windows\Minidump\070616-25584-01.dmp
2016-07-06 03:22 - 2016-07-06 03:22 - 00144512 _____ C:\Windows\Minidump\070616-25162-01.dmp
2016-07-05 18:55 - 2016-07-05 18:55 - 00144520 _____ C:\Windows\Minidump\070516-25864-01.dmp
2016-07-05 18:53 - 2016-07-05 18:53 - 00144512 _____ C:\Windows\Minidump\070516-30435-01.dmp
2016-07-05 14:31 - 2016-07-05 14:31 - 00144512 _____ C:\Windows\Minidump\070516-28454-01.dmp
2016-07-05 13:49 - 2016-07-05 13:49 - 00144512 _____ C:\Windows\Minidump\070516-25552-01.dmp
2016-07-04 18:48 - 2016-07-05 01:48 - 00000000 ____D C:\Users\mahmoud\Doctor Web
2016-07-04 18:48 - 2016-07-04 18:33 - 136156208 _____ C:\Users\mahmoud\Desktop\ifi0mcn2.exe
2016-07-04 17:52 - 2016-07-04 17:52 - 00000000 ____D C:\Users\mahmoud\AppData\Local\ElevatedDiagnostics
2016-07-04 17:50 - 2016-07-04 17:50 - 00144520 _____ C:\Windows\Minidump\070416-16146-01.dmp
2016-07-04 14:06 - 2016-07-04 14:06 - 00144512 _____ C:\Windows\Minidump\070416-16302-01.dmp
2016-07-04 14:04 - 2016-07-04 14:04 - 00144512 _____ C:\Windows\Minidump\070416-20779-01.dmp
2016-07-04 13:32 - 2016-07-04 13:32 - 00144512 _____ C:\Windows\Minidump\070416-19500-01.dmp
2016-07-04 13:29 - 2016-07-04 13:30 - 00144512 _____ C:\Windows\Minidump\070416-19999-01.dmp
2016-07-04 13:27 - 2016-07-04 13:27 - 00144512 _____ C:\Windows\Minidump\070416-19297-01.dmp
2016-07-04 13:25 - 2016-07-04 13:25 - 00144512 _____ C:\Windows\Minidump\070416-19624-01.dmp
2016-07-04 13:23 - 2016-07-04 13:23 - 00144512 _____ C:\Windows\Minidump\070416-20077-01.dmp
2016-07-03 23:20 - 2016-07-03 23:21 - 00144512 _____ C:\Windows\Minidump\070316-15990-01.dmp
2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 ____H C:\Users\mahmoud\AppData\Local\BIT51AA.tmp
2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 _____ C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F}
2016-07-03 05:34 - 2016-07-03 05:34 - 00144512 _____ C:\Windows\Minidump\070316-16411-01.dmp
2016-07-03 03:09 - 2016-07-03 03:09 - 00000338 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-07-03 03:04 - 2016-07-03 03:04 - 00144512 _____ C:\Windows\Minidump\070316-16988-01.dmp
2016-07-03 03:00 - 2016-07-07 05:28 - 00000000 ____D C:\Windows\Minidump
2016-07-03 03:00 - 2016-07-03 03:01 - 00144512 _____ C:\Windows\Minidump\070316-16832-01.dmp
2016-07-02 07:50 - 2016-07-07 05:28 - 01091244 _____ C:\Windows\ntbtlog.txt
2016-06-07 16:20 - 2016-06-07 16:20 - 00000000 __SHD C:\found.000
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-07 05:27 - 2016-05-12 13:53 - 00000001 _____ C:\Windows\system32\eg.html
2016-07-07 05:26 - 2015-04-09 15:28 - 00001310 _____ C:\Windows\Tasks\disco_games_notification_service.job
2016-07-07 05:26 - 2015-04-09 15:28 - 00000672 _____ C:\Windows\Tasks\disco_games_updating_service.job
2016-07-07 05:26 - 2015-01-05 16:37 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 05:26 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-05 13:46 - 2014-09-05 22:53 - 00000000 ____D C:\Users\mahmoud
2016-07-05 11:49 - 2016-05-12 20:52 - 00000000 ____D C:\Program Files\WinZipper
2016-07-05 11:49 - 2014-09-05 23:04 - 00000000 ____D C:\Program Files\WinRAR
2016-07-05 02:00 - 2016-05-12 20:50 - 00000000 ____D C:\Windows\system32\_tWm
2016-07-05 02:00 - 2015-10-26 23:33 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\istartsurf
2016-07-05 01:52 - 2015-12-29 11:17 - 00000000 ____D C:\ProgramData\8WdM8
2016-07-05 01:52 - 2015-12-15 02:42 - 00000000 ____D C:\ProgramData\lWdMl
2016-07-05 01:52 - 2015-12-15 02:41 - 00000000 ____D C:\ProgramData\ZWdMZ
2016-07-05 01:52 - 2015-07-10 02:42 - 00000000 ____D C:\Program Files\RelevantKnowledge
2016-07-05 01:52 - 2015-04-09 15:28 - 00000000 ____D C:\Program Files\disco games
2016-07-05 01:52 - 2014-09-07 03:21 - 00000000 ____D C:\Program Files\Subway Surfers
2016-07-05 01:51 - 2015-09-25 00:04 - 00000000 ____D C:\Program Files\LINE
2016-07-05 01:51 - 2015-07-07 12:27 - 00000000 ____D C:\Program Files\Internet Download Manager
2016-07-05 01:51 - 2015-01-19 19:35 - 00000000 ____D C:\Program Files\LuckyTab
2016-07-05 01:51 - 2014-09-05 22:55 - 00000000 ____D C:\Program Files\Mobinil USB Modem
2016-07-05 01:49 - 2015-12-15 02:42 - 00000000 ____D C:\Program Files\SFK
2016-07-04 17:54 - 2015-01-05 15:57 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\DMCache
2016-07-04 17:48 - 2016-05-12 20:52 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\WinZiper
2016-07-04 17:48 - 2015-04-11 00:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2016-07-04 14:11 - 2010-11-21 00:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-04 14:11 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2016-07-02 07:53 - 2015-04-20 20:09 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\Skype
2016-06-17 11:42 - 2015-01-05 16:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-17 09:12 - 2009-07-14 07:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-17 09:03 - 2015-01-05 16:37 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 16:31 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-07 16:31 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
==================== Files in the root of some directories =======
2015-09-03 11:42 - 2015-09-03 11:42 - 0000000 _____ () C:\Program Files\GUT8585.tmp
2015-12-29 11:15 - 2016-05-12 20:50 - 1449600 ____N (Update) C:\Program Files\SSFK.exe
2015-09-20 09:17 - 2015-09-20 09:17 - 0033134 _____ () C:\Users\mahmoud\AppData\Roaming\UserTile.png
2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 ____H () C:\Users\mahmoud\AppData\Local\BIT51AA.tmp
2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 _____ () C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F}
2015-10-26 23:33 - 2015-12-29 11:17 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\mahmoud\LineInst.exe
Some files in TEMP:
====================
C:\Users\mahmoud\AppData\Local\Temp\A4D7.exe
C:\Users\mahmoud\AppData\Local\Temp\BingSvc.exe
C:\Users\mahmoud\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\mahmoud\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\mahmoud\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\mahmoud\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\mahmoud\AppData\Local\Temp\{A5606348-75EB-43EF-8344-C1A3ED73BF34}-46.0.2490.86_chrome_installer.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-07 16:50
==================== End of FRST.txt ============================