Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016 Ran by mahmoud (administrator) on MAHMOUD-PC (09-07-2016 06:03:18) Running from C:\Users\mahmoud\Desktop Loaded Profiles: mahmoud (Available Profiles: mahmoud) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (© 2015 Microsoft Corporation) C:\Users\mahmoud\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\ProgramData\Mobinil USB Modem\OnlineUpdate\ouc.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.) HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [BingSvc] => C:\Users\mahmoud\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation) HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.) HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Updates] => D:\Updates.exe HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Run: [Backup] => D:\Backup.exe HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: I - I:\AutoRun.exe HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {23c08915-3536-11e4-bb99-00241db3bfdf} - I:\AutoRun.exe HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {23c08924-3536-11e4-bb99-00241db3bfdf} - H:\AutoRun.exe HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\MountPoints2: {67b6eed7-3538-11e4-8044-00241db3bfdf} - I:\AutoRun.exe ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2016-07-07] ShortcutTarget: rvlkl.lnk -> C:\ProgramData\rvlkl\rvlkl.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{87B743D1-8DE3-4DB0-84D2-DA01EDCED2D1}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{BE3FE845-247D-4EED-B466-92D5A9EFD2F9}: [NameServer] 213.131.65.20 213.131.66.246 Tcpip\..\Interfaces\{EC970D08-6561-4F14-995C-AD0B405A2BDB}: [NameServer] Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1450136508&z=2c43d69df6395b8390052cfgdz2wee5g1cfq3wce6m&from=wpm07173&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601&q={searchTerms} SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-08-14] (Adobe Systems Incorporated) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll => No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-18] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation) Toolbar: HKU\S-1-5-21-453311672-2777936180-2027923614-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1421685398&from=exp&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601 FireFox: ======== FF ProfilePath: C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-18] (Oracle Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-08-14] (Adobe Systems Inc.) FF Extension: rainalarmmdienerde - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\rain-alarm@mdiener.de [2015-01-24] [not signed] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\fftoolbar2014@etech.com [not found] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\63zEXSF@gmail.com [not found] FF Extension: jid0c1av474BVPIHcGJfBp3GkhlhAa4jetpack - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\jid0-c1av474BVPIHcGJfBp3GkhlhAa4@jetpack [2015-04-09] [not signed] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\sweetsearch@gmail.com [not found] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\default_newtabff@gmail.com [not found] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\deskCutv2@gmail.com [not found] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\defsearchp@gmail.com.xpi [not found] FF Extension: No Name - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\yahooprotected@gmail.com.xpi [not found] FF Extension: Bing Search - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\Extensions\bingsearch.full@microsoft.com [2015-04-20] [not signed] FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\fftoolbar2014@etech.com => not found FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\quick_searchff@gmail.com => not found FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\sweetsearch@gmail.com => not found FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\defsearchp@gmail.com => not found FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\deskCutv2@gmail.com => not found FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\mahmoud\AppData\Roaming\Mozilla\Firefox\Profiles\itc732kg.default\extensions\yahooprotected@gmail.com => not found FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5 [2016-07-09] [not signed] FF HKU\S-1-5-21-453311672-2777936180-2027923614-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mahmoud\AppData\Roaming\IDM\idmmzcc5 StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1451377036&z=d97620abd9f27ef7e67891egbz2w1g4c3m5mae2c4c&from=wpm12253&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2390860108601 FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION Chrome: ======= CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=ar-xl CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.eg/" CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Profile 2 -> bing.com CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-20] CHR Extension: (Google Docs) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-20] CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-20] CHR Extension: (YouTube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-20] CHR Extension: (Google Search) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20] CHR Extension: (Google Sheets) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-20] CHR Extension: (EditThisCookie) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-06-10] CHR Extension: (Cookie Monster) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfiffgdeofcbmemekinaajmenfgenplh [2015-06-10] CHR Extension: (Skype Click to Call) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19] CHR Extension: (Hola Better Internet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcmfkkjmkcfgelgdpndepmimbmkbpfp [2015-06-10] CHR Extension: (Google Wallet) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16] CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20] CHR Profile: C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (عروض Google التقديمية) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-03] CHR Extension: (محرّر مستندات Google) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-03] CHR Extension: (Google Drive) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03] CHR Extension: (Youtube) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03] CHR Extension: (Bing) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-07-03] CHR Extension: (جداول بيانات Google ) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-03] CHR Extension: (مستندات Google في وضع عدم الاتصال) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-03] CHR Extension: (Skype) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-07-03] CHR Extension: (IDM Integration Module) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-07-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03] CHR Extension: (Gmail) - C:\Users\mahmoud\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-18] CHR HKU\S-1-5-21-453311672-2777936180-2027923614-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] () [File not signed] R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 Mobinil USB Modem. RunOuc; C:\Program Files\Mobinil USB Modem\UpdateDog\ouc.exe [655712 2012-05-18] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S2 IhPul; C:\Users\mahmoud\AppData\Roaming\TSv\TSvr.exe [X] S2 PicexaService; C:\Program Files\Picexa\PicexaSvc.exe [X] S2 qkseeService; C:\Program Files\qksee\qkseeSvc.exe [X] S2 SSFK; C:\Program Files\SFK\SSFK.exe -s [X] S2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.0.10766\WeatherService.exe [X] S2 WdMan; C:\ProgramData\8WdM8\WdMan.exe -svr [X] S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [X] <==== ATTENTION ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.) S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 {0875768f-f9b5-4c33-8b02-554d5f71df0e}Gw; system32\drivers\{0875768f-f9b5-4c33-8b02-554d5f71df0e}Gw.sys [X] S1 {120f96fd-0a02-4c35-845f-341894b68ecf}Gw; system32\drivers\{120f96fd-0a02-4c35-845f-341894b68ecf}Gw.sys [X] S1 {1f7001b5-3138-49aa-af1b-2761ce2486a5}Gw; system32\drivers\{1f7001b5-3138-49aa-af1b-2761ce2486a5}Gw.sys [X] S1 {264f3789-d47b-45fa-80bd-480362380c79}Gw; system32\drivers\{264f3789-d47b-45fa-80bd-480362380c79}Gw.sys [X] S1 {2c1d8860-89c9-450e-a117-95f496764507}Gw; system32\drivers\{2c1d8860-89c9-450e-a117-95f496764507}Gw.sys [X] S1 {2de8e01e-b955-44a2-aa24-6714414217a1}Gw; system32\drivers\{2de8e01e-b955-44a2-aa24-6714414217a1}Gw.sys [X] S1 {326e0409-6d74-43cf-a555-02a7d66ba8fc}Gw; system32\drivers\{326e0409-6d74-43cf-a555-02a7d66ba8fc}Gw.sys [X] S1 {3a20d1a9-f3e1-47c3-8b8a-a80b8cb188d2}Gw; system32\drivers\{3a20d1a9-f3e1-47c3-8b8a-a80b8cb188d2}Gw.sys [X] S1 {44f7b789-949a-4637-a1d7-794a4f2351a7}Gw; system32\drivers\{44f7b789-949a-4637-a1d7-794a4f2351a7}Gw.sys [X] S1 {4dcee693-8029-40a0-baf9-b51173f024d8}Gw; system32\drivers\{4dcee693-8029-40a0-baf9-b51173f024d8}Gw.sys [X] S1 {5ed000ad-96de-48d3-9cd7-f28c05fefd32}Gw; system32\drivers\{5ed000ad-96de-48d3-9cd7-f28c05fefd32}Gw.sys [X] S1 {67561ace-c443-4c39-9e16-07f6354b97f2}Gw; system32\drivers\{67561ace-c443-4c39-9e16-07f6354b97f2}Gw.sys [X] S1 {6e48ad4f-fdba-432d-909e-4ad154ef30a0}Gw; system32\drivers\{6e48ad4f-fdba-432d-909e-4ad154ef30a0}Gw.sys [X] S1 {6e48ad4f-fdba-432d-909e-4ad154ef30a0}w; system32\drivers\{6e48ad4f-fdba-432d-909e-4ad154ef30a0}w.sys [X] S1 {95eb2602-1542-41ad-a119-ac67b3286fc6}Gw; system32\drivers\{95eb2602-1542-41ad-a119-ac67b3286fc6}Gw.sys [X] S1 {aba4e778-dd25-4faa-b02e-0b39ca3812a0}Gw; system32\drivers\{aba4e778-dd25-4faa-b02e-0b39ca3812a0}Gw.sys [X] S1 {bdc6addf-3c72-484a-a614-9e470f5bfb74}Gw; system32\drivers\{bdc6addf-3c72-484a-a614-9e470f5bfb74}Gw.sys [X] S1 {cd4fba44-294f-4286-a789-c92e74ff113b}Gw; system32\drivers\{cd4fba44-294f-4286-a789-c92e74ff113b}Gw.sys [X] S1 {e24cda45-ac0f-47ba-91e6-e65fc71adfd8}Gw; system32\drivers\{e24cda45-ac0f-47ba-91e6-e65fc71adfd8}Gw.sys [X] S1 {e3d211dc-a320-41e3-882f-8a4778b6e0d1}Gw; system32\drivers\{e3d211dc-a320-41e3-882f-8a4778b6e0d1}Gw.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-09 06:03 - 2016-07-09 06:03 - 00021548 _____ C:\Users\mahmoud\Desktop\FRST.txt 2016-07-08 18:04 - 2016-07-08 18:04 - 00144512 _____ C:\Windows\Minidump\070816-25693-01.dmp 2016-07-08 18:03 - 2016-07-08 18:03 - 175270433 ____N C:\Windows\MEMORY.DMP 2016-07-08 16:11 - 2016-07-08 16:11 - 00144512 _____ C:\Windows\Minidump\070816-33821-01.dmp 2016-07-08 16:05 - 2016-07-08 16:05 - 00144512 _____ C:\Windows\Minidump\070816-31122-01.dmp 2016-07-08 14:38 - 2016-07-08 14:38 - 00144512 _____ C:\Windows\Minidump\070816-27440-01.dmp 2016-07-08 05:52 - 2016-07-08 05:52 - 00144512 _____ C:\Windows\Minidump\070816-26800-01.dmp 2016-07-08 05:39 - 2016-07-08 05:40 - 00144512 _____ C:\Windows\Minidump\070816-26145-01.dmp 2016-07-08 00:58 - 2016-07-08 00:58 - 00144512 _____ C:\Windows\Minidump\070816-26254-01.dmp 2016-07-08 00:56 - 2016-07-08 00:56 - 00144512 _____ C:\Windows\Minidump\070816-27721-01.dmp 2016-07-08 00:53 - 2016-07-08 00:53 - 00144512 _____ C:\Windows\Minidump\070816-29515-01.dmp 2016-07-07 21:12 - 2016-07-07 21:12 - 00144512 _____ C:\Windows\Minidump\070716-24866-01.dmp 2016-07-07 16:04 - 2016-07-07 16:04 - 00300400 _____ C:\Users\mahmoud\Desktop\2.txt 2016-07-07 16:03 - 2016-07-07 16:04 - 00001815 _____ C:\Users\mahmoud\Desktop\1.txt 2016-07-07 15:34 - 2016-07-07 15:34 - 00144512 _____ C:\Windows\Minidump\070716-26254-01.dmp 2016-07-07 15:29 - 2016-07-07 15:29 - 00144512 _____ C:\Windows\Minidump\070716-27050-01.dmp 2016-07-07 15:21 - 2016-07-08 05:47 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-07 15:21 - 2016-07-07 16:00 - 00001054 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-07-07 15:21 - 2016-07-07 15:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-07-07 15:21 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-07-07 15:21 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-07-07 15:21 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-07-07 15:09 - 2016-07-07 15:16 - 22851472 _____ (Malwarebytes ) C:\Users\mahmoud\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-07 14:17 - 2016-07-07 14:17 - 00144512 _____ C:\Windows\Minidump\070716-25147-01.dmp 2016-07-07 05:36 - 2016-07-09 06:03 - 00000000 ____D C:\FRST 2016-07-07 05:36 - 2016-07-07 05:35 - 01740288 _____ (Farbar) C:\Users\mahmoud\Desktop\FRST.exe 2016-07-07 05:34 - 2016-07-07 05:35 - 01740288 _____ (Farbar) C:\Users\mahmoud\Downloads\FRST.exe 2016-07-07 05:28 - 2016-07-07 05:28 - 00144520 _____ C:\Windows\Minidump\070716-25287-01.dmp 2016-07-06 07:16 - 2016-07-06 07:16 - 00144512 _____ C:\Windows\Minidump\070616-25396-01.dmp 2016-07-06 07:14 - 2016-07-06 07:15 - 00144512 _____ C:\Windows\Minidump\070616-27424-01.dmp 2016-07-06 07:12 - 2016-07-06 07:12 - 00144512 _____ C:\Windows\Minidump\070616-28158-01.dmp 2016-07-06 04:30 - 2016-07-06 04:30 - 00144512 _____ C:\Windows\Minidump\070616-25599-02.dmp 2016-07-06 04:26 - 2016-07-06 04:26 - 00144520 _____ C:\Windows\Minidump\070616-25740-01.dmp 2016-07-06 04:21 - 2016-07-06 04:21 - 00144512 _____ C:\Windows\Minidump\070616-25584-01.dmp 2016-07-06 03:22 - 2016-07-06 03:22 - 00144512 _____ C:\Windows\Minidump\070616-25162-01.dmp 2016-07-05 18:55 - 2016-07-05 18:55 - 00144520 _____ C:\Windows\Minidump\070516-25864-01.dmp 2016-07-05 18:53 - 2016-07-05 18:53 - 00144512 _____ C:\Windows\Minidump\070516-30435-01.dmp 2016-07-05 14:31 - 2016-07-05 14:31 - 00144512 _____ C:\Windows\Minidump\070516-28454-01.dmp 2016-07-05 13:49 - 2016-07-05 13:49 - 00144512 _____ C:\Windows\Minidump\070516-25552-01.dmp 2016-07-04 18:48 - 2016-07-05 01:48 - 00000000 ____D C:\Users\mahmoud\Doctor Web 2016-07-04 18:48 - 2016-07-04 18:33 - 136156208 _____ C:\Users\mahmoud\Desktop\ifi0mcn2.exe 2016-07-04 17:52 - 2016-07-04 17:52 - 00000000 ____D C:\Users\mahmoud\AppData\Local\ElevatedDiagnostics 2016-07-04 17:50 - 2016-07-04 17:50 - 00144520 _____ C:\Windows\Minidump\070416-16146-01.dmp 2016-07-04 14:06 - 2016-07-04 14:06 - 00144512 _____ C:\Windows\Minidump\070416-16302-01.dmp 2016-07-04 14:04 - 2016-07-04 14:04 - 00144512 _____ C:\Windows\Minidump\070416-20779-01.dmp 2016-07-04 13:32 - 2016-07-04 13:32 - 00144512 _____ C:\Windows\Minidump\070416-19500-01.dmp 2016-07-04 13:29 - 2016-07-04 13:30 - 00144512 _____ C:\Windows\Minidump\070416-19999-01.dmp 2016-07-04 13:27 - 2016-07-04 13:27 - 00144512 _____ C:\Windows\Minidump\070416-19297-01.dmp 2016-07-04 13:25 - 2016-07-04 13:25 - 00144512 _____ C:\Windows\Minidump\070416-19624-01.dmp 2016-07-04 13:23 - 2016-07-04 13:23 - 00144512 _____ C:\Windows\Minidump\070416-20077-01.dmp 2016-07-03 23:20 - 2016-07-03 23:21 - 00144512 _____ C:\Windows\Minidump\070316-15990-01.dmp 2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 ____H C:\Users\mahmoud\AppData\Local\BIT51AA.tmp 2016-07-03 23:19 - 2016-07-03 23:19 - 00000000 _____ C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F} 2016-07-03 05:34 - 2016-07-03 05:34 - 00144512 _____ C:\Windows\Minidump\070316-16411-01.dmp 2016-07-03 03:09 - 2016-07-03 03:09 - 00000338 _____ C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job 2016-07-03 03:04 - 2016-07-03 03:04 - 00144512 _____ C:\Windows\Minidump\070316-16988-01.dmp 2016-07-03 03:00 - 2016-07-08 18:04 - 00000000 ____D C:\Windows\Minidump 2016-07-03 03:00 - 2016-07-03 03:01 - 00144512 _____ C:\Windows\Minidump\070316-16832-01.dmp 2016-07-02 07:50 - 2016-07-08 18:04 - 01626382 _____ C:\Windows\ntbtlog.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-09 06:03 - 2015-01-05 16:37 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-09 06:03 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-09 06:03 - 2009-07-14 07:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-09 05:56 - 2015-01-05 16:37 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-09 05:55 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-09 01:07 - 2015-01-05 15:57 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\DMCache 2016-07-09 01:05 - 2015-04-20 20:09 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\Skype 2016-07-09 01:04 - 2015-01-27 17:01 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-08 16:13 - 2010-11-21 00:01 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-08 16:13 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf 2016-07-07 21:10 - 2015-01-19 21:36 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-07-07 21:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\tracing 2016-07-07 16:00 - 2015-04-19 23:22 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk 2016-07-07 16:00 - 2015-01-19 20:46 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-07-07 16:00 - 2014-09-05 23:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-07-07 16:00 - 2014-09-05 22:54 - 00001389 _____ C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-07 16:00 - 2014-09-05 22:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-07-07 16:00 - 2014-09-05 22:51 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-07-07 16:00 - 2009-07-14 07:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-07-07 16:00 - 2009-07-14 07:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-07-07 16:00 - 2009-07-14 07:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-07-07 16:00 - 2009-07-14 07:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-07-07 15:59 - 2015-09-25 00:04 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk 2016-07-07 15:59 - 2015-01-27 17:02 - 00001179 _____ C:\Users\mahmoud\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2016-07-07 15:59 - 2009-07-14 07:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-07-07 15:59 - 2009-07-14 07:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-07-07 15:32 - 2016-05-12 13:53 - 00000001 _____ C:\Windows\system32\eg.html 2016-07-07 14:22 - 2009-07-14 05:04 - 00000219 _____ C:\Windows\system.ini 2016-07-05 13:46 - 2014-09-05 22:53 - 00000000 ____D C:\Users\mahmoud 2016-07-05 11:49 - 2016-05-12 20:52 - 00000000 ____D C:\Program Files\WinZipper 2016-07-05 11:49 - 2014-09-05 23:04 - 00000000 ____D C:\Program Files\WinRAR 2016-07-05 02:00 - 2016-05-12 20:50 - 00000000 ____D C:\Windows\system32\_tWm 2016-07-05 01:52 - 2015-12-15 02:41 - 00000000 ____D C:\ProgramData\ZWdMZ 2016-07-05 01:52 - 2014-09-07 03:21 - 00000000 ____D C:\Program Files\Subway Surfers 2016-07-05 01:51 - 2015-09-25 00:04 - 00000000 ____D C:\Program Files\LINE 2016-07-05 01:51 - 2015-07-07 12:27 - 00000000 ____D C:\Program Files\Internet Download Manager 2016-07-05 01:51 - 2014-09-05 22:55 - 00000000 ____D C:\Program Files\Mobinil USB Modem 2016-07-04 17:48 - 2016-05-12 20:52 - 00000000 ____D C:\Users\mahmoud\AppData\Roaming\WinZiper 2016-07-04 17:48 - 2015-04-11 00:52 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2016-06-17 11:42 - 2015-01-05 16:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-17 09:12 - 2009-07-14 07:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-09-03 11:42 - 2015-09-03 11:42 - 0000000 _____ () C:\Program Files\GUT8585.tmp 2015-09-20 09:17 - 2015-09-20 09:17 - 0033134 _____ () C:\Users\mahmoud\AppData\Roaming\UserTile.png 2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 ____H () C:\Users\mahmoud\AppData\Local\BIT51AA.tmp 2016-07-03 23:19 - 2016-07-03 23:19 - 0000000 _____ () C:\Users\mahmoud\AppData\Local\{0495DEBF-C1E6-41CC-95EE-FAE7BD01042F} 2015-10-26 23:33 - 2015-12-29 11:17 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Files to move or delete: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\mahmoud\LineInst.exe Some files in TEMP: ==================== C:\Users\mahmoud\AppData\Local\Temp\A4D7.exe C:\Users\mahmoud\AppData\Local\Temp\BingSvc.exe C:\Users\mahmoud\AppData\Local\Temp\BSvcProcessor.exe C:\Users\mahmoud\AppData\Local\Temp\BSvcUpdater.exe C:\Users\mahmoud\AppData\Local\Temp\NSISPromotionEx.dll C:\Users\mahmoud\AppData\Local\Temp\SWFXXLRT.DLL C:\Users\mahmoud\AppData\Local\Temp\{A5606348-75EB-43EF-8344-C1A3ED73BF34}-46.0.2490.86_chrome_installer.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-07 16:50 ==================== End of FRST.txt ============================