[SOLVED] [HELP] Win7 Premium(x64) lags and huge cpu usage sometimes

QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Jul 05 05:36:19 2014
Machine ID: C44B41B1



No infection found.
-------------------



Processes
---------
ADSMTray 3412 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
CyberLink MediaLibray Service 3692 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
Firefox 4196 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 5508 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
IEMonitor Application 1500 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
Internet Download Manager (IDM) 3088 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Malwarebytes Anti-Exploit 3472 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
NVIDIA GeForce Experience 2912 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
Skype 2856 C:\Program Files (x86)\Skype\Phone\Skype.exe
(verified) ASUS Screen Saver Protector 3696 C:\Windows\AsScrPro.exe


Network activity
----------------
Process Skype.exe (2856) connected on port 40010 --> 65.55.223.42
Process Skype.exe (2856) connected on port 12350 --> 157.56.116.200
Process Skype.exe (2856) connected on port 443 (HTTP over SSL) --> 157.56.126.111
Process Skype.exe (2856) connected on port 6499 --> 24.47.177.52
Process firefox.exe (4196) connected on port 443 (HTTP over SSL) --> 63.245.215.42
Process firefox.exe (4196) connected on port 443 (HTTP over SSL) --> 63.245.215.42
Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (4196) connected on port 80 (HTTP) --> 37.59.67.149

Process Skype.exe (2856) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 34918


Autoruns and critical files
---------------------------
FileHippo.com Update Checker C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
Internet Download Manager (IDM) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Malwarebytes Anti-Exploit C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Mozilla Firefox C:\Program Files (x86)\Mozilla Firefox
NVIDIA Streamer c:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll
Skype C:\Program Files (x86)\Skype\Phone\Skype.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Bitdefender QuickScan C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
Internet Download Manager Module c:\program files (x86)\internet download manager\idmiecc.dll
Internet Explorer C:\Windows\SysWOW64\ieframe.dll
Java Deployment Toolkit 7.0.600.19 C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
Java(TM) Platform SE 7 U60 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Java(TM) Platform SE 7 U60 c:\program files (x86)\java\jre7\bin\ssv.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_14_0_0_139.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Qualys BrowserCheck Plugin C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk\1.9.20.1_0\npqbc.dll
RealJukebox NS Plugin c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
RealNetworks(tm) Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
(unsigned) NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
(unsigned) RealPlayer Version Plugin c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
(unsigned) RealPlayer(tm) HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
(unsigned) Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll


Missing files
-------------
File not found: c:\program files (x86)\java\jre7\bin\jp2ssv.dll
--> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"


Scan
----
MD5: 14365399e83d7bc15760e8676e890c87 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: 3eccdd3fe310dd8f82d085447089adb0 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MD5: 4c016fd76ed5c05e84ca8cab77993961 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
MD5: 7910158929571214a959d5a6d16dd9c0 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
MD5: 2371027f8a83503b8ae73b9dc432fa68 C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: b362181ed3771dc03b4141927c80f801 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 221564cc7be37611fe15eacf443e1bf6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 4355cf8bd07b0e48c111fc3d2f36d313 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 57b4d34232852bfe4453be571df90d21 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
MD5: a1a6fc56a1d0dadc164637fe43c40605 C:\Program Files (x86)\CyberLink\Power2Go\MSVCR71.dll
MD5: d72d08898e2ba14b8fd6e9533c714385 C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
MD5: 5b92cb0a3eee50f6b9ae036b4f9b0f0c C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: fb5621842fdabf9f8359775573498fbc C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
MD5: a1c148801b4af64847aeb9f3ad9594ef C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
MD5: 41118d920b2b268c0adc36421248cdcf C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
MD5: 372f85e458209cf202b8bedc68d0ae84 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
MD5: c79df3ff9f779a7aef7fb84910d5596a C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll
MD5: 0ed902533b7418e4bb62302ff0213425 c:\program files (x86)\internet download manager\idmiecc.dll
MD5: 3b2574a4bcaab325288db198e4b9cae6 C:\Program Files (x86)\Internet Download Manager\idmmkb.dll
MD5: bd95e822e7a958bbca842d078426a151 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
MD5: b5371d2c9017eee216b5361d600b3543 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 7bf7103176dbfc80a31e275f7ed7918c C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
MD5: 6897943e58d779d1c7cb74191931b1d5 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
MD5: a2ee57eff61ae2d6bda7e83090d170d0 c:\program files (x86)\java\jre7\bin\ssv.dll
MD5: a542fb84be5d4b1bb1d3e6544925709c C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-api.dll
MD5: 4bc55ed4e547ad01f692853ae208461a C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
MD5: 2b6d8c932bdfcf135b72a3cf533f2439 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
MD5: 07df8f51bce3b5556e2cb44e69f5d7c5 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MD5: 3be1c5810e4873962ce0feadea9f32c5 C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
MD5: d84aea3f3329d622dfc1297dddf6163b C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
MD5: 4f45ed469906494f9bf754e476390dbd C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
MD5: 77551f57862c57e0e25f3b6227bdd37e C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 21565a394b054cb03a3d6e14c81c89db C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: bae3765c880d48da698bce55f49434ac C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: d4d46ff27c82e1a275e0bb5bea49e0af C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MD5: 5b3500a707abf216306ceb0ec68c0985 C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
MD5: 5f760596918f8bc0b8ae1730c176c171 C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
MD5: 1654d1de315f297c4fdafc12b0c0e64d C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
MD5: b68a9a56857298e9d9790e8b0dff1ed6 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 24087de9426abc52d733b06eeb71f8bc C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: b3e49cd5ba2c57c46a2857476ee49aef C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MD5: 9ba049fa902a094e29fce7b5bd4716ec C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: e5867ac469f33723ae4ca603832cd3ca C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 267a50aca93a83993cb1fd140620efe4 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 6a08fa0fa8ddd10bb800484b7123127f C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 33839ca6cc3fd43400ecaec4d73c74e2 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 0a2efe39806ed2606474afbab99f0d75 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 7cc2abb1428877c460272ca0fe2e13a7 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 9e6d9d03c6d802e8ff2cdffae7df6aad C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 545e63ee9b530bdd10aaf477a8dd7c63 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 7ee6b6e962fd9e02bbdbf15052e0576d C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 48c8ba301bad0c4a23ab3dcba2a29f69 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MD5: c6a168deaa5c3090a8399e16ce0ea592 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: a6876fdc7216b1faee1335e4aa361240 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStereoApiI.dll
MD5: 056ef5c4af4bd002aeae417412c8eb71 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
MD5: 15378e660b6ecfe704074748e050b056 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
MD5: b6892768c986588d6e924f5c2e2ebe15 c:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll
MD5: f7b9148f6e0db4f722634452dff578e0 c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
MD5: 692c1cc6a09fde9f356524dd0d0391b8 c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
MD5: 449e6cd914920b84dddf0f12880411ee C:\Program Files (x86)\Skype\Phone\Skype.exe
MD5: 0ca4180b21c6b728578f3b0433bb740e C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
MD5: 7b4c82899a967a7eb22dab502770ae8e C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
MD5: f0e80e561c3f715db01accc97b72463a C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: af528b4eca925f63d437f76e87d8971d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 357cabbf155afd1d3926e62539d2a3a7 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 4cb575d97653fa91ffb02da3105eb084 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
MD5: 835fc2ea0631b734bb06c12b0665f01d C:\Program Files\iPod\bin\iPodService.exe
MD5: 7a2a8c975356858eb38466a6b1592e8d C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: 912602bb857f31baad644c993d0e5f8d C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
MD5: 3170fdfa0cce1d9133b6546315d11983 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 76c5adfe97a6960d0851522ea7aa5af4 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 0ade25d0fb771b95e7021766d9eca32b C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk\1.9.20.1_0\npqbc.dll
MD5: 4a5ec99b7a300946e15adbd8d303ab59 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\logging.dll
MD5: ab09ce954c647f3c2b4328b57d519996 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\MSVCP110.dll
MD5: 80e987dbe08677e2ec09615cd4358607 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\MSVCR110.dll
MD5: 1c1bb3dd5cb3714d3810b0c035b29a99 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
MD5: 1f1c57ba9954d396144760193e25c3b1 C:\Users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\Telemetry.dll
MD5: e16b8626c385d20e428006916bcdb6c8 C:\Users\ali\AppData\Roaming\IDM\idmmzcc5\components10\idmmzcc.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 9a262edd17f8473b91b333d6b031a901 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
MD5: 4aedab50f83580d0b4d6cf78191f92aa C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
MD5: 21318671bcad3acf16638f98d4d00973 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: e87213f37a13e2b54391e40934f071d0 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MD5: b53bbeb3a90030adcd8fcec26ab0e65b C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: cfcd9edb4b54653b767ebdf722ba8309 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 4810bdb223adbef09c6a96153f7b9987 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 05635e9f41c3ed112e48b06a039c0b3d C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ca9bf20c89804ddf90b77186e9c4053d C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 6ab46ceebd62287b3cac9cabf35c0b31 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: c1b384335b462d49d44a36eef3d84458 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 9bb5788e5403adb0fbec56c12fdf01f6 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: e1364901e2db1d50069b3c7d3167d788 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: c204a714c587e5935d93818357c5f2f1 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: ab19dc0b708cfda06567b1428d5ebe16 C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 4d338a4961c16ce062725508a43392ad C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 1f89ee12d56d833d0bf4b8070d213a27 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: f8664c3b4a7365773312eae6593e7525 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 6f482e6ba305ab471d0baf728bc75310 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 541f08d2a39affbd938c76137407d286 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: 9ceba869447b1e338631db05493c21ce C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: c74df35f56ca85075060ed2a715d776a C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 5ea6870fe09f75d92e26a2614a756659 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: b28490ac5caabf0bf796a49946300f67 C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 65e14c022a7e3a70c7fd2627ef75b4d6 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: c7280f39f0e4ed5ddb97630b59c1a804 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: e515b51caa7ce378ca9419ee9b07cd2f C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 232e3a49a5897afda0881f3d2a1ad98a C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: 46237f5c64ca4638024e341be2ad1d19 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: ccba7f264a5259df5f6915cbefc453c9 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: c3566123385c8ff53bffe4d7413f6290 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: ff41cf91302c9c12bc2abd41989ddeb5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 088cf5b6380fb9002f2a4246f812225d C:\Windows\system32\asycfilt.dll
MD5: 5fc2d30c05487b480c2a154d5d281ba0 C:\Windows\system32\Connect.dll
MD5: 2a86c18ce6869c77fceb62f3b47d4d5b C:\Windows\system32\credssp.dll
MD5: 14800bd31701a5047ac3145bb1e698ae C:\Windows\system32\d2d1.dll
MD5: 3c1936a12c62254f914a01bbc6a8dc69 C:\Windows\system32\d3d10_1.dll
MD5: d4212ab475a3b25ec4df574536c3edc5 C:\Windows\system32\d3d10_1core.dll
MD5: d96106cf60505734b14f6ae80aaa4b07 C:\Windows\system32\D3D10Warp.dll
MD5: d4f264fe23f8953d840904418220c15e C:\Windows\system32\dxgi.dll
MD5: f0d0e883ebbdc7615dc9edea0ffb2817 C:\Windows\System32\fwpuclnt.dll
MD5: 298fde634538b62ceeec266d8773b21a C:\Windows\system32\msls31.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Windows\system32\MSVCR100.dll
MD5: e94c583cde2348950155f2af2876f34d C:\Windows\system32\mswsock.dll
MD5: ad7fb087a238883d1618f29f7bbbd584 C:\Windows\system32\ncrypt.dll
MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\system32\netshell.dll
MD5: 086f19d0444f20725b585c7c1bacb6af C:\Windows\system32\nvwgf2um.dll
MD5: 75e8ebd7040ce238684333f97014762a C:\Windows\System32\webclnt.dll
MD5: a054ea8fbe16d4d34f06d81a4f0088e2 C:\Windows\system32\windowscodecs.dll
MD5: 6c4b2e1a25841077084eb9f76ff6ffa7 C:\Windows\system32\wmp.dll
MD5: 02df0628be8b64b84d50fbe53549aa3b C:\Windows\system32\wmploc.dll
MD5: ae7b288233c212c62cd544bf768c45e6 C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
MD5: d67472125471784de7147946eda25feb C:\Windows\syswow64\ADVAPI32.dll
MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: cc09e0c9a2d89c6e71d093dc8bd121b7 C:\Windows\syswow64\CRYPT32.dll
MD5: 56e3313690866f99cd17aa1342f64ae1 C:\Windows\syswow64\GDI32.dll
MD5: 688227d38a6ff6403b293d0c50b454b9 C:\Windows\SysWOW64\ieframe.dll
MD5: 9eaab4305536829d6b7d9c3a47e92861 C:\Windows\syswow64\iertutil.dll
MD5: c58e97eeb1cb80ce91d5e7fd5e78794f C:\Windows\SysWOW64\jscript9.dll
MD5: 76161b9d78a275f8f28dd67436013110 C:\Windows\syswow64\kernel32.dll
MD5: 461b713de7f353c6447b744f1a049930 C:\Windows\syswow64\KERNELBASE.dll
MD5: cc23295da8f7b5c53f93804d2f5d30eb C:\Windows\syswow64\LPK.dll
MD5: cf778f22a20b47402397f9b4b330f1d1 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
MD5: d5ecbb3bfdc73a59440d9ca79ab3a342 C:\Windows\SysWOW64\mshtml.dll
MD5: a2b0924d50f4435fd389499047ce553a C:\Windows\SysWOW64\ntdll.dll
MD5: 828185688fdaae6c7959b884abed1766 C:\Windows\SysWOW64\schannel.dll
MD5: c94ce65ae7701e9fdba889045543e27c C:\Windows\syswow64\Secur32.dll
MD5: e9d88493fbdb36d4b65c6f2f7f122c95 C:\Windows\syswow64\SHELL32.dll
MD5: 75878492f2b33405eef900f8c16c6d08 C:\Windows\syswow64\SspiCli.dll
MD5: 0afce8eef3751810fe2101fd608fb8b3 C:\Windows\syswow64\URLMON.DLL
MD5: a5f833506bf6a1b5d693e1499dee2444 C:\Windows\syswow64\USP10.dll
MD5: 771cdbc3d62437d6db070820bb1edccf C:\Windows\syswow64\WININET.dll
MD5: ee19c85ca685a275be346ec41f1870f9 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.49 KB recvd
Scanned 352 files and modules - 30 seconds

==============================================================================
 
btw, i face also a problem in "Microsoft Visual Basic 2010 Express - ENU" which is whenever i try to debug i get this error:

View attachment 8482

i used to play with services long time ago, and sometimes with "Microsoft Visual Basic 2010 Express - ENU's" settings.
tried to reinstall (Microsoft Visual Basic 2010 Express - ENU) and repair it.. but still.

is this related somehow? i would be greatly happy if you could find a solution for me. as i searched and tried a lot of stuff but still :/

This particular error message isn't a problem with your own code and is not particular to any specific project you're currently working on. Instead, it looks to be a problem with your current installation. I notice that you've using the Express Edition, but your installed program listings from earlier also included "Microsoft Visual Studio Ultimate 2012". Where did you get it from? Since that particular edition of Visual Studio usually costs many thousands of pounds, I'm guessing it's not directly purchased??? There are several legitimate sources of this edition for free or reduced prices (some schools and employers give it away for free for example - hence why I'm asking where it came from), but it's also possible that it's a cracked version. If it was downloaded off the internet, that's almost certainly the source of your troubles with the Express Edition. In such a situation, I would advise you to completely uninstall every single edition of Visual Studio you currently have, then put back on just the Express Edition. You don't need the Ultimate Edition anyway. The only bits it adds is lots of stuff for corporate networks, bits for working in large teams with hundreds of programmers, advanced unit testing modules for automated testing of large programs, etc.

The reality is that you don't need any of this stuff. The Express Edition will do everything you need it to. Most importantly though, you need it to work. Hence why I think you should uninstall all of the Visual Studio stuff you currently have and just reinstall the Express Edition. Hopefully that will resolve your issue.

Richard
 
hey there, thanks for your help. :)
i did already uninstalled all the programming stuff in found in the programs and features list and reinstalled vb2010 express before posting the previous reply.
but i still have the problem(i mean it occurs but not in all projects) for example,
this project(mine<made it in my own compute yesterday>) works when i debug it:
MathG
but this project(someone else made it and needed my help with) doesn't work for me while debugging(as it gives me the error i had shown you before):
Rconfort

Thanks alot guys for your help.
 
Let's see fresh DDS logs. Please do the following:
  • Disable any script blocker and then double-click dds.scr to run.
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • The logs will automatically be saved to your desktop.
  • Copy the contents of both logs & post in your next reply

Thank you.
 
i only have a file called "dds.com" is it the same as "dds.scr"? :/

DDS.txt log file:

========================================================================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.60.2
Run by ali at 19:56:34 on 2014-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.3937 [GMT 2:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_hub.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_interface.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_dialogs.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_browser.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_central_control.exe
C:\Users\ali\AppData\Local\MediaFire Desktop\mf_monitor.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {3142C289-F319-47F5-A594-A827028714C9} - <orphaned>
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [MediaFire Tray] C:\Users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:253
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374545831534
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374021286188
TCP: NameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : DHCPNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\16C696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4 : NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6 : DHCPNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\D416C69637 : DHCPNameServer = 197.199.255.254 217.52.47.130
TCP: Interfaces\{8A68948D-B161-4ED7-8BBE-9F3776C9E0DF}\16C696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D13B58AE-512F-4510-A695-2D1472BC76B5}\16C696 : DHCPNameServer = 213.131.66.248 213.131.65.20
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_139.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2013-6-24 56016]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-7-5 62392]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-20 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-18 180136]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-7-5 360592]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-30 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-30 860472]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;C:\Users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE [2014-7-5 456504]
R2 mfmonitor;mfmonitor;C:\Windows\System32\drivers\mfmonitor_x64.sys [2014-7-5 20696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-1 14984480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-20 2314240]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-8-9 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-8-9 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-20 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-30 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-30 63704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-1 39712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;C:\Windows\System32\drivers\ERKRmvrDrv.sys [2013-8-12 44120]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-6-19 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-2-6 32152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-30 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ST330;ST330;C:\Windows\System32\drivers\st330.sys [2011-3-22 47616]
S3 STBUS;STBUS;C:\Windows\System32\drivers\stbus.sys [2011-3-22 24576]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\Windows\System32\drivers\steth.sys [2011-3-22 58880]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\System32\drivers\stppp.sys [2012-4-14 54272]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-30 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-3 117040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
S4 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-9 2252504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2019-10-09 08:40:57 -------- d-----w- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2014-07-05 16:34:02 -------- d-----r- C:\Users\ali\MediaFire
2014-07-05 16:33:18 -------- d--h--w- C:\Users\ali\.mediafire
2014-07-05 12:45:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\offreg.dll
2014-07-05 12:36:44 -------- d-----w- C:\Program Files (x86)\MediaFire Desktop
2014-07-05 12:36:24 20696 ----a-w- C:\Windows\System32\drivers\mfmonitor_x64.sys
2014-07-05 12:36:01 -------- d-----w- C:\Users\ali\AppData\Local\MediaFire Desktop
2014-07-05 12:35:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-07-05 04:41:32 -------- d-----w- C:\Program Files (x86)\MathG
2014-07-05 01:36:03 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\mpengine.dll
2014-07-05 01:23:48 -------- d-----w- C:\Windows\Migration
2014-07-05 01:04:01 24429168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-07-04 13:59:36 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-07-04 13:59:36 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-04 13:59:32 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-04 13:56:25 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2014-07-04 01:34:09 -------- dcsh--w- C:\$RECYCLE.BIN
2014-07-04 01:29:49 -------- d-----w- C:\Users\ali\AppData\Local\temp
2014-07-04 01:16:46 98816 ----a-w- C:\Windows\sed.exe
2014-07-04 01:16:46 256000 ----a-w- C:\Windows\PEV.exe
2014-07-04 01:16:46 208896 ----a-w- C:\Windows\MBR.exe
2014-07-04 01:16:42 -------- dc----w- C:\ComboFix
2014-07-03 17:59:14 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-03 17:58:24 -------- dc----w- C:\AdwCleaner
2014-07-02 20:36:42 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-02 19:51:30 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-02 19:32:07 -------- dc----w- C:\SUPERDelete
2014-07-02 19:16:22 -------- d-----w- C:\Users\ali\AppData\Local\Innovative Solutions
2014-07-02 19:16:19 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2014-07-02 15:18:15 -------- d-----w- C:\Users\ali\AppData\Local\uGet
2014-07-02 13:21:50 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2014-07-02 13:10:57 -------- d-----w- C:\ProgramData\SecTaskMan
2014-07-02 12:13:46 -------- d-----w- C:\Users\ali\AppData\Local\Skype
2014-07-01 23:43:04 -------- d-sh--w- C:\Users\ali\AppData\Local\EmieUserList
2014-07-01 23:43:04 -------- d-sh--w- C:\Users\ali\AppData\Local\EmieSiteList
2014-07-01 21:56:17 -------- d-----w- C:\Program Files\iPod
2014-07-01 21:56:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-01 21:56:15 -------- d-----w- C:\Program Files\iTunes
2014-07-01 21:56:15 -------- d-----w- C:\Program Files (x86)\iTunes
2014-07-01 21:17:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-01 21:17:30 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-01 20:47:03 -------- d-----w- C:\Windows\en
2014-07-01 20:46:36 -------- d-----w- C:\Windows\ar
2014-07-01 20:43:49 -------- dc----w- C:\NvidiaLogging
2014-07-01 20:39:00 39712 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-07-01 20:38:59 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-07-01 20:38:59 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-07-01 20:31:16 6081224 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5d3fa3861cf956b0b\onedrivesetup.exe
2014-07-01 19:44:36 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-01 19:08:51 -------- d-----w- C:\Users\ali\AppData\Local\Adobe
2014-07-01 15:47:54 -------- d-----w- C:\ProgramData\Oracle
2014-07-01 15:46:53 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-01 00:39:19 -------- d-----w- C:\Users\ali\AppData\Roaming\PowerISO
2014-07-01 00:38:21 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2014-07-01 00:38:02 -------- d-----w- C:\Program Files\PowerISO
2014-06-30 23:24:22 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-06-30 23:24:22 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-06-30 22:45:59 1402880 -c--a-w- C:\Utilman.exe
2014-06-30 18:19:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-30 18:17:42 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-30 18:17:42 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-30 18:17:42 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-30 18:17:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 17:47:53 -------- d-s---w- C:\Windows\System32\CompatTel
2014-06-30 17:37:41 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-06-30 17:37:41 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-06-30 17:37:40 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-06-30 17:37:39 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-06-30 15:23:51 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-06-30 15:23:51 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-06-30 13:57:00 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-06-30 13:57:00 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-30 13:53:39 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 13:53:39 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-30 13:51:29 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-06-30 13:50:48 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-06-30 13:50:48 156160 ----a-w- C:\Windows\System32\cscript.exe
2014-06-30 13:50:48 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-06-30 13:50:48 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-06-30 13:50:47 168960 ----a-w- C:\Windows\System32\wscript.exe
2014-06-30 13:50:47 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2014-06-30 13:50:47 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2014-06-30 13:50:47 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2014-06-30 13:48:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-06-30 13:48:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-06-30 13:47:05 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-06-30 13:47:04 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-06-30 13:45:59 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2014-06-30 13:45:59 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2014-06-30 13:45:54 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-06-30 13:45:54 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-06-30 13:42:28 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-30 13:42:27 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-30 13:42:27 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-06-30 13:42:27 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-06-30 13:42:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-06-30 13:42:26 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-06-30 13:42:25 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-06-30 13:42:24 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-06-30 13:42:24 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-06-18 08:47:57 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-08-15 09:20:36 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 20:00:36.56 ===============

========================================================================================

Attach.txt log file:

========================================================================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/01/2011 02:30:05 AM
System Uptime: 05/07/2014 06:30:48 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N53Jq
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 59.885 GiB free.
D: is FIXED (NTFS) - 426 GiB total, 70.243 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
Service: BthPan
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB2.0 UVC 2M WebCam
Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
Manufacturer: Azureware
Name: USB2.0 UVC 2M WebCam
PNP Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
Service: SNP2UVC
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (RFCOMM Protocol TDI)
Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
Manufacturer: Microsoft
Name: Bluetooth Device (RFCOMM Protocol TDI)
PNP Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
Service: RFCOMM
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Hands-free Audio
Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Service: btwaudio
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
Manufacturer: Atheros
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
Service: L1C
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Service: vwifimp
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Service: btwrchid
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
Class GUID:
Description:
Device ID: ROOT\WPD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0000
Service:
.
==== System Restore Points ===================
.
RP807: 04/07/2014 02:56:08 PM - Update for Microsoft Visual Studio 2012 (KB2781514)
RP808: 04/07/2014 02:57:04 PM - Visual Studio 2012 Update 3 (KB2707250)
RP809: 05/07/2014 03:00:14 AM - Windows Update
RP810: 05/07/2014 03:40:20 AM - Windows Update
RP811: 05/07/2014 04:40:59 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 sdc.mcafee.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1 Spyware Info | Spyware Info
Hosts: 0.0.0.0 rad.msn.com
.
==== Installed Programs ======================
.
بريد Windows Live
تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
تحديث لـ Microsoft Office Word 2007 Help (KB963665)
دعم تطبيق Apple
7-Zip 9.22 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop CS
Adobe Photoshop CS5.1 12.1
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.0
Alcor Micro USB Card Reader
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS_N3_Series
ATK Package
Auslogics Duplicate File Finder
Boingo Wi-Fi
Bonjour
Canon iP2700 series Printer Driver
ControlDeck
Cooking Dash
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
Dropbox
ESET Smart Security
ETDWare PS/2-x64 7.0.5.13_WHQL
Explorer Suite III
ExpressGate Cloud
Fast Boot
FileHippo.com Update Checker
FileZilla Client 3.9.0-beta2
Fresco Logic USB3.0 Host Controller
Game Park Console
Google Chrome
Google Earth
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
iCloud
Image Resizer for Windows
Image Resizer for Windows (64 bit)
Imgur Uploader
Inno Setup version 5.5.1
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
Internet Download Manager
IrfanView (remove only)
iTunes
Java 7 Update 60
Java 8 Update 5 (64-bit)
Java Auto Updater
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Exploit version 1.03.1.1220
Malwarebytes Anti-Malware version 2.0.2.1012
MathG version 1.0
MediaFire Desktop
MediaFire Express
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared 64-bit MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft OneDrive
Microsoft Portable Library Multi-Targeting Pack
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
Movie Maker
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Net4Switch
Notepad++
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA Display Control Panel
NVIDIA GeForce Experience 1.6
NVIDIA Graphics Driver 320.49
NVIDIA HD Audio Driver 1.3.24.2
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 7.2.17
NVIDIA Update Components
NVIDIA Updatus
NVIDIA Virtual Audio 1.2.1
Paint Shop Pro 5.0
Photo Common
Photo Gallery
Plants vs Zombies
PMB
PowerISO
QuickTime 7
Realtek High Definition Audio Driver
RealUpgrade 1.1
Resource Hacker Version 3.6.0
Safari
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
SHIELD Streaming
Skype™ 6.16
SonicMaster
Sql Server Customer Experience Improvement Program
swMSM
syncables desktop SE
Unlocker 1.9.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition
USB2.0 UVC 2M WebCam
VirusTotal Uploader 2.2
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.1.3
WIDCOMM Bluetooth Software
WinDirStat 1.1.2
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR 5.00 beta 6 (64-bit)
Wireless Console 3
XnView 1.99.6
معرض الصور
.
==== Event Viewer Messages From Past Week ========
.
05/07/2014 06:39:44 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
05/07/2014 06:36:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
05/07/2014 06:32:39 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
05/07/2014 06:32:39 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
05/07/2014 06:32:39 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
05/07/2014 06:31:50 PM, Error: EventLog [6008] - The previous system shutdown at 06:30:25 م on ‏05/‏07/‏2014 was unexpected.
05/07/2014 06:31:05 PM, Error: Ntfs [137] - The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.
04/07/2014 04:57:06 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.102 with the system having network hardware address 54-AE-27-62-51-F3. Network operations on this system may be disrupted as a result.
04/07/2014 03:29:52 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/07/2014 03:29:16 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
03/07/2014 11:27:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
 
Thank you. That is just what I needed. I also thought it might be helpful regarding Microsoft Visual Basic 2010 Express for Richard to see the currently installed programs.

1. I just realized that I forgot to have you uninstall Java 7 Update 60 since you have updated to Java 8. Oracle still cannot manage to remove old versions when releasing a new version of Java, leaving what turns into a vulnerability behind. Please uninstall the old Java 7 before proceeding to the next step.

2. Now. let's take care of the leftover Crypto Obfuscator and another orphan.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Code:
ClearJavaCache::

DDS::
EB: {3142C289-F319-47F5-A594-A827028714C9} - <orphaned>

Folder::
C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.


    CF_CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
hey before seeing your reply, i started windows update to check for updates.. and so far.. from 8:30 till now.. still like this:
0qQ9CRh.png
and i think that it froze or something.. is that normal or..?
 
so far, i found this link: https://connect.microsoft.com/Visua...57/kb2635973-taking-very-long-time-to-install
which from it.. i am downloading the (VS2010SP1dvd1.iso) which is 1.482GB in size, and i (think) that i will have to abort the current installation which froze in 66% till now :/
after that i will install it and then uninstall Java 7 Update 60 and run the combofix thing you asked from me to do :/
sorry about lateness, and thanks for your efforts. :)
 
Log.txt file:

=========================================================

ComboFix 14-07-03.01 - ali 07/06/2014 2:51.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.3755 [GMT 2:00]
Running from: c:\users\ali\Desktop\ComboFix.exe
Command switches used :: c:\users\ali\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2\CryptoObfuscator.settings
.
.
((((((((((((((((((((((((( Files Created from 2014-06-06 to 2014-07-06 )))))))))))))))))))))))))))))))
.
.
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\S34N\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\ali\AppData\Local\temp
2014-07-06 01:02 . 2014-07-06 01:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-07-06 00:14 . 2014-07-06 00:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\offreg.dll
2014-07-05 22:55 . 2014-07-05 22:55 -------- d-----w- c:\programdata\boost_interprocess
2014-07-05 17:25 . 2014-07-05 17:25 -------- d-----w- c:\windows\symbols
2014-07-05 16:34 . 2014-07-05 23:50 -------- d-----r- c:\users\ali\MediaFire
2014-07-05 16:33 . 2014-07-06 00:48 -------- d--h--w- c:\users\ali\.mediafire
2014-07-05 12:36 . 2014-07-05 12:36 -------- d-----w- c:\program files (x86)\MediaFire Desktop
2014-07-05 12:36 . 2014-07-02 18:13 20696 ----a-w- c:\windows\system32\drivers\mfmonitor_x64.sys
2014-07-05 12:36 . 2014-07-05 12:37 -------- d-----w- c:\users\ali\AppData\Local\MediaFire Desktop
2014-07-05 12:35 . 2014-07-05 12:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-07-05 04:41 . 2014-07-05 12:50 -------- d-----w- c:\program files (x86)\MathG
2014-07-05 01:36 . 2014-06-17 00:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FFDEDA4-C3B7-4C46-934A-0918F961918D}\mpengine.dll
2014-07-05 01:23 . 2014-07-05 01:23 -------- d-----w- c:\windows\Migration
2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-07-04 13:59 . 2014-07-04 13:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2014-07-04 13:56 . 2014-07-04 13:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2014-07-03 17:59 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-03 17:58 . 2014-07-03 19:25 -------- dc----w- C:\AdwCleaner
2014-07-02 20:36 . 2014-07-03 19:26 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-07-02 19:51 . 2014-07-05 17:54 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-07-02 19:32 . 2014-07-02 19:32 -------- dc----w- C:\SUPERDelete
2014-07-02 19:16 . 2014-07-02 19:16 -------- d-----w- c:\users\ali\AppData\Local\Innovative Solutions
2014-07-02 19:16 . 2014-07-02 19:16 -------- d-----w- c:\program files (x86)\Innovative Solutions
2014-07-02 15:18 . 2014-07-02 15:19 -------- d-----w- c:\users\ali\AppData\Local\uGet
2014-07-02 13:21 . 2014-07-02 13:21 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2014-07-02 13:10 . 2014-07-02 13:20 -------- d-----w- c:\programdata\SecTaskMan
2014-07-02 12:13 . 2014-07-02 12:13 -------- d-----w- c:\users\ali\AppData\Local\Skype
2014-07-02 12:13 . 2014-07-02 12:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-07-01 23:43 . 2014-07-01 23:43 -------- d-sh--w- c:\users\ali\AppData\Local\EmieUserList
2014-07-01 23:43 . 2014-07-01 23:43 -------- d-sh--w- c:\users\ali\AppData\Local\EmieSiteList
2014-07-01 21:56 . 2014-07-01 21:56 -------- d-----w- c:\program files\iPod
2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\program files\iTunes
2014-07-01 21:56 . 2014-07-01 21:57 -------- d-----w- c:\program files (x86)\iTunes
2014-07-01 21:24 . 2014-07-01 21:24 -------- d-----w- c:\program files (x86)\QuickTime
2014-07-01 21:17 . 2014-07-01 22:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-01 21:17 . 2014-07-01 22:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-01 20:47 . 2014-07-01 20:47 -------- d-----w- c:\windows\en
2014-07-01 20:46 . 2014-07-01 20:46 -------- d-----w- c:\windows\ar
2014-07-01 20:43 . 2014-07-01 20:43 -------- dc----w- C:\NvidiaLogging
2014-07-01 20:39 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-07-01 20:38 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-07-01 20:38 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-07-01 20:31 . 2014-07-01 20:31 6081224 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5d3fa3861cf956b0b\onedrivesetup.exe
2014-07-01 19:45 . 2014-07-01 19:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-01 19:44 . 2014-07-01 19:44 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-01 19:44 . 2014-07-01 19:44 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-01 19:44 . 2014-07-01 19:44 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-01 19:44 . 2014-07-01 19:44 190888 ----a-w- c:\windows\system32\java.exe
2014-07-01 19:44 . 2014-07-01 19:44 -------- d-----w- c:\program files\Java
2014-07-01 19:08 . 2014-07-02 17:56 -------- d-----w- c:\users\ali\AppData\Local\Adobe
2014-07-01 15:49 . 2014-07-01 15:49 -------- d-----w- c:\users\ali\AppData\Roaming\Oracle
2014-07-01 15:47 . 2014-07-01 15:48 -------- d-----w- c:\programdata\Oracle
2014-07-01 00:39 . 2014-07-01 00:39 -------- d-----w- c:\users\ali\AppData\Roaming\PowerISO
2014-07-01 00:38 . 2014-03-30 06:26 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-07-01 00:38 . 2014-07-01 00:38 -------- d-----w- c:\program files\PowerISO
2014-06-30 23:24 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-06-30 23:24 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-06-30 22:45 . 2009-07-14 01:39 1402880 -c--a-w- C:\Utilman.exe
2014-06-30 18:41 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-30 18:19 . 2014-07-05 23:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-30 18:17 . 2014-06-30 18:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-30 18:17 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-30 18:17 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-30 18:17 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-30 17:47 . 2014-06-30 17:47 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-30 17:37 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-06-30 17:37 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-06-30 17:37 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-06-30 17:37 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-06-30 17:37 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-06-30 15:23 . 2014-06-30 15:23 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-06-30 15:23 . 2014-06-30 15:23 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-06-30 13:57 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-30 13:57 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-30 13:53 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 13:53 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-30 13:51 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-06-30 13:50 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-06-30 13:50 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-06-30 13:50 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-06-30 13:50 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-06-30 13:50 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-30 13:50 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-06-30 13:50 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-06-30 13:50 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-06-30 13:50 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-06-30 13:48 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-06-30 13:48 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-06-30 13:47 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-06-30 13:47 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-06-30 13:45 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-06-30 13:45 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-06-30 13:45 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-06-30 13:45 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-06-30 13:42 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-30 13:42 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-30 13:42 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-06-30 13:42 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-06-30 13:42 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-06-30 13:42 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-06-30 13:42 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-06-30 13:42 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-06-30 13:42 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-06-18 08:47 . 2014-06-09 08:41 180136 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-06 00:03 . 2012-04-22 20:04 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Regular.fot
2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Light.fot
2014-07-05 12:36 . 2014-07-05 12:36 1409 ----a-w- c:\windows\Fonts\OpenSans-Bold.fot
2014-07-04 12:31 . 2013-05-29 13:51 2014272 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2014-06-01 15:17 . 2011-02-04 17:05 95414520 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 09:20 . 2012-08-15 09:20 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-01 20:31 223432 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-07-04 3841616]
"MediaFire Tray"="c:\users\ali\AppData\Local\MediaFire Desktop\mf_watch.exe" [2014-07-02 3089224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE;c:\users\ali\AppData\Local\MEDIAF~2\MFUSNM~1.EXE [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;c:\windows\system32\drivers\ERKRmvrDrv.sys;c:\windows\SYSNATIVE\drivers\ERKRmvrDrv.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 hzrDrvDmd;Hazard Shield demand driver;c:\program files\Hazard Shield\hzrDriver2.sys;c:\program files\Hazard Shield\hzrDriver2.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
R4 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R4 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 reparse;reparse;c:\windows\system32\DRIVERS\cbreparse.sys;c:\windows\SYSNATIVE\DRIVERS\cbreparse.sys [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-01 18:33 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-01 20:31 262344 ----a-w- c:\users\ali\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2014-07-02 18:13 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_8bdd0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2014-07-02 18:13 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_8bdd0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2014-07-02 18:13 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_8bdd0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2014-07-02 18:13 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_8bdd0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2014-07-02 18:13 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_8bdd0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 8.8.8.8,8.8.4.4,192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\353343E4: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
FF - ProfilePath - c:\users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\y3qdajn6.default-1404230161963\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{A8D448F4-0431-45AC-9F5E-E1B434AB2249} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\645E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_139_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_139_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_139.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-07-06 03:07:42
ComboFix-quarantined-files.txt 2014-07-06 01:07
ComboFix2.txt 2014-07-04 01:46
.
Pre-Run: 65,396,936,704 bytes free
Post-Run: 67,199,746,048 bytes free
.
- - End Of File - - E8379953C792AEE13351763CE4404AEA
 
Excellent. ComboFix nicely took care of the leftover files and it appears we have also taken care of the adware/browser hijacks that were on your computer.

Let's take care of removing the tools used. Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
DelFix.txt Log:

# DelFix v10.7 - Logfile created 06/07/2014 at 20:55:10
# Updated 27/04/2014 by Xplode
# Username : ali - ALI
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\AdwCleaner
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\sc-cleaner.txt
Deleted : C:\TDSSKiller.2.8.18.0_12.08.2013_13.52.36_log.txt
Deleted : C:\TDSSKiller.3.0.0.39_30.06.2014_22.17.18_log.txt
Deleted : C:\Users\ali\Desktop\adwcleaner_3.214.exe
Deleted : C:\Users\ali\Desktop\ComboFix.exe
Deleted : C:\Users\ali\Desktop\dds.com
Deleted : C:\Users\ali\Desktop\dds.txt
Deleted : C:\Users\ali\Desktop\JRT.exe
Deleted : C:\Users\ali\Desktop\log.txt
Deleted : C:\Users\ali\Desktop\SecurityCheck.exe
Deleted : C:\Users\ali\Desktop\TFC.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #815 [Removed Skype™ 6.16 | 07/06/2014 17:50:10]

New restore point created !

########## - EOF - ##########
 
Perfect, malis2007. There are some amazing people in the security community who provide free specialized tools for our use.

1. As to your mouse, in doing a bit of reading, note the following suggestion: Be sure that the mouse is not on a reflective surface as such a surface may cause pointer drift or jump to the screen edge. An example of a non-reflective surface would be a fabric pad.

2. I almost forgot to mention -- when consulting with Richard, he pointed out that the Windows Update errors that were shown in your first DDS log are generally due to update the Internet Explorer language packs. The IE11 language packs are available here: Download Internet Explorer 11 Language Packs for Windows 7 and Windows Server 2008 R2 from Official Microsoft Download Center.

3. Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.

I hope the problem with Visual Studio has been resolved. Please let us know if you have any questions.
 
but this project(someone else made it and needed my help with) doesn't work for me while debugging(as it gives me the error i had shown you before):
Rconfort

Thanks alot guys for your help.

Just tried it on my own copy of Visual Studio 2013 Ultimate and it compiled fine.
 
Alright, thanks all for your help. i'll come back again as soon as i face a security problem(i guess).
and btw, am i finished now with the scanning?
i mean.. is all(from logs) looks fine? :/
 
Yes, malis2007, from a security standpoint, we are finished with the scanning. Although there is never a guarantee, I did not seen anything in the last logs posted and the online scan also showed no infection. So, yes, it looks fine.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top