Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to permanently remove 99.vbs file


  • Please log in to reply
33 replies to this topic

#1 Hisham85

Hisham85

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 12 November 2013 - 02:44 PM

I need to remove it from both my Computer and my USB Flash memory.. all files on usb memory became shortcuts.. plz respond :) thanks in advance .. 



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:33 AM

Posted 12 November 2013 - 03:13 PM

Please do what follows. USBFix and the Farbar Recovery Scan Tool gather information about the computer and the USB drive(s), and from there will determine what needs removed.


:step1: Please click on the Windows 7 Start button and then on Control Panel
In Control Panel, select the Folder Options link.
Click on the View tab in the Folder Options window.

In the Advanced settings: area, locate the Hidden files and folders category.
Check: Show hidden files, folders, and drives
Uncheck: Hide protected operating system files (Recommended)
Click Apply and OK at the bottom of the Folder Options window.

:step2: Next, download UsbFix:
http://www.infospyware.com/utiles/usbfix/
It is a Spanish language website, but the program is in English.
To download. press the button that says: Descagar (It means: Download)
Save to the Desktop.

:step3: Next, right-click the downloaded USBFix file and select: Run as Administrator
Connect any problem USB drive!
Press: Research
When done, the program closes on its own, and a report appears.
(The report file is also found at C:\UsbFix.txt)

>> Please post the UsbFix.txt (Research Mode) report in your reply.

:step4: Once again, run USBFix as Administrator, but, this time, press: Listing
>> Also post the UsbFix.txt (Listing Mode) report in your reply.

Note 1: If USBFix does not run in normal Windows, please run in Safe Mode:
Restart your computer.
When the computer starts, tap the F8 key on the keyboard repeatedly until presented with the Advanced Boot Options menu
Using the arrow keys, select: Safe Mode
Press the Enter key on your keyboard to boot into the selected mode.

Note 2: If your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program:
Info - http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
When done with USBFix, re-enable your AV!

:step5: Last, please download the Farbar Recovery Scan Tool
Download: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to the disclaimer.

Press the Scan button.

The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
>> Also post the Addition.txt in your reply.

Old duck...


#3 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 07:32 AM

OK friend... I'm done scanning, and reports are ready to be posted :)

I just got a question, Do I need to re-install windows..?

I'll post the 4 log files respectively now .


Edited by Hisham85, 13 November 2013 - 07:32 AM.


#4 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 07:38 AM

- [scan 1] -

 

############################## | UsbFix V 7.150 | [Research]
 
User: Hisham (Administrator) # HISHAM-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 14:13:45 | 13/11/2013
 
 
PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz
RAM -> [Total : 4094 | Free : 2370]
Bios: Award Software International, Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 21.0
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [(!) Disabled]
 
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (16 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 127 Gb (86 Mb free - 68%) [Multimedia] # NTFS
E:\ -> Fixed drive # 122 Gb (36 Mb free - 29%) [Software] # NTFS
F:\ -> Fixed drive # 168 Gb (57 Mb free - 34%) [Games] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Removable drive # 4 Gb (3 Mb free - 85%) [HISHAM] # FAT32
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 392)
C:\Windows\system32\csrss.exe (ID: 480 |ParentID: 472)
C:\Windows\system32\wininit.exe (ID: 488 |ParentID: 392)
C:\Windows\system32\services.exe (ID: 532 |ParentID: 488)
C:\Windows\system32\winlogon.exe (ID: 564 |ParentID: 472)
C:\Windows\system32\lsass.exe (ID: 576 |ParentID: 488)
C:\Windows\system32\lsm.exe (ID: 592 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 700 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 780 |ParentID: 532)
C:\Windows\system32\atiesrxx.exe (ID: 868 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 916 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 948 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 972 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 996 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 688 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1072 |ParentID: 532)
C:\Windows\system32\atieclxx.exe (ID: 1160 |ParentID: 868)
C:\Windows\System32\spoolsv.exe (ID: 1228 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1356 |ParentID: 532)
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (ID: 1400 |ParentID: 532)
C:\Windows\system32\taskhost.exe (ID: 1508 |ParentID: 532)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 1596 |ParentID: 1516)
C:\Windows\system32\Dwm.exe (ID: 1724 |ParentID: 948)
C:\Windows\Explorer.EXE (ID: 1752 |ParentID: 1716)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1896 |ParentID: 1752)
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID: 1904 |ParentID: 1516)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 2036 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1176 |ParentID: 532)
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (ID: 1492 |ParentID: 532)
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (ID: 1640 |ParentID: 532)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (ID: 2080 |ParentID: 532)
C:\Windows\System32\wscript.exe (ID: 2136 |ParentID: 1752)
C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (ID: 2612 |ParentID: 1640)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 2808 |ParentID: 2172)
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (ID: 3068 |ParentID: 2080)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2380 |ParentID: 700)
C:\Windows\system32\svchost.exe (ID: 3396 |ParentID: 532)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4516 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 4768 |ParentID: 532)
C:\Windows\system32\ping.exe (ID: 1212 |ParentID: 1752)
C:\Windows\system32\conhost.exe (ID: 3520 |ParentID: 480)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3292 |ParentID: 1752)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4544 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4100 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2788 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4224 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4912 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3916 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4524 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2144 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4384 |ParentID: 3292)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4200 |ParentID: 3292)
C:\Windows\System32\WUDFHost.exe (ID: 4600 |ParentID: 948)
C:\Windows\system32\taskeng.exe (ID: 4292 |ParentID: 996)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 4652 |ParentID: 700)
C:\UsbFix\Go.exe (ID: 2784 |ParentID: 1484)
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID: 988 |ParentID: 2808)
C:\Windows\System32\svchost.exe (ID: 4372 |ParentID: 532)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver                                                                                                                                                                                     
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [99] - wscript.exe //B "C:\Users\Hisham\AppData\Roaming\99.vbs"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! C:\Users\Hisham\AppData\Roaming\99.vbs
Found ! C:\Users\Hisham\AppData\Roaming\downloader08.exe
Found ! C:\Users\Hisham\AppData\Roaming\Downloador.exe
Found ! C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs
Found ! J:\99.vbs
Found ! J:\Subway.lnk
Found ! J:\PhysX_9.10.0513_SystemSoftware.exe
Found ! J:\SlimDX Runtime for .lnk
Found ! J:\Ageia.lnk
Found ! J:\zire agia pc games.lnk
Found ! J:\PhysX_9.lnk
Found ! J:\game booster.lnk
Found ! J:\Fortune1.lnk
Found ! J:\MyEgY.lnk
Found ! J:\Controller.lnk
Found ! C:\Users\Hisham\AppData\Roaming\Microsoft.exe.tmp
Found ! C:\Delme.bat
 
################## | Reference of comparison MD5 |
 
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\99.vbs
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> J:\99.vbs
 
################## | Comparison MD5 |
 
Found ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\99.vbs
Found ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs
Found ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\TuneUp Software\TU2013\StartUp Manager\Disabled objects\99.vbs
Found ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> J:\99.vbs
 
################## | Registry |
 
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorUser -> 0
Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
Found ! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
Found ! HKU\S-1-5-21-1847464056-575116162-152537662-1000\Software\Microsoft\Windows\CurrentVersion\Run|99
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|99
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

- [Listing 1 ] -

 

############################## | UsbFix V 7.150 | [Listing]
 
User: Hisham (Administrator) # HISHAM-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 14:23:04 | 13/11/2013
 
 
PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz
RAM -> [Total : 4094 | Free : 2755]
Bios: Award Software International, Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 21.0
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [(!) Disabled]
 
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (16 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 127 Gb (86 Mb free - 68%) [Multimedia] # NTFS
E:\ -> Fixed drive # 122 Gb (36 Mb free - 29%) [Software] # NTFS
F:\ -> Fixed drive # 168 Gb (57 Mb free - 34%) [Games] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Removable drive # 4 Gb (3 Mb free - 85%) [HISHAM] # FAT32
 
################## | Listing |
 
[21/04/2013 - 01:37:50 | HD ] C:\$AVG
[20/04/2013 - 20:31:45 | SHD ] C:\$Recycle.Bin
[20/04/2013 - 20:31:30 | RSH | 358056] C:\BJLGV
[25/09/2013 - 14:20:38 | SHD ] C:\Boot
[21/11/2010 - 05:23:51 | RASH | 383786] C:\bootmgr
[21/04/2013 - 06:20:18 | RASH | 8192] C:\BOOTSECT.BAK
[02/11/2013 - 18:20:14 | A | 123] C:\Delme.bat
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[06/09/2013 - 18:39:31 | SHD ] C:\found.000
[30/08/2013 - 23:07:27 | D ] C:\games
[02/11/2013 - 18:44:03 | D ] C:\Mazinger
[21/04/2013 - 22:07:43 | RHD ] C:\MSOCache
[13/11/2013 - 12:31:40 | ASH | 4293386240] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[23/09/2013 - 15:21:22 | D ] C:\Program Files
[10/11/2013 - 16:43:09 | RD ] C:\Program Files (x86)
[07/11/2013 - 11:35:24 | HD ] C:\ProgramData
[09/11/2013 - 14:25:36 | SHD ] C:\System Volume Information
[13/11/2013 - 14:23:05 | D ] C:\UsbFix
[13/11/2013 - 14:23:10 | A | 2340] C:\UsbFix [Listing 1 ] HISHAM-PC.txt
[13/11/2013 - 14:20:45 | A | 9004] C:\UsbFix [Scan 1] HISHAM-PC.txt
[20/04/2013 - 20:31:36 | RD ] C:\Users
[02/11/2013 - 18:44:03 | D ] C:\Windows
[20/04/2013 - 20:31:45 | SHD ] D:\$RECYCLE.BIN
[23/08/2013 - 17:21:59 | D ] D:\Cartoon
[21/04/2013 - 20:16:38 | RD ] D:\Islamic
[22/10/2013 - 19:27:56 | D ] D:\Mazinger Z
[09/10/2013 - 06:43:20 | RD ] D:\movIEs
[21/04/2013 - 20:32:05 | SD ] D:\Mp3
[18/05/2013 - 18:56:36 | D ] D:\MPEG
[26/04/2013 - 18:25:49 | RD ] D:\Pictures
[05/11/2013 - 19:59:38 | D ] D:\R4BIA
[20/04/2013 - 16:38:45 | SHD ] D:\RECYCLER
[20/04/2013 - 15:55:50 | SHD ] D:\System Volume Information
[19/08/2013 - 02:54:26 | D ] D:\Video$
[15/09/2013 - 15:52:04 | A | 299] D:\الجزيرة الرياضية 2+.html
[24/09/2013 - 15:10:55 | D ] D:\فرح وليد
[02/05/2013 - 18:09:49 | D ] D:\مسلسلات
[02/05/2013 - 17:26:06 | HD ] E:\$AVG
[20/04/2013 - 20:31:45 | SHD ] E:\$RECYCLE.BIN
[19/09/2013 - 23:38:59 | D ] E:\Alternative stuff
[12/11/2013 - 20:04:05 | D ] E:\Antivirus
[31/10/2013 - 21:08:40 | RD ] E:\Dropbox
[09/11/2013 - 21:46:44 | D ] E:\Internet
[16/05/2013 - 15:03:36 | D ] E:\Multimedia
[20/04/2013 - 16:38:45 | SHD ] E:\RECYCLER
[10/11/2013 - 22:26:37 | D ] E:\Software
[10/11/2013 - 16:37:28 | D ] E:\Sources
[20/04/2013 - 15:55:40 | SHD ] E:\System Volume Information
[28/08/2013 - 19:24:21 | HD ] F:\$AVG
[20/04/2013 - 20:31:45 | SHD ] F:\$RECYCLE.BIN
[27/09/2013 - 18:09:49 | RD ] F:\City Car Driving
[09/10/2013 - 17:18:50 | RD ] F:\Crysis 2
[09/10/2013 - 19:35:16 | RD ] F:\Far Cry 3
[30/09/2013 - 17:05:09 | D ] F:\FIFA
[30/09/2013 - 17:57:06 | RD ] F:\FIFA 13
[19/10/2013 - 20:31:19 | RD ] F:\FIFA 14
[23/04/2013 - 21:48:04 | RD ] F:\GTA II
[08/10/2013 - 05:40:25 | RD ] F:\GTA San Andreas
[19/09/2013 - 17:14:58 | RD ] F:\Infernal
[08/11/2013 - 13:58:41 | RD ] F:\Just Cause 2
[30/09/2013 - 16:50:17 | HD ] F:\msdownld.tmp
[29/10/2013 - 19:39:58 | RD ] F:\Need For Speed Shift
[05/10/2013 - 18:58:32 | RD ] F:\Need for Speed™ ProStreet
[15/10/2013 - 20:43:50 | D ] F:\OMAR  AND  SPIDERMAN  and    videos
[01/11/2013 - 12:16:06 | RD ] F:\Prince Of Persia - The Sands Of Time
[19/10/2013 - 13:09:55 | RD ] F:\Pro Evolution Soccer 2013
[25/10/2013 - 02:12:55 | RD ] F:\Pro Evolution Soccer 2014
[20/04/2013 - 16:38:45 | SHD ] F:\RECYCLER
[05/11/2013 - 20:13:14 | RD ] F:\small games
[08/10/2013 - 20:00:52 | RD ] F:\Spiderman 3
[02/05/2013 - 18:22:34 | RD ] F:\Stronghold Legends
[20/04/2013 - 15:55:29 | SHD ] F:\System Volume Information
[27/09/2013 - 16:38:06 | SH | 208666624] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part1.rar
[13/11/2013 - 14:15:46 | A | 0] J:\ASD.lnk
[27/09/2013 - 17:39:24 | SH | 208666624] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part2.rar
[27/09/2013 - 18:08:08 | SH | 32603509] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part3.rar
[23/09/2013 - 21:54:24 | SHD ] J:\Subway
[13/11/2013 - 14:15:34 | A | 660] J:\Subway.lnk
[26/12/2011 - 17:23:08 | SH | 10584064] J:\SlimDX Runtime for .NET 2.0 (September 2011).msi
[29/05/2011 - 07:07:10 | SH | 22403722] J:\Ageia.physX.perfect.rar
[26/10/2010 - 00:03:48 | SH | 34573017] J:\zire agia pc games.rar
[29/05/2011 - 05:26:44 | SH | 34013024] J:\PhysX_9.10.0513_SystemSoftware.exe
[13/11/2013 - 14:15:32 | A | 1534] J:\SlimDX Runtime for .lnk
[13/11/2013 - 14:15:32 | A | 1466] J:\Ageia.lnk
[13/11/2013 - 14:15:32 | A | 1476] J:\zire agia pc games.lnk
[13/11/2013 - 14:15:32 | A | 706] J:\PhysX_9.lnk
[22/09/2013 - 22:56:30 | SHD ] J:\game booster
[13/11/2013 - 14:15:34 | A | 676] J:\game booster.lnk
[26/09/2013 - 16:56:58 | SH | 11249518] J:\Fortune1.zip
[13/11/2013 - 14:15:32 | A | 1444] J:\Fortune1.lnk
[29/09/2013 - 20:10:46 | A | 1574] J:\MyEgY.lnk
[29/09/2013 - 16:12:02 | SHD ] J:\Controller
[13/11/2013 - 14:15:34 | A | 668] J:\Controller.lnk
[20/09/2013 - 22:18:26 | SH | 239543] J:\99.vbs
 
################## | E.O.F |


#5 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 07:42 AM

----------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Hisham (administrator) on HISHAM-PC on 13-11-2013 14:25:40
Running from C:\Users\Hisham\Desktop\removin' V
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [] -  [x]
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Facebook Update] - C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-03] (Facebook Inc.)
HKCU\...\Run: [99] - C:\Users\Hisham\AppData\Roaming\99.vbs [239543 2013-09-20] ()
MountPoints2: H - H:\intro.exe
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
IMEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs ()
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x097F8424FC3DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-eg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383752332&from=amt&uid=WDCXWD5000AVVS-63M8B0_WD-WCAV9927846278462
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383752332&from=amt&uid=WDCXWD5000AVVS-63M8B0_WD-WCAV9927846278462
URLSearchHook: HKCU - (No Name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383752332&from=amt&uid=WDCXWD5000AVVS-63M8B0_WD-WCAV9927846278462
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF ProfilePath: C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default
FF user.js: detected! => C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\user.js
FF DefaultSearchEngine: qone8
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Hisham\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml
FF Extension: General Crawler - C:\Users\Hisham\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: Free Lunch Design TB  - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}
FF Extension: fhdp3 - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\fhdp3@freehdsp.tv.xpi
FF Extension: leethax - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\leethax@leethax.net.xpi
FF Extension: ptl - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\ptl@ptl.com.xpi
FF Extension: support - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\support@platinumhideip.com.xpi
FF Extension: Adblock Plus - C:\Users\Hisham\AppData\Roaming\Mozilla\Firefox\Profiles\xqow98sp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF Extension: flash-Enhancer - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hisham\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Hisham\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hisham\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Hisham\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://start.qone8.com/?type=sc&ts=1383752332&from=amt&uid=WDCXWD5000AVVS-63M8B0_WD-WCAV9927846278462
 
Chrome: 
=======
CHR HomePage: about:Tabs
CHR RestoreOnStartup: "hxxp://google.com/"
CHR DefaultSuggestURL: (Google) -       "suggest_url": "",
CHR Extension: (Sudoku) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0
CHR Extension: (TransOver) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi\0.43_0
CHR Extension: (New Tab Search) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknhaddjojgaldaffefbdhafiioikajl\0.5_0
CHR Extension: (Angry Birds) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Docs) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (TV) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0
CHR Extension: (Retro Games) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgejkohjndfiooaomnpbacoeekdonkak\2.3.1_0
CHR Extension: (Extended Protection) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0
CHR Extension: (Soccer Balls) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\chommhhlhokiamfconbioceegacbnpak\0.2_0
CHR Extension: (better Browser - for Chrome) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokcmhdapcendeddejjpicpdmngcnhca\1.6_0
CHR Extension: (General Crawler) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0
CHR Extension: (PutLocker Downloader) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\faklkmlkcleeoibffcbligohmkciloif\4.0_0
CHR Extension: (3D Bowling ) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\2.0_0
CHR Extension: (AdBlock) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0
CHR Extension: (Facebook Nanny) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpjofmdbabecniidggbbicfbcmfafmk\0.6.2_0
CHR Extension: (Air Hockey) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojagedhadegobocpaokaifiacjiolph\2.0.0_0
CHR Extension: (avast! Online Security) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Don't Starve) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0
CHR Extension: (Quran) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmggidaneooheckcalppihpgfidbpe\2_0
CHR Extension: (TelevisionFanatic) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfhkgkmljpbkafmkljgfmaokgcaiiee\5.41.2.42283_0
CHR Extension: (IDM Integration) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0
CHR Extension: (Video Downloader) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.5_0
CHR Extension: (Google Maps) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (SaveFrom.net helper lite) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl\2.20_0
CHR Extension: (Google Wallet) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (My Chrome Theme) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0
CHR Extension: (Vines Compilation ™) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\okagekjcfeellkkofaaciiceiaijicng\2.2_0
CHR Extension: (Gmail) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Instagram™) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknbmnhkoambndhpjicflfeoddkdiacp\2.0.3_0
CHR Extension: (Canvas Rider) - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Hisham\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [ehmnjgkmbpbohelngpclcdhgochdeoej] - C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx
CHR HKLM-x32\...\Chrome\Extension: [faklkmlkcleeoibffcbligohmkciloif] - C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hisham\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Hisham\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://start.qone8.com/?type=sc&ts=1383752332&from=amt&uid=WDCXWD5000AVVS-63M8B0_WD-WCAV9927846278462
 
==================== Services (Whitelisted) =================
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2401632 2012-11-29] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [76096 2013-08-08] (Baidu, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-18] (DT Soft Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-17] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U3 ab728slh; C:\Windows\System32\Drivers\ab728slh.sys [0 ] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-13 14:25 - 2013-11-13 14:25 - 00000000 ____D C:\FRST
2013-11-13 14:23 - 2013-11-13 14:23 - 00006440 _____ C:\Users\Hisham\Desktop\UsbFix [Listing 1 ] HISHAM-PC.txt
2013-11-13 14:23 - 2013-11-13 14:23 - 00006440 _____ C:\UsbFix [Listing 1 ] HISHAM-PC.txt
2013-11-13 14:21 - 2013-11-13 14:21 - 00009004 _____ C:\Users\Hisham\Desktop\UsbFix [Scan 1] HISHAM-PC.txt
2013-11-13 14:20 - 2013-11-13 14:20 - 00002120 _____ C:\Users\Hisham\Desktop\UsbFix Faire un Don.lnk
2013-11-13 14:13 - 2013-11-13 14:20 - 00009004 _____ C:\UsbFix [Scan 1] HISHAM-PC.txt
2013-11-13 14:12 - 2013-11-13 14:23 - 00000000 ____D C:\UsbFix
2013-11-12 20:06 - 2013-11-12 20:42 - 41428924 _____ C:\Users\Hisham\Desktop\Scramble Commander 1- Mission 3 - Battle - Super Robot Wars.flv
2013-11-12 00:37 - 2013-11-12 00:38 - 07801644 _____ C:\Users\Hisham\Desktop\سيسي خناس - عبدالله الشريف - Zanobya Planet.mp4
2013-11-10 17:48 - 2013-11-10 17:55 - 35519164 _____ C:\Users\Hisham\Desktop\Scramble Commander 1- Mission 1 - Battle - Super Robot Wars (Mazinger Z, Gran Mazinger).mp4
2013-11-10 16:43 - 2013-11-10 16:43 - 00000000 ____D C:\Program Files (x86)\MDF to ISO
2013-11-10 01:09 - 2013-11-10 01:13 - 22938457 _____ C:\Users\Hisham\Desktop\كمل جميلك وخد فطيرك ..جزء اول (فيديو مسخرة).mp4
2013-11-09 22:57 - 2013-11-09 22:58 - 00000000 ____D C:\Users\Hisham\Desktop\removin' V
2013-11-08 19:53 - 2013-11-08 20:00 - 40509048 _____ C:\Users\Hisham\Desktop\جو تيوب - سيسي فايتنج تيروريزم.mp4
2013-11-07 13:49 - 2013-11-07 16:39 - 04294294 _____ C:\Users\Hisham\Desktop\السيسى جزار.mp4
2013-11-07 13:44 - 2013-11-07 13:51 - 12348950 _____ C:\Users\Hisham\Desktop\هو احنا.. في سنة كام ؟؟!!.mp4
2013-11-07 12:26 - 2013-11-07 12:35 - 49495896 _____ C:\Users\Hisham\Desktop\من الثورة إلى الانقلاب - الجزء الأول - الفرعون الإله.mp4
2013-11-06 20:11 - 2013-11-10 17:54 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\ViberPC
2013-11-06 20:11 - 2013-11-06 20:11 - 00001029 _____ C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2013-11-06 20:06 - 2013-11-10 17:54 - 00000000 ____D C:\Users\Hisham\AppData\Local\Viber
2013-11-06 17:42 - 2013-11-06 17:42 - 00000000 ____D C:\Program Files (x86)\Lightspark 0.5.3-git
2013-11-06 17:41 - 2013-11-06 17:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2013-11-06 17:39 - 2013-11-06 17:47 - 00000000 ____D C:\ProgramData\eSafe
2013-11-06 00:36 - 2013-11-06 00:37 - 03032120 _____ C:\Users\Hisham\Desktop\اعلان فيلم 'طيطانيق' بطولة السيسى.!.flv
2013-11-05 20:33 - 2013-11-05 20:33 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\fltk.org
2013-11-04 20:57 - 2013-11-04 20:57 - 01104067 _____ C:\Users\Hisham\Desktop\نائب كويتي- عدلي طرطور جاي يشحت 4 مليار لتمويل انقلاب دموي.mp4
2013-11-04 19:33 - 2013-11-04 19:34 - 05438272 _____ C:\Users\Hisham\Desktop\فضيحة التليفزيون المصري أراء الشارع في محاكمة الرئيس مرسي. إنقلاب ومفيش عدل ولا قضاء 4-11-2013.mp4
2013-11-04 17:59 - 2013-11-04 18:04 - 26908886 _____ C:\Users\Hisham\Desktop\د. محمد سليم العوا يروي تفاصيل محاكمة الرئيس محمد مرسي 4-11-2013.mp4
2013-11-04 17:53 - 2013-11-04 17:58 - 25120894 _____ C:\Users\Hisham\Desktop\أنصار مرسي يحملون «العوا» على الاعناق بعد المحاكمة- الخليفة أهو.mp4
2013-11-04 00:45 - 2013-11-04 00:49 - 22921733 _____ C:\Users\Hisham\Desktop\التسريب الأصلي لجريدة الوطن ومعه نص كلام الدكتور مرسي مكتوب.mp4
2013-11-04 00:06 - 2013-11-04 00:08 - 08029026 _____ C:\Users\Hisham\Desktop\تصريحات الدكتور محمد سليم العوا على محاكمة أول رئيس مدنى فى مصر الدكتور محمد مرسى .. 3-11-2013.mp4
2013-11-03 23:41 - 2013-11-03 23:41 - 00003230 _____ C:\Windows\System32\Tasks\{204E7B07-C799-4535-A4D4-CB3CEE5766FC}
2013-11-03 20:41 - 2013-11-03 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-11-03 20:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-03 20:41 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-03 20:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-03 20:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-03 20:40 - 2013-11-03 20:41 - 00004757 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-02 23:43 - 2013-11-02 23:43 - 00002922 _____ C:\Windows\System32\Tasks\{DAFA4AE3-81D9-4BE2-A8D3-16639F19985F}
2013-11-02 23:40 - 2013-11-02 23:40 - 00002922 _____ C:\Windows\System32\Tasks\{E15CE668-F6ED-4AB9-A567-0D5E3EFB2DDE}
2013-11-02 23:35 - 2013-11-02 23:35 - 00002922 _____ C:\Windows\System32\Tasks\{B9CC8F04-475F-4D28-8B96-E38BB6557146}
2013-11-02 19:48 - 2013-11-02 19:48 - 00002922 _____ C:\Windows\System32\Tasks\{C5B32FC1-58B4-4FB6-A667-3A2EB668F2BA}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002922 _____ C:\Windows\System32\Tasks\{9C26C182-C52E-4A1B-9C0D-D6BF13CDC048}
2013-11-02 18:44 - 2013-11-02 18:44 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Misiones Mazinger Zeta
2013-11-02 18:29 - 2013-11-02 18:44 - 00000000 ____D C:\Mazinger
2013-11-02 18:20 - 2013-11-02 18:20 - 00000123 _____ C:\Delme.bat
2013-11-02 17:00 - 2013-11-02 17:16 - 82765436 _____ C:\Users\Hisham\Desktop\الحلقة الثانية باسم يوسف.mp4
2013-10-30 18:08 - 2013-10-31 21:09 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Dropbox
2013-10-29 21:40 - 2013-10-29 21:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-29 21:40 - 2013-10-29 21:40 - 00000000 ____D C:\ProgramData\EA Core
2013-10-28 15:00 - 2013-10-28 15:00 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\VBA-M
2013-10-27 19:21 - 2013-10-27 19:21 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mazinger vs. Gran Mazinger
2013-10-26 19:02 - 2013-10-26 19:07 - 00009716 _____ C:\Users\Hisham\AppData\Roaming\Downloador.exe
2013-10-25 18:36 - 2013-10-25 18:41 - 00010752 _____ C:\Users\Hisham\AppData\Roaming\downloader08.exe
2013-10-25 18:02 - 2013-10-25 18:02 - 00000000 _____ C:\Users\Hisham\AppData\Roaming\Microsoft.exe.tmp
2013-10-25 14:25 - 2013-10-25 14:25 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-23 16:02 - 2013-10-26 04:48 - 108927958 _____ C:\Users\Hisham\Desktop\كشف الخونة..حقيقة علاقة الجيش المصري بأمريكا وإسرائيل..شير on Vimeo.mp4
2013-10-20 20:53 - 2013-10-20 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-20 02:43 - 2013-10-20 02:43 - 00003102 _____ C:\Windows\System32\Tasks\{FB4BEA88-D2F7-477B-97E0-3DDAADA28371}
2013-10-20 02:43 - 2013-10-20 02:43 - 00003102 _____ C:\Windows\System32\Tasks\{92A414A1-071A-4343-9A02-7AEB9A4504F4}
2013-10-19 16:31 - 2013-10-19 16:31 - 00000675 _____ C:\Users\Hisham\Desktop\Mazinger Z - Shortcut.lnk
2013-10-19 16:25 - 2013-11-02 10:13 - 00000000 ____D C:\Users\Hisham\Documents\FIFA 14
2013-10-19 15:12 - 2013-11-13 13:08 - 00000000 ____D C:\Users\Hisham\AppData\Local\CrashDumps
2013-10-18 12:36 - 2013-10-18 12:36 - 00001934 _____ C:\ProgramData\SMRResults410.dat
2013-10-18 02:03 - 2013-10-18 02:26 - 00000000 ____D C:\Users\Hisham\AppData\Local\NPE
2013-10-18 02:03 - 2013-10-18 02:03 - 00000000 ____D C:\ProgramData\Norton
2013-10-18 02:02 - 2013-10-18 02:03 - 03053416 ____N (Symantec Corporation) C:\Users\Hisham\Desktop\NPE.exe
2013-10-16 23:19 - 2013-10-17 16:48 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\uTorrent
 
==================== One Month Modified Files and Folders =======
 
2013-11-13 14:25 - 2013-11-13 14:25 - 00000000 ____D C:\FRST
2013-11-13 14:23 - 2013-11-13 14:23 - 00006440 _____ C:\Users\Hisham\Desktop\UsbFix [Listing 1 ] HISHAM-PC.txt
2013-11-13 14:23 - 2013-11-13 14:23 - 00006440 _____ C:\UsbFix [Listing 1 ] HISHAM-PC.txt
2013-11-13 14:23 - 2013-11-13 14:12 - 00000000 ____D C:\UsbFix
2013-11-13 14:21 - 2013-11-13 14:21 - 00009004 _____ C:\Users\Hisham\Desktop\UsbFix [Scan 1] HISHAM-PC.txt
2013-11-13 14:20 - 2013-11-13 14:20 - 00002120 _____ C:\Users\Hisham\Desktop\UsbFix Faire un Don.lnk
2013-11-13 14:20 - 2013-11-13 14:13 - 00009004 _____ C:\UsbFix [Scan 1] HISHAM-PC.txt
2013-11-13 14:11 - 2013-04-24 21:43 - 00695158 _____ C:\Windows\system32\perfh00C.dat
2013-11-13 14:11 - 2013-04-24 21:43 - 00490338 _____ C:\Windows\system32\perfh001.dat
2013-11-13 14:11 - 2013-04-24 21:43 - 00394396 _____ C:\Windows\system32\perfh00D.dat
2013-11-13 14:11 - 2013-04-24 21:43 - 00135780 _____ C:\Windows\system32\perfc00C.dat
2013-11-13 14:11 - 2013-04-24 21:43 - 00099610 _____ C:\Windows\system32\perfc001.dat
2013-11-13 14:11 - 2013-04-24 21:43 - 00089470 _____ C:\Windows\system32\perfc00D.dat
2013-11-13 14:11 - 2009-07-14 07:13 - 02691086 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 14:09 - 2013-05-04 14:46 - 00000842 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 13:50 - 2013-04-21 01:05 - 00000000 ____D C:\ProgramData\MFAData
2013-11-13 13:46 - 2013-04-21 22:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 13:27 - 2013-04-20 20:31 - 01676668 _____ C:\Windows\WindowsUpdate.log
2013-11-13 13:08 - 2013-10-19 15:12 - 00000000 ____D C:\Users\Hisham\AppData\Local\CrashDumps
2013-11-13 12:39 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 12:39 - 2009-07-14 06:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 12:32 - 2013-05-04 14:46 - 00000838 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 12:31 - 2013-09-06 19:23 - 00015103 _____ C:\Windows\setupact.log
2013-11-13 12:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 00:57 - 2013-04-20 22:40 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\DMCache
2013-11-12 20:42 - 2013-11-12 20:06 - 41428924 _____ C:\Users\Hisham\Desktop\Scramble Commander 1- Mission 3 - Battle - Super Robot Wars.flv
2013-11-12 00:38 - 2013-11-12 00:37 - 07801644 _____ C:\Users\Hisham\Desktop\سيسي خناس - عبدالله الشريف - Zanobya Planet.mp4
2013-11-11 22:05 - 2013-09-09 01:25 - 00218362 _____ C:\Windows\PFRO.log
2013-11-10 17:55 - 2013-11-10 17:48 - 35519164 _____ C:\Users\Hisham\Desktop\Scramble Commander 1- Mission 1 - Battle - Super Robot Wars (Mazinger Z, Gran Mazinger).mp4
2013-11-10 17:54 - 2013-11-06 20:11 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\ViberPC
2013-11-10 17:54 - 2013-11-06 20:06 - 00000000 ____D C:\Users\Hisham\AppData\Local\Viber
2013-11-10 16:43 - 2013-11-10 16:43 - 00000000 ____D C:\Program Files (x86)\MDF to ISO
2013-11-10 01:13 - 2013-11-10 01:09 - 22938457 _____ C:\Users\Hisham\Desktop\كمل جميلك وخد فطيرك ..جزء اول (فيديو مسخرة).mp4
2013-11-10 00:38 - 2013-04-20 22:40 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\IDM
2013-11-09 22:58 - 2013-11-09 22:57 - 00000000 ____D C:\Users\Hisham\Desktop\removin' V
2013-11-09 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-09 19:03 - 2013-09-27 15:56 - 00006789 _____ C:\Users\Hisham\Desktop\dll arab commentary fifa13.txt
2013-11-08 20:00 - 2013-11-08 19:53 - 40509048 _____ C:\Users\Hisham\Desktop\جو تيوب - سيسي فايتنج تيروريزم.mp4
2013-11-08 09:57 - 2013-04-21 22:08 - 00000000 ____D C:\Users\Hisham\AppData\Local\Microsoft Help
2013-11-07 16:39 - 2013-11-07 13:49 - 04294294 _____ C:\Users\Hisham\Desktop\السيسى جزار.mp4
2013-11-07 13:51 - 2013-11-07 13:44 - 12348950 _____ C:\Users\Hisham\Desktop\هو احنا.. في سنة كام ؟؟!!.mp4
2013-11-07 12:35 - 2013-11-07 12:26 - 49495896 _____ C:\Users\Hisham\Desktop\من الثورة إلى الانقلاب - الجزء الأول - الفرعون الإله.mp4
2013-11-06 21:39 - 2013-08-24 04:44 - 00094880 _____ C:\Users\Hisham\Downloads\helper_last.crx
2013-11-06 20:11 - 2013-11-06 20:11 - 00001029 _____ C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2013-11-06 17:47 - 2013-11-06 17:39 - 00000000 ____D C:\ProgramData\eSafe
2013-11-06 17:42 - 2013-11-06 17:42 - 00000000 ____D C:\Program Files (x86)\Lightspark 0.5.3-git
2013-11-06 17:41 - 2013-11-06 17:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2013-11-06 17:38 - 2013-04-20 20:31 - 00001641 _____ C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-06 17:25 - 2013-06-18 19:38 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Mozilla
2013-11-06 00:37 - 2013-11-06 00:36 - 03032120 _____ C:\Users\Hisham\Desktop\اعلان فيلم 'طيطانيق' بطولة السيسى.!.flv
2013-11-05 20:33 - 2013-11-05 20:33 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\fltk.org
2013-11-05 11:25 - 2013-04-26 16:59 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-11-04 20:57 - 2013-11-04 20:57 - 01104067 _____ C:\Users\Hisham\Desktop\نائب كويتي- عدلي طرطور جاي يشحت 4 مليار لتمويل انقلاب دموي.mp4
2013-11-04 19:34 - 2013-11-04 19:33 - 05438272 _____ C:\Users\Hisham\Desktop\فضيحة التليفزيون المصري أراء الشارع في محاكمة الرئيس مرسي. إنقلاب ومفيش عدل ولا قضاء 4-11-2013.mp4
2013-11-04 18:04 - 2013-11-04 17:59 - 26908886 _____ C:\Users\Hisham\Desktop\د. محمد سليم العوا يروي تفاصيل محاكمة الرئيس محمد مرسي 4-11-2013.mp4
2013-11-04 17:58 - 2013-11-04 17:53 - 25120894 _____ C:\Users\Hisham\Desktop\أنصار مرسي يحملون «العوا» على الاعناق بعد المحاكمة- الخليفة أهو.mp4
2013-11-04 00:49 - 2013-11-04 00:45 - 22921733 _____ C:\Users\Hisham\Desktop\التسريب الأصلي لجريدة الوطن ومعه نص كلام الدكتور مرسي مكتوب.mp4
2013-11-04 00:08 - 2013-11-04 00:06 - 08029026 _____ C:\Users\Hisham\Desktop\تصريحات الدكتور محمد سليم العوا على محاكمة أول رئيس مدنى فى مصر الدكتور محمد مرسى .. 3-11-2013.mp4
2013-11-03 23:49 - 2013-09-13 14:08 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-03 23:41 - 2013-11-03 23:41 - 00003230 _____ C:\Windows\System32\Tasks\{204E7B07-C799-4535-A4D4-CB3CEE5766FC}
2013-11-03 20:41 - 2013-11-03 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-11-03 20:41 - 2013-11-03 20:40 - 00004757 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-03 20:41 - 2013-06-24 17:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-02 23:43 - 2013-11-02 23:43 - 00002922 _____ C:\Windows\System32\Tasks\{DAFA4AE3-81D9-4BE2-A8D3-16639F19985F}
2013-11-02 23:40 - 2013-11-02 23:40 - 00002922 _____ C:\Windows\System32\Tasks\{E15CE668-F6ED-4AB9-A567-0D5E3EFB2DDE}
2013-11-02 23:37 - 2013-09-26 16:31 - 00000038 _____ C:\Windows\Enermaz.ini
2013-11-02 23:37 - 2013-09-26 16:31 - 00000032 _____ C:\Windows\Dispositivo.ini
2013-11-02 23:37 - 2013-09-26 16:31 - 00000026 _____ C:\Windows\Mazinger.ini
2013-11-02 23:35 - 2013-11-02 23:35 - 00002922 _____ C:\Windows\System32\Tasks\{B9CC8F04-475F-4D28-8B96-E38BB6557146}
2013-11-02 19:48 - 2013-11-02 19:48 - 00002922 _____ C:\Windows\System32\Tasks\{C5B32FC1-58B4-4FB6-A667-3A2EB668F2BA}
2013-11-02 19:30 - 2013-11-02 19:30 - 00002922 _____ C:\Windows\System32\Tasks\{9C26C182-C52E-4A1B-9C0D-D6BF13CDC048}
2013-11-02 18:44 - 2013-11-02 18:44 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Misiones Mazinger Zeta
2013-11-02 18:44 - 2013-11-02 18:29 - 00000000 ____D C:\Mazinger
2013-11-02 18:20 - 2013-11-02 18:20 - 00000123 _____ C:\Delme.bat
2013-11-02 17:16 - 2013-11-02 17:00 - 82765436 _____ C:\Users\Hisham\Desktop\الحلقة الثانية باسم يوسف.mp4
2013-11-02 10:13 - 2013-10-19 16:25 - 00000000 ____D C:\Users\Hisham\Documents\FIFA 14
2013-10-31 21:09 - 2013-10-30 18:08 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Dropbox
2013-10-31 21:09 - 2013-04-20 20:31 - 00000000 ___RD C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-29 21:55 - 2013-04-21 19:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-10-29 21:40 - 2013-10-29 21:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-10-29 21:40 - 2013-10-29 21:40 - 00000000 ____D C:\ProgramData\EA Core
2013-10-29 19:03 - 2013-10-02 00:45 - 00000000 ____D C:\Users\Hisham\Documents\NFS SHIFT
2013-10-28 15:00 - 2013-10-28 15:00 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\VBA-M
2013-10-27 19:21 - 2013-10-27 19:21 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mazinger vs. Gran Mazinger
2013-10-26 19:07 - 2013-10-26 19:02 - 00009716 _____ C:\Users\Hisham\AppData\Roaming\Downloador.exe
2013-10-26 04:48 - 2013-10-23 16:02 - 108927958 _____ C:\Users\Hisham\Desktop\كشف الخونة..حقيقة علاقة الجيش المصري بأمريكا وإسرائيل..شير on Vimeo.mp4
2013-10-25 18:41 - 2013-10-25 18:36 - 00010752 _____ C:\Users\Hisham\AppData\Roaming\downloader08.exe
2013-10-25 18:02 - 2013-10-25 18:02 - 00000000 _____ C:\Users\Hisham\AppData\Roaming\Microsoft.exe.tmp
2013-10-25 14:25 - 2013-10-25 14:25 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-10-23 20:47 - 2013-10-09 19:39 - 00000000 ____D C:\Users\Hisham\Documents\Square Enix
2013-10-20 20:53 - 2013-10-20 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-20 20:53 - 2013-06-18 19:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-20 02:43 - 2013-10-20 02:43 - 00003102 _____ C:\Windows\System32\Tasks\{FB4BEA88-D2F7-477B-97E0-3DDAADA28371}
2013-10-20 02:43 - 2013-10-20 02:43 - 00003102 _____ C:\Windows\System32\Tasks\{92A414A1-071A-4343-9A02-7AEB9A4504F4}
2013-10-19 16:32 - 2013-07-02 22:32 - 00000000 ____D C:\ProgramData\Origin
2013-10-19 16:31 - 2013-10-19 16:31 - 00000675 _____ C:\Users\Hisham\Desktop\Mazinger Z - Shortcut.lnk
2013-10-19 15:43 - 2013-04-24 18:59 - 00000000 ____D C:\Users\Hisham\Documents\The KMPlayer
2013-10-18 12:36 - 2013-10-18 12:36 - 00001934 _____ C:\ProgramData\SMRResults410.dat
2013-10-18 12:36 - 2013-06-18 18:23 - 00000000 ____D C:\Program Files (x86)\PlatinumHideIP
2013-10-18 02:26 - 2013-10-18 02:03 - 00000000 ____D C:\Users\Hisham\AppData\Local\NPE
2013-10-18 02:03 - 2013-10-18 02:03 - 00000000 ____D C:\ProgramData\Norton
2013-10-18 02:03 - 2013-10-18 02:02 - 03053416 ____N (Symantec Corporation) C:\Users\Hisham\Desktop\NPE.exe
2013-10-17 20:42 - 2013-09-25 20:35 - 00000000 ____D C:\Users\Hisham\Documents\FIFA 13
2013-10-17 16:48 - 2013-10-16 23:19 - 00000000 ____D C:\Users\Hisham\AppData\Roaming\uTorrent
 
Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-12 15:30
 
==================== End Of Log ============================


#6 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 07:43 AM

----------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Hisham at 2013-11-13 14:26:49
Running from C:\Users\Hisham\Desktop\removin' V
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.6) (x32 Version: 10.1.6)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
Cheat Engine 6.3 (x32)
City Car Driving 1.2.2 (x32)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
DivX (x32 Version: 6.2.2)
DivX Converter (x32 Version: 6.1.1)
DivX Player (x32 Version: 6.2.0)
DivX Web Player (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FIFA 13 (x32 Version: 1.1.0.0)
flash-Enhancer (x32 Version: 2.1)
Game Graphic Studio (x32 Version: 7.4.0)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.21.165)
GTA2 (x32 Version: 1.00.001)
Icy Tower v1.5 (x32)
Internet Download Manager (x32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0)
Lightspark 0.5.3-git (x32 Version: 0.5.3-git)
Mazinger vs. Gran Mazinger (x32)
MDF to ISO version 1.0 (x32 Version: 1.0)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)
Misiones Mazinger Zeta Update (x32)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Need For Speed Shift (x32)
Need for Speed™ ProStreet v1.1.0.0 / RePack by Baracuda (x32)
Neighbors From Hell: On Vacation (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.10.0513)
Pandora Service (x32)
Platinum Hide IP (x32 Version: 3.2.2.8)
Pro Evolution Soccer 2014 (x32 Version: 1.01.0000)
Razer Game Booster (x32 Version: 4.0.68.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
San Andreas Mod Installer (x32 Version: 1.1)
SlimDX Redistributable for .NET 2.0 (September 2011) (x32 Version: 2.0.12.43)
Spider-Man™ - Friend or Foe Demo (x32 Version: 1.00.0000)
Subway Surfers (x32)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 6.0.8.0)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
TuneUp Utilities 2013 (x32 Version: 13.0.3000.138)
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3000.138)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
UsbFix By El Desaparecido (x32)
Viber (HKCU Version: 3.0.0.133634)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Winamp (x32 Version: 5.623 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {22E94A75-5A25-4217-A88E-DB3899BBAF0E} - System32\Tasks\{B6E52D15-E029-430D-B8B4-8BBF6B11F579} => F:\GTA II\gta2.exe [2004-04-27] (Rockstar North)
Task: {2EEF0483-F349-481D-891F-C8B11DC68CC7} - System32\Tasks\{C5B32FC1-58B4-4FB6-A667-3A2EB668F2BA} => C:\Mazinger\Mazinger Z.exe [2001-07-03] (Clickteam)
Task: {3DC17443-89C7-484D-B148-F06323A47E2A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software)
Task: {44C78B64-437A-41ED-87A7-B7783B2D32D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847464056-575116162-152537662-1000Core => C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-03] (Facebook Inc.)
Task: {4A6D513A-EFCF-4D5A-84AC-BBACD0B047F3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {65C5C4C8-F6D2-4CBA-A979-26F85CE9C9FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {679CB02E-F1F4-4F94-B0A1-41AB903A53CB} - System32\Tasks\{32C0F838-AC81-4E95-A301-5082B16EF576} => F:\GTA II\gta2.exe [2004-04-27] (Rockstar North)
Task: {6F51F853-AE45-45BE-B3AA-9FDD6D972A34} - System32\Tasks\{B9CC8F04-475F-4D28-8B96-E38BB6557146} => C:\Mazinger\Mazinger Z.exe [2001-07-03] (Clickteam)
Task: {8849EE88-B9DF-427F-9369-20A691EB7790} - System32\Tasks\{E15CE668-F6ED-4AB9-A567-0D5E3EFB2DDE} => C:\Mazinger\Mazinger Z.exe [2001-07-03] (Clickteam)
Task: {B887FFDE-9F4B-4BFF-A0DC-7174BC298AF0} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {C15AC446-2710-418A-BFAE-39015072FFF3} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {C528FDCC-779C-4839-95DE-C18CBF5D84E3} - System32\Tasks\{98848D87-4ED1-40C4-A72A-CBB3285F73D2} => F:\Pro Evolution Soccer 2013\PESEDIT.exe [2013-02-03] ()
Task: {C85F4C1E-93E7-4B5A-860E-7D0A32D351B7} - System32\Tasks\{9C26C182-C52E-4A1B-9C0D-D6BF13CDC048} => C:\Mazinger\Mazinger Z.exe [2001-07-03] (Clickteam)
Task: {CA47E6C2-3A63-4EFE-A2A2-A7ED22CD77FD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1847464056-575116162-152537662-1000UA => C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-03] (Facebook Inc.)
Task: {D148AD90-2433-4F32-899E-DECB28D76825} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {E9895F24-9405-4A54-BAD2-F280BCD20182} - System32\Tasks\{DAFA4AE3-81D9-4BE2-A8D3-16639F19985F} => C:\Mazinger\Mazinger Z.exe [2001-07-03] (Clickteam)
Task: {EB878EE3-CB5A-40DA-BC33-E23ED54C58AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04] (Google Inc.)
Task: {FE51A685-D512-4091-A88D-CE414446EEA3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {FECB2C87-B6FA-405E-AC19-544552D191FD} - System32\Tasks\{23719F57-4F1D-49E5-B12B-64C4CB266FAD} => F:\Pro Evolution Soccer 2013\PESEDIT.exe [2013-02-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847464056-575116162-152537662-1000Core.job => C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1847464056-575116162-152537662-1000UA.job => C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2013 01:26:22 PM) (Source: PandoraService.exe) (User: )
Description: Socket Error # 11001
Host not found.
 
Error: (11/13/2013 01:07:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x4270f18a
Faulting module name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x4270f18a
Exception code: 0xc0000005
Fault offset: 0x00346979
Faulting process id: 0xfe4
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3
 
Error: (11/13/2013 00:56:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (11/13/2013 00:33:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/13/2013 00:00:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2013 03:30:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (11/12/2013 03:03:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2013 03:02:36 PM) (Source: PandoraService.exe) (User: )
Description: Socket Error # 11002
 
Error: (11/11/2013 10:07:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2013 03:05:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/13/2013 02:16:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: 
%%1056
 
Error: (11/13/2013 02:16:00 PM) (Source: Service Control Manager) (User: )
Description: The PandoraService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2013 02:15:52 PM) (Source: Service Control Manager) (User: )
Description: The AVG Firewall service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The TuneUp Utilities Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 02:15:45 PM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/13/2013 01:26:28 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
 
Microsoft Office Sessions:
=========================
Error: (06/17/2013 04:54:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/17/2013 04:54:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/17/2013 04:54:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 166 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/17/2013 04:48:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 179 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 4094.49 MB
Available physical RAM: 2756.46 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 6936.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:15.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Multimedia) (Fixed) (Total:126.96 GB) (Free:86.25 GB) NTFS
Drive e: (Software) (Fixed) (Total:122.08 GB) (Free:35.86 GB) NTFS
Drive f: (Games) (Fixed) (Total:167.89 GB) (Free:57.45 GB) NTFS
Drive j: (HISHAM) (Removable) (Total:3.78 GB) (Free:3.21 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 90361F3B)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=417 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0017611B)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
==================== End Of Log ============================


#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:33 AM

Posted 13 November 2013 - 11:06 AM

No need to reinstall Windows...

 

:step1:  Please press the Windows Key and the R key at the same time for the Run prompt to appear.

In the Run prompt, type the following in the Open area, and press Enter: cmd

 

When the Command Prompt opens, copy/paste (with the mouse) the following, and press: Enter

attrib -h -s -r -a /s /d X:\*.*

(Change the drive letter X to the letter corresponding to the problem USB removable drive.)

 

:step2:    Now, please run USBFix once again

Press: Deletion

When done, the program closes on its own, and a report appears.

The report file is also found at C:\UsbFix.txt

>> Please post the UsbFix.txt (Deletion) report in your reply.

 

Note: As before, if your AntiVirus program detects USB as malware, either let the AV program allow USBFix to run, or, temporarily disable your AntiVirus program.

 

Check the USB drive and see if the shortcuts are gone.

 






 


Old duck...


#8 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 05:21 PM

############################## | UsbFix V 7.150 | [Deletion]
 
User: Hisham (Administrator) # HISHAM-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 00:15:08 | 14/11/2013
 
 
PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz
RAM -> [Total : 4094 | Free : 2747]
Bios: Award Software International, Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 21.0
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [(!) Disabled]
 
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (16 Mb free - 32%) [] # NTFS
D:\ -> Fixed drive # 127 Gb (86 Mb free - 68%) [Multimedia] # NTFS
E:\ -> Fixed drive # 122 Gb (36 Mb free - 29%) [Software] # NTFS
F:\ -> Fixed drive # 168 Gb (57 Mb free - 34%) [Games] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Removable drive # 4 Gb (3 Mb free - 85%) [HISHAM] # FAT32
 
################## | Stopped processes |
 
Stopped! C:\Windows\system32\atiesrxx.exe (ID: 852 |ParentID: 532)
Stopped! C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (ID: 1272 |ParentID: 532)
Stopped! C:\Windows\system32\atieclxx.exe (ID: 1304 |ParentID: 852)
Stopped! C:\Windows\system32\taskhost.exe (ID: 1492 |ParentID: 532)
Stopped! C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 1800 |ParentID: 532)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (ID: 1896 |ParentID: 1500)
Stopped! C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (ID: 1088 |ParentID: 532)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (ID: 1724 |ParentID: 1500)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2388 |ParentID: 1740)
Stopped! C:\Windows\System32\wscript.exe (ID: 2436 |ParentID: 1740)
Stopped! C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 2920 |ParentID: 2452)
Stopped! C:\Windows\System32\rundll32.exe (ID: 4844 |ParentID: 700)
Stopped! C:\Windows\system32\wuauclt.exe (ID: 788 |ParentID: 988)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1616 |ParentID: 532)
Stopped! C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (ID: 4788 |ParentID: 532)
Stopped! C:\Windows\explorer.exe (ID: 5016 |ParentID: 1492)
Stopped! C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (ID: 4960 |ParentID: 532)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 4736 |ParentID: 532)
Stopped! C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (ID: 2320 |ParentID: 4960)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4172 |ParentID: 5016)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4996 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2124 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4792 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2884 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2260 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3584 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4964 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3172 |ParentID: 4172)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3820 |ParentID: 4172)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver                                                                                                                                                                                     
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [99] - wscript.exe //B "C:\Users\Hisham\AppData\Roaming\99.vbs"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Deleted ! C:\Users\Hisham\AppData\Roaming\99.vbs
Deleted ! C:\Users\Hisham\AppData\Roaming\downloader08.exe
Deleted ! C:\Users\Hisham\AppData\Roaming\Downloador.exe
Deleted ! C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs
Deleted ! J:\99.vbs
Deleted ! J:\ASD.lnk
Deleted ! J:\Subway.lnk
Deleted ! J:\PhysX_9.10.0513_SystemSoftware.exe
Deleted ! J:\SlimDX Runtime for .lnk
Deleted ! J:\Ageia.lnk
Deleted ! J:\zire agia pc games.lnk
Deleted ! J:\PhysX_9.lnk
Deleted ! J:\game booster.lnk
Deleted ! J:\Fortune1.lnk
Deleted ! J:\MyEgY.lnk
Deleted ! J:\Controller.lnk
Deleted ! C:\Users\Hisham\AppData\Roaming\Microsoft.exe.tmp
Deleted ! C:\Delme.bat
 
(!) Temporary files deleted.
 
################## | Reference of comparison MD5 |
 
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\99.vbs
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\99.vbs
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> J:\99.vbs
 
################## | Comparison MD5 |
 
Deleted ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> C:\Users\Hisham\AppData\Roaming\TuneUp Software\TU2013\StartUp Manager\Disabled objects\99.vbs
 
################## | Registry |
 
Not Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorUser -> 3
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
Deleted ! HKU\S-1-5-21-1847464056-575116162-152537662-1000\Software\Microsoft\Windows\CurrentVersion\Run|99
Deleted ! HKU\S-1-5-21-1847464056-575116162-152537662-1000\Software\.\.\.\.\Mountpoints2\H
 
################## | Listing |
 
[21/04/2013 - 01:37:50 | D ] C:\$AVG
[20/04/2013 - 20:31:45 | SHD ] C:\$Recycle.Bin
[20/04/2013 - 20:31:30 |  | 358056] C:\BJLGV
[25/09/2013 - 14:20:38 | SHD ] C:\Boot
[21/11/2010 - 05:23:51 | RASH | 383786] C:\bootmgr
[21/04/2013 - 06:20:18 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[06/09/2013 - 18:39:31 | D ] C:\found.000
[13/11/2013 - 14:25:15 | D ] C:\FRST
[30/08/2013 - 23:07:27 | D ] C:\games
[02/11/2013 - 18:44:03 | D ] C:\Mazinger
[21/04/2013 - 22:07:43 | RHD ] C:\MSOCache
[13/11/2013 - 22:29:57 | ASH | 4293386240] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[23/09/2013 - 15:21:22 | D ] C:\Program Files
[10/11/2013 - 16:43:09 | D ] C:\Program Files (x86)
[07/11/2013 - 11:35:24 | HD ] C:\ProgramData
[09/11/2013 - 14:25:36 | SHD ] C:\System Volume Information
[14/11/2013 - 00:19:08 | D ] C:\UsbFix
[14/11/2013 - 00:19:11 | A | 8035] C:\UsbFix [Clean 1] HISHAM-PC.txt
[13/11/2013 - 14:23:10 | N | 6440] C:\UsbFix [Listing 1 ] HISHAM-PC.txt
[13/11/2013 - 14:20:45 | N | 9004] C:\UsbFix [Scan 1] HISHAM-PC.txt
[20/04/2013 - 20:31:36 | RD ] C:\Users
[13/11/2013 - 14:26:55 | D ] C:\Windows
[20/04/2013 - 20:31:45 | SHD ] D:\$RECYCLE.BIN
[23/08/2013 - 17:21:59 | D ] D:\Cartoon
[21/04/2013 - 20:16:38 | D ] D:\Islamic
[22/10/2013 - 19:27:56 | D ] D:\Mazinger Z
[09/10/2013 - 06:43:20 | D ] D:\movIEs
[21/04/2013 - 20:32:05 | D ] D:\Mp3
[18/05/2013 - 18:56:36 | D ] D:\MPEG
[26/04/2013 - 18:25:49 | D ] D:\Pictures
[05/11/2013 - 19:59:38 | D ] D:\R4BIA
[20/04/2013 - 16:38:45 | SHD ] D:\RECYCLER
[20/04/2013 - 15:55:50 | SHD ] D:\System Volume Information
[19/08/2013 - 02:54:26 | D ] D:\Video$
[15/09/2013 - 15:52:04 | N | 299] D:\الجزيرة الرياضية 2+.html
[24/09/2013 - 15:10:55 | D ] D:\فرح وليد
[02/05/2013 - 18:09:49 | D ] D:\مسلسلات
[02/05/2013 - 17:26:06 | D ] E:\$AVG
[20/04/2013 - 20:31:45 | SHD ] E:\$RECYCLE.BIN
[19/09/2013 - 23:38:59 | D ] E:\Alternative stuff
[12/11/2013 - 20:04:05 | D ] E:\Antivirus
[31/10/2013 - 21:08:40 | D ] E:\Dropbox
[09/11/2013 - 21:46:44 | D ] E:\Internet
[16/05/2013 - 15:03:36 | D ] E:\Multimedia
[20/04/2013 - 16:38:45 | SHD ] E:\RECYCLER
[10/11/2013 - 22:26:37 | D ] E:\Software
[10/11/2013 - 16:37:28 | D ] E:\Sources
[20/04/2013 - 15:55:40 | SHD ] E:\System Volume Information
[28/08/2013 - 19:24:21 | D ] F:\$AVG
[20/04/2013 - 20:31:45 | SHD ] F:\$RECYCLE.BIN
[27/09/2013 - 18:09:49 | D ] F:\City Car Driving
[09/10/2013 - 17:18:50 | D ] F:\Crysis 2
[09/10/2013 - 19:35:16 | D ] F:\Far Cry 3
[30/09/2013 - 17:05:09 | D ] F:\FIFA
[30/09/2013 - 17:57:06 | D ] F:\FIFA 13
[19/10/2013 - 20:31:19 | D ] F:\FIFA 14
[23/04/2013 - 21:48:04 | D ] F:\GTA II
[08/10/2013 - 05:40:25 | D ] F:\GTA San Andreas
[19/09/2013 - 17:14:58 | D ] F:\Infernal
[08/11/2013 - 13:58:41 | D ] F:\Just Cause 2
[30/09/2013 - 16:50:17 | D ] F:\msdownld.tmp
[13/11/2013 - 21:37:20 | D ] F:\Need For Speed Shift
[05/10/2013 - 18:58:32 | D ] F:\Need for Speed™ ProStreet
[15/10/2013 - 20:43:50 | D ] F:\OMAR  AND  SPIDERMAN  and    videos
[01/11/2013 - 12:16:06 | D ] F:\Prince Of Persia - The Sands Of Time
[19/10/2013 - 13:09:55 | D ] F:\Pro Evolution Soccer 2013
[25/10/2013 - 02:12:55 | D ] F:\Pro Evolution Soccer 2014
[20/04/2013 - 16:38:45 | SHD ] F:\RECYCLER
[05/11/2013 - 20:13:14 | D ] F:\small games
[08/10/2013 - 20:00:52 | D ] F:\Spiderman 3
[02/05/2013 - 18:22:34 | D ] F:\Stronghold Legends
[20/04/2013 - 15:55:29 | SHD ] F:\System Volume Information
[27/09/2013 - 16:38:06 | N | 208666624] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part1.rar
[27/09/2013 - 17:39:24 | N | 208666624] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part2.rar
[27/09/2013 - 18:08:08 | N | 32603509] J:\ASD.Arabic.Cammentary.And.Menu.For.Fifa13.By.AhmedTiger.part3.rar
[23/09/2013 - 21:54:24 | D ] J:\Subway
[26/12/2011 - 17:23:08 | N | 10584064] J:\SlimDX Runtime for .NET 2.0 (September 2011).msi
[29/05/2011 - 07:07:10 | N | 22403722] J:\Ageia.physX.perfect.rar
[26/10/2010 - 00:03:48 | N | 34573017] J:\zire agia pc games.rar
[22/09/2013 - 22:56:30 | D ] J:\game booster
[26/09/2013 - 16:56:58 | N | 11249518] J:\Fortune1.zip
[29/09/2013 - 16:12:02 | D ] J:\Controller
 
################## | Vaccin |
 
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |


#9 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 13 November 2013 - 05:24 PM

OK Mr Aaflac, all shortcuts are disappeared from USB drive :flowers:

just a hidden folder named "autorun" appeared.. im ready for the next awesome step  :warrior:



#10 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 14 November 2013 - 07:22 AM

there's another USB drive infected, but its not with me right now.. i'll try to get it as soon as possible



#11 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 14 November 2013 - 06:15 PM

Helloo :(



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:33 AM

Posted 14 November 2013 - 09:26 PM

My apology for the delay. Got me a case of shingles.  :(

 

At this point, please get the other USB drive, run USBFix with it connected, and use the Research, and then the Listing options as before.

 

Then, post the results of each option.


Old duck...


#13 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 15 November 2013 - 08:55 AM

wish you speed recovery, friend

im gonna post them now



#14 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 15 November 2013 - 08:58 AM

here's the Research log

 

############################## | UsbFix V 7.150 | [Research]
 
User: Hisham (Administrator) # HISHAM-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 17:23:01 | 15/11/2013
 
 
PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz
RAM -> [Total : 4094 | Free : 2714]
Bios: Award Software International, Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 21.0
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [(!) Disabled]
 
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (11 Mb free - 23%) [] # NTFS
D:\ -> Fixed drive # 127 Gb (86 Mb free - 68%) [Multimedia] # NTFS
E:\ -> Fixed drive # 122 Gb (31 Mb free - 25%) [Software] # NTFS
F:\ -> Fixed drive # 168 Gb (57 Mb free - 34%) [Games] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Removable drive # 2 Gb (114 Mb free - 6%) [RORA] # FAT32
 
################## | Active Processes |
 
C:\Windows\system32\csrss.exe (ID: 400 |ParentID: 392)
C:\Windows\system32\csrss.exe (ID: 480 |ParentID: 472)
C:\Windows\system32\wininit.exe (ID: 488 |ParentID: 392)
C:\Windows\system32\services.exe (ID: 532 |ParentID: 488)
C:\Windows\system32\winlogon.exe (ID: 564 |ParentID: 472)
C:\Windows\system32\lsass.exe (ID: 576 |ParentID: 488)
C:\Windows\system32\lsm.exe (ID: 584 |ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 700 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 776 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 904 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 936 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 960 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 984 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 416 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 664 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 532)
C:\Windows\system32\Dwm.exe (ID: 1664 |ParentID: 936)
C:\Windows\system32\svchost.exe (ID: 1888 |ParentID: 532)
C:\Windows\system32\svchost.exe (ID: 3076 |ParentID: 532)
C:\Windows\System32\svchost.exe (ID: 3536 |ParentID: 532)
C:\Windows\explorer.exe (ID: 3864 |ParentID: 564)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 5972 |ParentID: 532)
C:\Windows\System32\rundll32.exe (ID: 5772 |ParentID: 700)
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (ID: 3400 |ParentID: 532)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3172 |ParentID: 532)
C:\Windows\system32\wuauclt.exe (ID: 5340 |ParentID: 984)
C:\Windows\System32\spoolsv.exe (ID: 3316 |ParentID: 532)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 5776 |ParentID: 3864)
C:\Windows\system32\DllHost.exe (ID: 1180 |ParentID: 700)
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (ID: 4832 |ParentID: 5776)
C:\Windows\system32\ping.exe (ID: 736 |ParentID: 3864)
C:\Windows\system32\conhost.exe (ID: 2880 |ParentID: 480)
C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ID: 4388 |ParentID: 3864)
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (ID: 4384 |ParentID: 4388)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2632 |ParentID: 3864)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1356 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4868 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3728 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4664 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1612 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5252 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5640 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 856 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2340 |ParentID: 2632)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5396 |ParentID: 2632)
C:\Windows\System32\WUDFHost.exe (ID: 5180 |ParentID: 936)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3460 |ParentID: 700)
C:\UsbFix\Go.exe (ID: 4352 |ParentID: 6108)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1840 |ParentID: 700)
C:\Windows\System32\svchost.exe (ID: 860 |ParentID: 532)
 
################## | Regedit Run |
 
04 - HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\SOFTWARE | RunOnce : [] - 
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-1847464056-575116162-152537662-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\Hisham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver                                                                                                                                                                                     
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
 
################## | Generic Research |
 
Found ! J:\MyEgY.lnk
Found ! J:\7fla.lnk
Found ! J:\Subway.lnk
Found ! J:\A Fistful of Dollars فيلم حفنة دولارات مترجم.lnk
Found ! J:\__online (1).lnk
Found ! J:\1-حالة الحاسة السادسة.lnk
Found ! J:\3-حالة مستحيلة.lnk
Found ! J:\006-فوبيا.lnk
Found ! J:\453-يغزو أحلامي -روايات أحلام.lnk
Found ! J:\Ameera 6th ol.lnk
Found ! J:\Case_Of_Adib_Wife.lnk
Found ! J:\liilas_4cffd1bbe4.lnk
Found ! J:\liilasup3_c4cea3a47f.lnk
Found ! J:\REHAM.lnk
Found ! J:\Reham 4th.lnk
Found ! J:\Reham-quiz.lnk
Found ! J:\RORA 6th.lnk
Found ! J:\answers 4.lnk
Found ! J:\رواية السنجة - د.lnk
Found ! J:\99.vbs
 
################## | Reference of comparison MD5 |
 
Md5 : 843952AFEEB99F4D433759DFB3E350AF -> J:\99.vbs
 
################## | Comparison MD5 |
 
Found ! Md5 : 843952AFEEB99F4D433759DFB3E350AF -> J:\99.vbs
 
################## | Registry |
 
 
################## | Vaccin |
 
(!) This computer is not vaccinated!
 
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
 

Edited by Hisham85, 15 November 2013 - 10:30 AM.


#15 Hisham85

Hisham85
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 15 November 2013 - 09:00 AM

and here's the Listing log

 

############################## | UsbFix V 7.150 | [Listing]
 
User: Hisham (Administrator) # HISHAM-PC
Updated 08/11/2013 by El Desaparecido - Team SosVirus
Started at 17:30:58 | 15/11/2013
 
 
PC: Gigabyte Technology Co., Ltd. (G41M-ES2L)
CPU: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz
RAM -> [Total : 4094 | Free : 2483]
Bios: Award Software International, Inc.
Boot: Normal boot
 
OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16618
WB: Google Chrome : 30.0.1599.101
WB: Mozilla Firefox : 21.0
 
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG Internet Security 2013 [Enabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [(!) Disabled]
 
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (11 Mb free - 23%) [] # NTFS
D:\ -> Fixed drive # 127 Gb (86 Mb free - 68%) [Multimedia] # NTFS
E:\ -> Fixed drive # 122 Gb (31 Mb free - 25%) [Software] # NTFS
F:\ -> Fixed drive # 168 Gb (57 Mb free - 34%) [Games] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Removable drive # 2 Gb (114 Mb free - 6%) [RORA] # FAT32
 
################## | Listing |
 
[21/04/2013 - 01:37:50 | D ] C:\$AVG
[20/04/2013 - 20:31:45 | SHD ] C:\$Recycle.Bin
[20/04/2013 - 20:31:30 |  | 358056] C:\BJLGV
[25/09/2013 - 14:20:38 | SHD ] C:\Boot
[21/11/2010 - 05:23:51 | RASH | 383786] C:\bootmgr
[21/04/2013 - 06:20:18 | RASH | 8192] C:\BOOTSECT.BAK
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[06/09/2013 - 18:39:31 | D ] C:\found.000
[13/11/2013 - 14:25:15 | D ] C:\FRST
[30/08/2013 - 23:07:27 | D ] C:\games
[02/11/2013 - 18:44:03 | D ] C:\Mazinger
[21/04/2013 - 22:07:43 | RHD ] C:\MSOCache
[15/11/2013 - 08:34:55 | ASH | 4293386240] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[23/09/2013 - 15:21:22 | D ] C:\Program Files
[10/11/2013 - 16:43:09 | D ] C:\Program Files (x86)
[07/11/2013 - 11:35:24 | HD ] C:\ProgramData
[09/11/2013 - 14:25:36 | SHD ] C:\System Volume Information
[15/11/2013 - 17:31:00 | D ] C:\UsbFix
[14/11/2013 - 00:19:14 | A | 11650] C:\UsbFix [Clean 1] HISHAM-PC.txt
[13/11/2013 - 14:23:10 | N | 6440] C:\UsbFix [Listing 1 ] HISHAM-PC.txt
[15/11/2013 - 15:58:31 | A | 6778] C:\UsbFix [Listing 2 ] HISHAM-PC.txt
[15/11/2013 - 17:31:04 | A | 2542] C:\UsbFix [Listing 3 ] HISHAM-PC.txt
[13/11/2013 - 14:20:45 | N | 9004] C:\UsbFix [Scan 1] HISHAM-PC.txt
[15/11/2013 - 15:56:54 | A | 7193] C:\UsbFix [Scan 2] HISHAM-PC.txt
[15/11/2013 - 17:29:16 | A | 7074] C:\UsbFix [Scan 3] HISHAM-PC.txt
[20/04/2013 - 20:31:36 | RD ] C:\Users
[13/11/2013 - 14:26:55 | D ] C:\Windows
[20/04/2013 - 20:31:45 | SHD ] D:\$RECYCLE.BIN
[23/08/2013 - 17:21:59 | D ] D:\Cartoon
[21/04/2013 - 20:16:38 | D ] D:\Islamic
[22/10/2013 - 19:27:56 | D ] D:\Mazinger Z
[09/10/2013 - 06:43:20 | D ] D:\movIEs
[21/04/2013 - 20:32:05 | D ] D:\Mp3
[18/05/2013 - 18:56:36 | D ] D:\MPEG
[26/04/2013 - 18:25:49 | D ] D:\Pictures
[05/11/2013 - 19:59:38 | D ] D:\R4BIA
[20/04/2013 - 16:38:45 | SHD ] D:\RECYCLER
[20/04/2013 - 15:55:50 | SHD ] D:\System Volume Information
[19/08/2013 - 02:54:26 | D ] D:\Video$
[15/09/2013 - 15:52:04 | N | 299] D:\الجزيرة الرياضية 2+.html
[24/09/2013 - 15:10:55 | D ] D:\فرح وليد
[02/05/2013 - 18:09:49 | D ] D:\مسلسلات
[02/05/2013 - 17:26:06 | D ] E:\$AVG
[20/04/2013 - 20:31:45 | SHD ] E:\$RECYCLE.BIN
[19/09/2013 - 23:38:59 | D ] E:\Alternative stuff
[12/11/2013 - 20:04:05 | D ] E:\Antivirus
[31/10/2013 - 21:08:40 | D ] E:\Dropbox
[09/11/2013 - 21:46:44 | D ] E:\Internet
[16/05/2013 - 15:03:36 | D ] E:\Multimedia
[20/04/2013 - 16:38:45 | SHD ] E:\RECYCLER
[10/11/2013 - 22:26:37 | D ] E:\Software
[14/11/2013 - 14:35:06 | D ] E:\Sources
[20/04/2013 - 15:55:40 | SHD ] E:\System Volume Information
[28/08/2013 - 19:24:21 | D ] F:\$AVG
[20/04/2013 - 20:31:45 | SHD ] F:\$RECYCLE.BIN
[27/09/2013 - 18:09:49 | D ] F:\City Car Driving
[09/10/2013 - 17:18:50 | D ] F:\Crysis 2
[09/10/2013 - 19:35:16 | D ] F:\Far Cry 3
[30/09/2013 - 17:05:09 | D ] F:\FIFA
[30/09/2013 - 17:57:06 | D ] F:\FIFA 13
[19/10/2013 - 20:31:19 | D ] F:\FIFA 14
[23/04/2013 - 21:48:04 | D ] F:\GTA II
[08/10/2013 - 05:40:25 | D ] F:\GTA San Andreas
[19/09/2013 - 17:14:58 | D ] F:\Infernal
[08/11/2013 - 13:58:41 | D ] F:\Just Cause 2
[30/09/2013 - 16:50:17 | D ] F:\msdownld.tmp
[13/11/2013 - 21:37:20 | D ] F:\Need For Speed Shift
[05/10/2013 - 18:58:32 | D ] F:\Need for Speed™ ProStreet
[15/10/2013 - 20:43:50 | D ] F:\OMAR  AND  SPIDERMAN  and    videos
[01/11/2013 - 12:16:06 | D ] F:\Prince Of Persia - The Sands Of Time
[19/10/2013 - 13:09:55 | D ] F:\Pro Evolution Soccer 2013
[25/10/2013 - 02:12:55 | D ] F:\Pro Evolution Soccer 2014
[20/04/2013 - 16:38:45 | SHD ] F:\RECYCLER
[05/11/2013 - 20:13:14 | D ] F:\small games
[08/10/2013 - 20:00:52 | D ] F:\Spiderman 3
[02/05/2013 - 18:22:34 | D ] F:\Stronghold Legends
[20/04/2013 - 15:55:29 | SHD ] F:\System Volume Information
[17/05/2004 - 18:18:42 | R | 60] H:\SYSTEM.CNF
[17/05/2004 - 18:18:42 | R | 6039564] H:\SLUS_207.76
[12/04/2004 - 21:33:30 | R | 275345] H:\IOPRP300.IMG
[17/05/2004 - 18:18:42 | R | 57] H:\GAME.INI
[12/04/2004 - 21:35:30 | R | 9161] H:\SDRDRV.IRX
[12/04/2004 - 21:33:58 | R | 28661] H:\LIBSD.IRX
[12/04/2004 - 21:34:19 | R | 95909] H:\MCMAN.IRX
[12/04/2004 - 21:34:19 | R | 7417] H:\MCSERV.IRX
[12/04/2004 - 21:35:30 | R | 44869] H:\PADMAN.IRX
[08/05/2004 - 20:28:00 | R | 25984] H:\LIQUID_F.IRX
[12/04/2004 - 21:35:30 | R | 6641] H:\SIO2MAN.IRX
[17/05/2004 - 18:22:08 | R | 2436541506] H:\DUMMY.DAT
[09/05/2004 - 09:58:52 | R | 1041152000] H:\SOUNDS.PAK
[06/05/2004 - 01:38:49 | R | 413667328] H:\MOVIES.PAK
[17/05/2004 - 18:03:24 | R | 236011520] H:\AMALGA.PAK
[18/10/2013 - 02:03:34 | A | 1586] J:\MyEgY.lnk
[18/10/2013 - 02:03:34 | A | 722] J:\7fla.lnk
[15/06/2012 - 21:39:14 | SH | 14718466] J:\__online (1).pdf
[15/06/2012 - 21:20:42 | SH | 9870430] J:\1-حالة الحاسة السادسة.pdf
[15/06/2012 - 21:39:16 | SH | 18155683] J:\3-حالة مستحيلة.pdf
[15/06/2012 - 23:05:06 | SH | 12892518] J:\006-فوبيا.pdf
[15/06/2012 - 22:25:12 | SH | 6671959] J:\453-يغزو أحلامي -روايات أحلام.pdf
[13/03/2012 - 10:39:02 | SH | 818688] J:\Ameera 6th ol.doc
[15/06/2012 - 21:38:18 | SH | 12039400] J:\Case_Of_Adib_Wife.pdf
[15/06/2012 - 22:13:06 | SH | 5040657] J:\liilas_4cffd1bbe4.rar
[15/06/2012 - 22:16:30 | SH | 6290090] J:\liilasup3_c4cea3a47f.rar
[23/03/2013 - 22:25:32 | SH | 723968] J:\REHAM. 6th midterm.doc
[09/10/2012 - 09:51:04 | SH | 73728] J:\Reham 4th.doc
[17/11/2012 - 08:41:12 | SH | 114176] J:\Reham.ppt
[20/02/2013 - 23:51:32 | SH | 39936] J:\Reham-quiz.doc
[04/11/2012 - 21:43:54 | SH | 729600] J:\RORA 6th.doc
[11/04/2013 - 10:26:02 | SH | 66048] J:\Reham.doc
[23/09/2013 - 21:54:24 | SHD ] J:\Subway
[18/10/2013 - 02:03:34 | A | 726] J:\Subway.lnk
[14/04/2013 - 13:32:02 | SH | 113664] J:\answers 4.shs
[16/09/2013 - 19:19:08 | SH | 1291712130] J:\A Fistful of Dollars فيلم حفنة دولارات مترجم.mp4
[18/02/2013 - 17:56:36 | SH | 7725136] J:\رواية السنجة - د.أحمد خالد توفيق - بحر الكتب.pdf
[06/06/2013 - 19:50:42 | SH | 5639418] J:\MyEgY.CoM.IDM 6.15 Build 15.By.vibration.rar
[18/10/2013 - 02:03:34 | A | 1622] J:\A Fistful of Dollars فيلم حفنة دولارات مترجم.lnk
[18/06/2013 - 02:00:50 | SHD ] J:\7fla
[20/09/2013 - 22:18:26 | SH | 239543] J:\99.vbs
[18/10/2013 - 02:03:32 | A | 704] J:\__online (1).lnk
[18/10/2013 - 02:03:32 | A | 744] J:\1-حالة الحاسة السادسة.lnk
[18/10/2013 - 02:03:32 | A | 712] J:\3-حالة مستحيلة.lnk
[18/10/2013 - 02:03:32 | A | 688] J:\006-فوبيا.lnk
[18/10/2013 - 02:03:32 | A | 780] J:\453-يغزو أحلامي -روايات أحلام.lnk
[18/10/2013 - 02:03:32 | A | 1604] J:\Ameera 6th ol.lnk
[18/10/2013 - 02:03:32 | A | 1604] J:\Case_Of_Adib_Wife.lnk
[18/10/2013 - 02:03:32 | A | 1528] J:\liilas_4cffd1bbe4.lnk
[18/10/2013 - 02:03:34 | A | 1534] J:\liilasup3_c4cea3a47f.lnk
[18/10/2013 - 02:03:34 | A | 1580] J:\REHAM.lnk
[18/10/2013 - 02:03:34 | A | 1592] J:\Reham 4th.lnk
[18/10/2013 - 02:03:34 | A | 1590] J:\Reham-quiz.lnk
[18/10/2013 - 02:03:34 | A | 1590] J:\RORA 6th.lnk
[18/10/2013 - 02:03:34 | A | 1592] J:\answers 4.lnk
[18/10/2013 - 02:03:34 | A | 1626] J:\رواية السنجة - د.lnk
 
################## | E.O.F |
 

:flowers:  :warrior:


Edited by Hisham85, 15 November 2013 - 10:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users