Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pilefile reminder and oxy program virus/malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 alex3592

alex3592

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 10 March 2014 - 06:47 PM

Hello,

 

I decided to try and download a movie online and accidently downloaded this program called pilefile reminder or oxy.

 

I scanned my computer with Malware bytes and it found like 10 PUP and quartined them but did not delete the programs.

 

I tried to uninstall them using add or remove programs but when I click uninstall it does nothing and something pops up to run the program.

 

I just want this gone off my computer.

 

It was playing random sounds and advertisements before but somehow I got that to stop.

 

Please help and let me know if I am in the wrong forum.

 

Thanks.

 

I attached a pictured of what happens when i try to uninstall it and what the programs look like.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 10 March 2014 - 08:05 PM





Hello alex3592

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 11 March 2014 - 12:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by Laith Nouri (administrator) on LAITHNOURI-PC on 10-03-2014 22:33:21
Running from C:\Users\Laith Nouri\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks) C:\Windows\sminst\sftservice.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\windows\SMINST\Components\scheduler\STService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-01] (IDT, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\Components\scheduler\Launcher.exe [165104 2009-02-23] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\MountPoints2: {7386ce9d-f6a6-11de-8513-0023ae3cc528} - q9.cmd
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\MountPoints2: {d1e5b7fc-28e3-11e1-8e34-0023ae3cc528} - D:\ToolLauncher-Bootstrap.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=2110212261094423&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=2110212261094423&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=2110212261094423&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={DFEB3755-EED6-4551-9E76-C589C0CF63CA}&mid=1af16760817a47d09c0bd16ae8d82cdb-86ba7316bc9509ba300a73ff5ac99bafca100f3f&lang=en&ds=AVG&pr=fr&d=2012-06-11 00:25:25&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&o=APN10653&apn_uid=2110212261094423&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12

FireFox:
========
FF ProfilePath: C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default
FF user.js: detected! => C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\user.js
FF SearchEngineOrder.1: Search Results
FF Homepage: yahoo.com
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=2110212261094423&o=APN10653&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Laith Nouri\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Laith Nouri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Babylon - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-05]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Users\Laith Nouri\Desktop\Babylon\Utils\ocr@babylon.com

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={DFEB3755-EED6-4551-9E76-C589C0CF63CA}&mid=1af16760817a47d09c0bd16ae8d82cdb-86ba7316bc9509ba300a73ff5ac99bafca100f3f&lang=en&ds=AVG&pr=fr&d=2012-06-11 00:25:25&v=15.3.0.11&pid=avg&sg=0&sap=hp
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Laith Nouri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-02]
CHR Extension: (AVG Secure Search) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-05-02]
CHR Extension: (Google Wallet) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2013-03-06]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-01] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-01] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S3 AVG Bonjour Service; C:\Windows\TEMP\avgcu_mDNSResponder.exe [X]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

U3 .dfsc; \* [0 2014-03-10] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-19] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 22:33 - 2014-03-10 22:33 - 00021768 _____ () C:\Users\Laith Nouri\Desktop\FRST.txt
2014-03-10 22:32 - 2014-03-10 22:33 - 00000000 ____D () C:\FRST
2014-03-10 22:31 - 2014-03-10 22:31 - 01145856 _____ (Farbar) C:\Users\Laith Nouri\Desktop\FRST.exe
2014-03-10 13:32 - 2014-03-10 13:32 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\AVG2014
2014-03-10 13:31 - 2014-03-10 13:32 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-10 13:31 - 2014-03-10 13:31 - 00000000 ___HD () C:\$AVG
2014-03-10 13:27 - 2014-03-10 13:36 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Avg2014
2014-03-10 13:27 - 2014-03-10 13:27 - 04462384 _____ (AVG Technologies) C:\Users\Laith Nouri\Desktop\avg_free_stb_all_2014_4335_cnet.exe
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\system32\%systemroot%
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 19:09 - 2014-03-10 22:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-09 19:09 - 2014-03-09 19:09 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\MFAData
2014-03-09 18:44 - 2014-03-09 18:55 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Panda Security
2014-03-09 18:40 - 2014-03-09 18:58 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-09 18:40 - 2014-03-09 18:58 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-09 18:30 - 2014-03-09 18:30 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-09 18:29 - 2014-03-09 18:30 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\mbar
2014-03-08 21:18 - 2014-03-08 21:22 - 00000000 ____D () C:\ProgramData\Max Secure
2014-03-08 21:11 - 2014-03-08 21:11 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\GetRightToGo
2014-03-08 21:11 - 2014-03-08 21:11 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Max Secure Software
2014-03-08 21:10 - 2014-03-08 21:10 - 00368256 _____ (RegNow.com) C:\Users\Laith Nouri\Desktop\Download_MaxSDDMnew.exe
2014-03-08 14:17 - 2014-03-08 14:17 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\GLS address&Phone
2014-03-08 14:05 - 2014-03-08 14:05 - 00000000 ____D () C:\Users\Laith Nouri\Documents\Recomendation Letters 1,2,3
2014-03-08 13:55 - 2009-06-05 03:36 - 00001527 _____ () C:\Users\Laith Nouri\Documents\eBay.lnk
2014-03-08 13:43 - 2013-12-02 23:35 - 09676916 _____ () C:\Users\Laith Nouri\Documents\Family Pics 2.zip
2014-03-08 13:42 - 2013-12-02 23:27 - 09676772 _____ () C:\Users\Laith Nouri\Documents\My Family pics.zip
2014-03-08 13:27 - 2013-04-05 09:26 - 00000847 _____ () C:\Users\Laith Nouri\Documents\RealPlayer.lnk
2014-03-08 13:23 - 2014-03-08 13:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\SSI job offer
2014-03-08 13:19 - 2014-03-08 13:19 - 00000000 ____D () C:\Users\Laith Nouri\Documents\California & fedral Tax form
2014-03-08 13:18 - 2013-09-12 14:39 - 00000787 _____ () C:\Users\Laith Nouri\Documents\Recommendation Letter 1 - Shortcut.lnk
2014-03-08 12:54 - 2012-06-13 12:19 - 00000517 _____ () C:\Users\Laith Nouri\Documents\New Folder (2) - Shortcut.lnk
2014-03-06 00:10 - 2014-03-10 22:28 - 00000380 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-06 00:10 - 2014-03-08 20:56 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\SwvUpdater
2014-03-06 00:08 - 2014-03-06 00:09 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Oxy
2014-02-26 15:36 - 2014-03-10 13:06 - 00077580 _____ () C:\Windows\PFRO.log
2014-02-25 14:11 - 2014-02-25 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-19 22:30 - 2014-02-19 22:30 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My appl for Valbin Corporation
2014-02-19 22:23 - 2014-02-19 22:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My Insurance License
2014-02-15 11:54 - 2014-02-15 11:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 17:39 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 17:39 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 17:39 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 17:39 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 17:39 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 17:39 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 17:39 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 17:39 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 17:39 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 17:39 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 17:39 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 17:39 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 17:39 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 17:39 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 17:39 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 17:39 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 21:04 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-08 13:50 - 2014-02-08 13:50 - 00143728 _____ () C:\Windows\Minidump\Mini020814-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-10 22:33 - 2014-03-10 22:33 - 00021768 _____ () C:\Users\Laith Nouri\Desktop\FRST.txt
2014-03-10 22:33 - 2014-03-10 22:32 - 00000000 ____D () C:\FRST
2014-03-10 22:33 - 2014-03-09 19:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-10 22:31 - 2014-03-10 22:31 - 01145856 _____ (Farbar) C:\Users\Laith Nouri\Desktop\FRST.exe
2014-03-10 22:28 - 2014-03-06 00:10 - 00000380 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-03-10 22:28 - 2013-01-14 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 22:28 - 2010-08-04 05:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 22:28 - 2009-06-04 21:58 - 01089593 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 17:40 - 2006-11-02 03:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 16:55 - 2010-08-04 05:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 16:55 - 2009-07-25 23:40 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\SoftThinks
2014-03-10 16:54 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 16:54 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 16:54 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 16:53 - 2006-11-02 06:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 16:30 - 2010-07-09 06:12 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Deployment
2014-03-10 14:09 - 2013-10-31 09:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Browsersafeguardext
2014-03-10 13:36 - 2014-03-10 13:27 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Avg2014
2014-03-10 13:32 - 2014-03-10 13:32 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\AVG2014
2014-03-10 13:32 - 2014-03-10 13:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-10 13:32 - 2013-01-30 12:14 - 00000800 _____ () C:\Windows\system32\userawacs.cfg
2014-03-10 13:31 - 2014-03-10 13:31 - 00000000 ___HD () C:\$AVG
2014-03-10 13:27 - 2014-03-10 13:27 - 04462384 _____ (AVG Technologies) C:\Users\Laith Nouri\Desktop\avg_free_stb_all_2014_4335_cnet.exe
2014-03-10 13:06 - 2014-02-26 15:36 - 00077580 _____ () C:\Windows\PFRO.log
2014-03-09 19:35 - 2009-07-25 23:41 - 00103592 _____ () C:\Users\Laith Nouri\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\system32\%systemroot%
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 19:09 - 2014-03-09 19:09 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\MFAData
2014-03-09 18:59 - 2006-11-02 05:47 - 00383184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-09 18:58 - 2014-03-09 18:40 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-09 18:58 - 2014-03-09 18:40 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-09 18:55 - 2014-03-09 18:44 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Panda Security
2014-03-09 18:30 - 2014-03-09 18:30 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-09 18:30 - 2014-03-09 18:29 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\mbar
2014-03-08 21:22 - 2014-03-08 21:18 - 00000000 ____D () C:\ProgramData\Max Secure
2014-03-08 21:11 - 2014-03-08 21:11 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\GetRightToGo
2014-03-08 21:11 - 2014-03-08 21:11 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Max Secure Software
2014-03-08 21:10 - 2014-03-08 21:10 - 00368256 _____ (RegNow.com) C:\Users\Laith Nouri\Desktop\Download_MaxSDDMnew.exe
2014-03-08 21:06 - 2006-11-02 05:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-08 21:04 - 2006-11-02 05:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-08 20:56 - 2014-03-06 00:10 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\SwvUpdater
2014-03-08 14:18 - 2010-07-10 01:00 - 00002627 _____ () C:\Users\Laith Nouri\Desktop\Microsoft Office Word 2007.lnk
2014-03-08 14:17 - 2014-03-08 14:17 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\GLS address&Phone
2014-03-08 14:05 - 2014-03-08 14:05 - 00000000 ____D () C:\Users\Laith Nouri\Documents\Recomendation Letters 1,2,3
2014-03-08 13:26 - 2013-08-01 23:03 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\ISI time sheets
2014-03-08 13:23 - 2014-03-08 13:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\SSI job offer
2014-03-08 13:19 - 2014-03-08 13:19 - 00000000 ____D () C:\Users\Laith Nouri\Documents\California & fedral Tax form
2014-03-08 11:49 - 2013-08-01 23:09 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\Interpreters Unlimited Time Sheets
2014-03-06 00:10 - 2013-10-31 11:54 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\SearchProtect
2014-03-06 00:10 - 2013-10-31 11:54 - 00000000 ____D () C:\Program Files\SearchProtect
2014-03-06 00:09 - 2014-03-06 00:08 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Oxy
2014-02-28 11:47 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 14:11 - 2014-02-25 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-25 14:11 - 2013-03-22 11:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-25 14:11 - 2009-07-27 18:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-22 13:54 - 2013-01-14 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-22 13:54 - 2011-08-03 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 22:30 - 2014-02-19 22:30 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My appl for Valbin Corporation
2014-02-19 22:23 - 2014-02-19 22:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My Insurance License
2014-02-17 10:52 - 2012-04-26 00:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:55 - 2014-02-15 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 17:47 - 2013-08-15 11:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:47 - 2006-11-02 03:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-08 13:50 - 2014-02-08 13:50 - 00143728 _____ () C:\Windows\Minidump\Mini020814-01.dmp
2014-02-08 13:50 - 2014-02-04 13:54 - 269143147 _____ () C:\Windows\MEMORY.DMP
2014-02-08 13:50 - 2012-04-24 22:12 - 00000000 ____D () C:\Windows\Minidump

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Laith Nouri\AppData\Local\Temp\htmlayout.dll
C:\Users\Laith Nouri\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nscA44C.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsn1809.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nss9C21.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx23DC.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx30A9.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx9453.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmp3715.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmp6B31.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmpF547.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 16:39

==================== End Of Log ============================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 11 March 2014 - 08:11 AM



Hello alex3592

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 March 2014 - 04:12 PM

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\iMesh
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Search Results Toolbar
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\iMesh
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\PackageAware
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Laith Nouri\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Laith Nouri\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Laith Nouri\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\fhnm8jfj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\END
File Deleted : C:\Users\Laith Nouri\Documents\eBay.lnk
File Deleted : C:\Users\Laith Nouri\Documents\iMesh.lnk
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFF3082C-1E2D-40B8-98E0-F5219FAC328C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF3082C-1E2D-40B8-98E0-F5219FAC328C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Imesh
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\Software\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Deleted : HKLM\Software\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\prefs.js ]

Line Deleted : user_pref("CT3303000.UserID", "UN36627137892974145");
Line Deleted : user_pref("CT3303000.fullUserID", "UN36627137892974145.IN.20131031115602");
Line Deleted : user_pref("CT3303000.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3303000.toolbarInstallDate", "31-10-2013 11:56:03");
Line Deleted : user_pref("CT3303000.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3303000.xpeMode", "0");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "767F5590E8306E763E83A2143B0B822B");
Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "25");
Line Deleted : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,ffxtlbr@babylon.com:1.4.15.4,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313,{ABDE892B-13A8-4d1b-88E6-365[...]
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=221&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=2110212261094423&o=APN10653&q=");
Line Deleted : user_pref("smartbar.machineId", "N4JQNCCNS+UQKKX6Q1X28T1VSD4NXVPHV/JAOT5YRAQ95EPHGQ0DV6HCPJEQ6HHOOGE7I2HPPCCL7VTZN1LMJG");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [13431 octets] - [12/03/2014 13:24:51]
AdwCleaner[S0].txt - [13706 octets] - [12/03/2014 13:28:13]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13767 octets] ##########
 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4210009424-2382940237-2610481806-1000\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E7564812-D258-4ACA-A285-60BDDDF75EEC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\Users\Laith Nouri\AppData\Roaming\getrighttogo"



~~~ FireFox

Emptied folder: C:\Users\Laith Nouri\AppData\Roaming\mozilla\firefox\profiles\8shy6cfm.default\minidumps [155 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/12/2014 at 13:51:58.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

The programs are now gone and my computer is running fine! Thank you so much for your help.!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 13 March 2014 - 07:32 AM


Hello alex3592

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 13 March 2014 - 08:46 PM

Hello,

 

I installed and ran combo fix but it did not complete its scan. I left it on for about 1 hour and it still showed the same screen that is attached. Also, after I ran it the pilefile reminder came back and the icon on my desktop came back. It also was asking to run again which is shown in the attached pictured. I ran Adw cleaner again and it said it deleted oxy but that was not on my computer in the control panel at the time. So I went to the registry editor and deleted all the files related to pilefile and now its gone again.

 

I tried running combo fix again and after half an hour still did not complete and just stayed at the same screen as attached.

 

Also after I ran combo fix my internet was not working.

 

Here is the log from the Adw cleaner. What should I do now?

 

Thanks for your effort.

 

 

 

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Laith Nouri\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13431 octets] - [12/03/2014 13:24:51]
AdwCleaner[R1].txt - [1185 octets] - [12/03/2014 13:35:48]
AdwCleaner[R2].txt - [1301 octets] - [13/03/2014 17:57:07]
AdwCleaner[S0].txt - [13848 octets] - [12/03/2014 13:28:13]
AdwCleaner[S1].txt - [1228 octets] - [13/03/2014 17:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1288 octets] ##########
 

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 13 March 2014 - 09:46 PM


Hello alex3592

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 14 March 2014 - 03:10 AM

I ran it in safe mode and left it for about 30 mins and still nothing. Same blue screen. Pilefile icon and program has not come back and from what I know is deleted off my laptop still.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 15 March 2014 - 07:37 AM





Hello alex3592

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 15 March 2014 - 07:08 PM

Pilefinder came back into my control panel and the icon is back on my desktop. Neither of these programs deleted it and I am going to leave it there for now and not delete it via registry editor. Internet and windows firewall, updates are working fine. Theres about 26 updates that are available that I am about to download.

 

Ran Malware root kits program and it deleted about 5 malware items then ran it again and no threats found. I cannot find any log of this.

 

Ran rogue killer and after I hit delete it only produced one log that I found and here it is:

 

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Laith Nouri [Admin rights]
Mode : Remove -- Date : 03/15/2014 17:00:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Laith Nouri\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1af16760817a47d09c0bd16ae8d82cdb-86ba7316bc9509ba300a73ff5ac99bafca100f3f /CMPID=0214c [-][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-4210009424-2382940237-2610481806-1000\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Laith Nouri\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1af16760817a47d09c0bd16ae8d82cdb-86ba7316bc9509ba300a73ff5ac99bafca100f3f /CMPID=0214c [-][x][x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> DELETED
[V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> DELETED
[V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> E:\Users\Default\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250315AS +++++
--- User ---
[MBR] 16fddea5e7977b1e4b51ddce208a7e10
[BSP] 6c162cc4036ec7d244f289e57a06c61e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03152014_170034.txt >>
RKreport[0]_S_03152014_165915.txt


 


computer is running fine, however the program is still on here.



#12 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 15 March 2014 - 07:13 PM

I just tried installing about 24 security updates but it failed. They are considered important updates and on some of these the publishing dates go back as far as 2012.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 16 March 2014 - 08:41 AM

Hello alex3592


I would like you to rerun FRST and send me a new report when it is complete

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 alex3592

alex3592
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 16 March 2014 - 06:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014 01
Ran by Laith Nouri (administrator) on LAITHNOURI-PC on 16-03-2014 15:59:52
Running from C:\Users\Laith Nouri\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks) C:\Windows\sminst\sftservice.EXE
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\windows\SMINST\Components\scheduler\STService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-01] (IDT, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-04-05] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\Components\scheduler\Launcher.exe [165104 2009-02-23] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\MountPoints2: {7386ce9d-f6a6-11de-8513-0023ae3cc528} - q9.cmd
HKU\S-1-5-21-4210009424-2382940237-2610481806-1000\...\MountPoints2: {d1e5b7fc-28e3-11e1-8e34-0023ae3cc528} - D:\ToolLauncher-Bootstrap.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=00031628&OHP=http%3A%2F%2Fwww.google.com&OSP=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.64.12

FireFox:
========
FF ProfilePath: C:\Users\Laith Nouri\AppData\Roaming\Mozilla\Firefox\Profiles\8shy6cfm.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Laith Nouri\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Laith Nouri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-05]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Laith Nouri\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-02]
CHR Extension: (Google Wallet) - C:\Users\Laith Nouri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-01] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
U2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-01] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)
S3 AVG Bonjour Service; C:\Windows\TEMP\avgcu_mDNSResponder.exe [X]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

U3 .dfsc; \* [0 2014-03-10] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [271552 2009-03-19] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\LAITHN~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 17:00 - 2014-03-15 17:00 - 00003687 _____ () C:\Users\Laith Nouri\Desktop\RKreport[0]_D_03152014_170034.txt
2014-03-15 16:53 - 2014-03-15 17:07 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\RK_Quarantine
2014-03-15 16:52 - 2014-03-15 16:52 - 03901952 _____ () C:\Users\Laith Nouri\Desktop\RogueKiller.exe
2014-03-15 15:30 - 2014-03-15 16:20 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-15 15:27 - 2014-03-15 15:28 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Laith Nouri\Downloads\mbar-1.07.0.1009.exe
2014-03-15 15:20 - 2014-03-15 15:20 - 00000000 __SHD () C:\found.001
2014-03-14 09:54 - 2014-03-15 12:05 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Oxy
2014-03-14 09:54 - 2014-03-15 11:32 - 00002070 _____ () C:\Users\Laith Nouri\Desktop\Continue gravity-2013-hdcam-v3-x246-pimp4003 download.lnk
2014-03-14 00:41 - 2014-03-14 00:42 - 00000000 ___SD () C:\ComboFix
2014-03-13 18:26 - 2014-03-13 18:26 - 05190279 ____R (Swearware) C:\Users\Laith Nouri\Desktop\ComboFix.exe
2014-03-13 18:01 - 2014-03-13 18:01 - 00001368 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner 2nd.txt
2014-03-13 14:51 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-13 14:51 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-13 14:51 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-13 14:51 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-13 14:51 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-13 14:51 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-13 14:51 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-13 14:51 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-13 14:49 - 2014-03-13 14:51 - 00000000 ____D () C:\Qoobox
2014-03-13 14:49 - 2014-03-13 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 13:58 - 2014-02-22 22:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-12 13:58 - 2014-02-22 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 13:58 - 2014-02-22 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-12 13:57 - 2014-02-22 22:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 13:57 - 2014-02-22 22:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 13:57 - 2014-02-22 22:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 13:57 - 2014-02-22 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 13:57 - 2014-02-22 22:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:57 - 2014-02-22 22:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 13:57 - 2014-02-22 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-12 13:57 - 2014-02-22 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 13:57 - 2014-02-22 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 13:57 - 2014-02-22 22:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 13:57 - 2014-02-22 22:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-12 13:57 - 2014-02-22 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 13:57 - 2014-02-22 22:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 13:52 - 2014-03-12 13:51 - 00001627 _____ () C:\Users\Laith Nouri\Desktop\JRT.txt
2014-03-12 13:44 - 2014-02-07 03:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 13:44 - 2014-02-03 03:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 13:44 - 2014-01-30 00:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 13:43 - 2014-03-12 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 13:43 - 2013-11-12 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-12 13:39 - 2014-03-12 13:39 - 01037734 _____ (Thisisu) C:\Users\Laith Nouri\Desktop\JRT.exe
2014-03-12 13:35 - 2014-03-12 13:35 - 00013848 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner[S0] 1st.txt
2014-03-12 13:24 - 2014-03-13 17:58 - 00000000 ____D () C:\AdwCleaner
2014-03-12 13:23 - 2014-03-12 13:23 - 01949184 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner.exe
2014-03-10 22:34 - 2014-03-10 22:35 - 00034064 _____ () C:\Users\Laith Nouri\Desktop\Addition.txt
2014-03-10 22:33 - 2014-03-16 15:59 - 00018749 _____ () C:\Users\Laith Nouri\Desktop\FRST.txt
2014-03-10 22:32 - 2014-03-16 15:59 - 00000000 ____D () C:\FRST
2014-03-10 22:31 - 2014-03-10 22:31 - 01145856 _____ (Farbar) C:\Users\Laith Nouri\Desktop\FRST.exe
2014-03-10 13:32 - 2014-03-10 13:32 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\AVG2014
2014-03-10 13:31 - 2014-03-10 13:32 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-10 13:31 - 2014-03-10 13:31 - 00000000 ___HD () C:\$AVG
2014-03-10 13:27 - 2014-03-10 13:36 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Avg2014
2014-03-10 13:27 - 2014-03-10 13:27 - 04462384 _____ (AVG Technologies) C:\Users\Laith Nouri\Desktop\avg_free_stb_all_2014_4335_cnet.exe
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\system32\%systemroot%
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 19:09 - 2014-03-15 19:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-09 19:09 - 2014-03-09 19:09 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\MFAData
2014-03-09 18:44 - 2014-03-09 18:55 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Panda Security
2014-03-09 18:40 - 2014-03-09 18:58 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-09 18:40 - 2014-03-09 18:58 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-09 18:30 - 2014-03-15 17:05 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-09 18:29 - 2014-03-15 17:05 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\mbar
2014-03-08 21:18 - 2014-03-08 21:22 - 00000000 ____D () C:\ProgramData\Max Secure
2014-03-08 21:10 - 2014-03-08 21:10 - 00368256 _____ (RegNow.com) C:\Users\Laith Nouri\Desktop\Download_MaxSDDMnew.exe
2014-03-08 14:17 - 2014-03-08 14:17 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\GLS address&Phone
2014-03-08 14:05 - 2014-03-08 14:05 - 00000000 ____D () C:\Users\Laith Nouri\Documents\Recomendation Letters 1,2,3
2014-03-08 13:43 - 2013-12-02 23:35 - 09676916 _____ () C:\Users\Laith Nouri\Documents\Family Pics 2.zip
2014-03-08 13:42 - 2013-12-02 23:27 - 09676772 _____ () C:\Users\Laith Nouri\Documents\My Family pics.zip
2014-03-08 13:27 - 2013-04-05 09:26 - 00000847 _____ () C:\Users\Laith Nouri\Documents\RealPlayer.lnk
2014-03-08 13:23 - 2014-03-08 13:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\SSI job offer
2014-03-08 13:19 - 2014-03-08 13:19 - 00000000 ____D () C:\Users\Laith Nouri\Documents\California & fedral Tax form
2014-03-08 13:18 - 2013-09-12 14:39 - 00000787 _____ () C:\Users\Laith Nouri\Documents\Recommendation Letter 1 - Shortcut.lnk
2014-03-08 12:54 - 2012-06-13 12:19 - 00000517 _____ () C:\Users\Laith Nouri\Documents\New Folder (2) - Shortcut.lnk
2014-02-26 15:36 - 2014-03-15 16:13 - 00082042 _____ () C:\Windows\PFRO.log
2014-02-25 14:11 - 2014-02-25 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-19 22:30 - 2014-02-19 22:30 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My appl for Valbin Corporation
2014-02-19 22:23 - 2014-02-19 22:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My Insurance License
2014-02-15 11:54 - 2014-02-15 11:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-16 16:01 - 2014-03-10 22:33 - 00018749 _____ () C:\Users\Laith Nouri\Desktop\FRST.txt
2014-03-16 15:59 - 2014-03-10 22:32 - 00000000 ____D () C:\FRST
2014-03-16 15:59 - 2010-08-04 05:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 15:58 - 2009-07-25 23:40 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\SoftThinks
2014-03-16 15:58 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 15:58 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 15:58 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 20:51 - 2006-11-02 06:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-15 20:50 - 2009-06-04 21:58 - 01277435 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 20:11 - 2010-08-04 05:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 19:54 - 2013-01-14 17:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 19:25 - 2014-03-09 19:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-15 19:25 - 2006-11-02 03:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 17:07 - 2014-03-15 16:53 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\RK_Quarantine
2014-03-15 17:05 - 2014-03-09 18:30 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-15 17:05 - 2014-03-09 18:29 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\mbar
2014-03-15 17:00 - 2014-03-15 17:00 - 00003687 _____ () C:\Users\Laith Nouri\Desktop\RKreport[0]_D_03152014_170034.txt
2014-03-15 16:52 - 2014-03-15 16:52 - 03901952 _____ () C:\Users\Laith Nouri\Desktop\RogueKiller.exe
2014-03-15 16:20 - 2014-03-15 15:30 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-15 16:13 - 2014-02-26 15:36 - 00082042 _____ () C:\Windows\PFRO.log
2014-03-15 16:10 - 2006-11-02 04:18 - 00000000 _SHDC () C:\Windows\$NtUninstallKB59447$
2014-03-15 15:55 - 2013-10-31 09:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\BrowserSafeguard
2014-03-15 15:28 - 2014-03-15 15:27 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Laith Nouri\Downloads\mbar-1.07.0.1009.exe
2014-03-15 15:20 - 2014-03-15 15:20 - 00000000 __SHD () C:\found.001
2014-03-15 12:05 - 2014-03-14 09:54 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Oxy
2014-03-15 11:32 - 2014-03-14 09:54 - 00002070 _____ () C:\Users\Laith Nouri\Desktop\Continue gravity-2013-hdcam-v3-x246-pimp4003 download.lnk
2014-03-14 00:42 - 2014-03-14 00:41 - 00000000 ___SD () C:\ComboFix
2014-03-13 18:26 - 2014-03-13 18:26 - 05190279 ____R (Swearware) C:\Users\Laith Nouri\Desktop\ComboFix.exe
2014-03-13 18:01 - 2014-03-13 18:01 - 00001368 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner 2nd.txt
2014-03-13 17:58 - 2014-03-12 13:24 - 00000000 ____D () C:\AdwCleaner
2014-03-13 14:51 - 2014-03-13 14:49 - 00000000 ____D () C:\Qoobox
2014-03-13 14:49 - 2014-03-13 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-03-12 14:54 - 2013-01-14 17:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 14:54 - 2011-08-03 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 14:30 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache
2014-03-12 14:05 - 2006-11-02 05:47 - 00383184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 14:02 - 2009-06-05 03:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 13:59 - 2010-07-10 00:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 13:51 - 2014-03-12 13:52 - 00001627 _____ () C:\Users\Laith Nouri\Desktop\JRT.txt
2014-03-12 13:43 - 2014-03-12 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 13:39 - 2014-03-12 13:39 - 01037734 _____ (Thisisu) C:\Users\Laith Nouri\Desktop\JRT.exe
2014-03-12 13:35 - 2014-03-12 13:35 - 00013848 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner[S0] 1st.txt
2014-03-12 13:23 - 2014-03-12 13:23 - 01949184 _____ () C:\Users\Laith Nouri\Desktop\AdwCleaner.exe
2014-03-10 22:35 - 2014-03-10 22:34 - 00034064 _____ () C:\Users\Laith Nouri\Desktop\Addition.txt
2014-03-10 22:31 - 2014-03-10 22:31 - 01145856 _____ (Farbar) C:\Users\Laith Nouri\Desktop\FRST.exe
2014-03-10 16:30 - 2010-07-09 06:12 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Deployment
2014-03-10 14:09 - 2013-10-31 09:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Browsersafeguardext
2014-03-10 13:36 - 2014-03-10 13:27 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\Avg2014
2014-03-10 13:32 - 2014-03-10 13:32 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-10 13:32 - 2014-03-10 13:32 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\AVG2014
2014-03-10 13:32 - 2014-03-10 13:31 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-10 13:32 - 2013-01-30 12:14 - 00000800 _____ () C:\Windows\system32\userawacs.cfg
2014-03-10 13:31 - 2014-03-10 13:31 - 00000000 ___HD () C:\$AVG
2014-03-10 13:27 - 2014-03-10 13:27 - 04462384 _____ (AVG Technologies) C:\Users\Laith Nouri\Desktop\avg_free_stb_all_2014_4335_cnet.exe
2014-03-09 19:35 - 2009-07-25 23:41 - 00103592 _____ () C:\Users\Laith Nouri\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Windows\system32\%systemroot%
2014-03-09 19:11 - 2014-03-09 19:11 - 00000000 ____D () C:\Program Files\AVG
2014-03-09 19:09 - 2014-03-09 19:09 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Local\MFAData
2014-03-09 18:58 - 2014-03-09 18:40 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-09 18:58 - 2014-03-09 18:40 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-09 18:55 - 2014-03-09 18:44 - 00000000 ____D () C:\Users\Laith Nouri\AppData\Roaming\Panda Security
2014-03-08 21:22 - 2014-03-08 21:18 - 00000000 ____D () C:\ProgramData\Max Secure
2014-03-08 21:10 - 2014-03-08 21:10 - 00368256 _____ (RegNow.com) C:\Users\Laith Nouri\Desktop\Download_MaxSDDMnew.exe
2014-03-08 21:06 - 2006-11-02 05:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-03-08 21:04 - 2006-11-02 05:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-08 14:18 - 2010-07-10 01:00 - 00002627 _____ () C:\Users\Laith Nouri\Desktop\Microsoft Office Word 2007.lnk
2014-03-08 14:17 - 2014-03-08 14:17 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\GLS address&Phone
2014-03-08 14:05 - 2014-03-08 14:05 - 00000000 ____D () C:\Users\Laith Nouri\Documents\Recomendation Letters 1,2,3
2014-03-08 13:26 - 2013-08-01 23:03 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\ISI time sheets
2014-03-08 13:23 - 2014-03-08 13:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\SSI job offer
2014-03-08 13:19 - 2014-03-08 13:19 - 00000000 ____D () C:\Users\Laith Nouri\Documents\California & fedral Tax form
2014-03-08 11:49 - 2013-08-01 23:09 - 00000000 ____D () C:\Users\Laith Nouri\Desktop\Interpreters Unlimited Time Sheets
2014-02-28 11:47 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 14:11 - 2014-02-25 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-25 14:11 - 2013-03-22 11:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-25 14:11 - 2009-07-27 18:37 - 00000000 ____D () C:\ProgramData\Skype
2014-02-22 22:50 - 2014-03-12 13:57 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-22 22:47 - 2014-03-12 13:57 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-22 22:43 - 2014-03-12 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-22 22:41 - 2014-03-12 13:57 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-22 22:40 - 2014-03-12 13:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-22 22:39 - 2014-03-12 13:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-22 22:38 - 2014-03-12 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-22 22:38 - 2014-03-12 13:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-22 22:38 - 2014-03-12 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-22 22:37 - 2014-03-12 13:58 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-22 22:37 - 2014-03-12 13:57 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-22 22:37 - 2014-03-12 13:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-22 22:37 - 2014-03-12 13:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-22 22:36 - 2014-03-12 13:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-22 22:36 - 2014-03-12 13:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-22 22:35 - 2014-03-12 13:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-19 22:30 - 2014-02-19 22:30 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My appl for Valbin Corporation
2014-02-19 22:23 - 2014-02-19 22:23 - 00000000 ____D () C:\Users\Laith Nouri\Documents\My Insurance License
2014-02-17 10:52 - 2012-04-26 00:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:55 - 2014-02-15 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Laith Nouri\AppData\Local\Temp\htmlayout.dll
C:\Users\Laith Nouri\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nscA44C.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsn1809.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nss9C21.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx23DC.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx30A9.exe
C:\Users\Laith Nouri\AppData\Local\Temp\nsx9453.exe
C:\Users\Laith Nouri\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Laith Nouri\AppData\Local\Temp\Quarantine.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmp3715.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmp6B31.exe
C:\Users\Laith Nouri\AppData\Local\Temp\tmpF547.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-15 19:34

==================== End Of Log ============================



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:15 AM

Posted 16 March 2014 - 07:52 PM

Hello alex3592



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.95KB   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users