Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast web shield blocking harmful website whenever i go online


  • This topic is locked This topic is locked
9 replies to this topic

#1 tahasey

tahasey

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 29 July 2014 - 03:54 PM

Hello, Thanks for being there for us.
I have a problem with my computer. After downloading a PDF file which instead of opening, suddenly disappeared and I cannot locate it. From there on whenever I open Firefox or iexplorer, Avast starts alerting me that it’s blocking a harmful website or file. Although these alerts stop when I go offline and so far the computer is running properly. Kindly assist me to fix this problem.
 
Thanks alot.
 
Taha



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 30 July 2014 - 02:58 AM

Hello Taha,

please run a FRST scan to start with:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 tahasey

tahasey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 30 July 2014 - 05:30 AM

Thanks alot Aharonov for the rely, i am posting the logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by taha and mariam (administrator) on TAHAANDMARIAM on 30-07-2014 13:21:00
Running from C:\Users\taha and mariam\Downloads
Platform: Microsoft Windows 7 Starter  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nokia) C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
(BitTorrent Inc.) C:\Users\taha and mariam\AppData\Roaming\BitTorrent\BitTorrent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
() C:\Program Files\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\Run: [NokiaPCInternetAccess] => C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [663552 2009-09-17] (Nokia)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\Run: [BitTorrent] => C:\Users\taha and mariam\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2df25a2b-0971-11e2-8c6c-e81132295421} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2fccd533-4410-11e1-8660-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2fccd545-4410-11e1-8660-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d2eb-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d2fa-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d312-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {5adcaf52-b230-11e1-9bc3-001bb1fb43d4} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {60e84c21-ac4b-11e0-a695-001bb1fb43d4} - E:\PcOptions.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {6f44fe96-2757-11e1-9442-001bb1fb43d4} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72b4f637-9281-11e1-b4c1-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72d8f5ab-5a20-11e1-9c96-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72d8f5db-5a20-11e1-9c96-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {90baaca3-81b8-11e1-85a1-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {99d37de4-8fbb-11e1-949a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {99d37df2-8fbb-11e1-949a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {a5332369-0991-11e2-80c7-e81132295421} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {f6a7816e-91cf-11e1-9b53-001bb1fb43d4} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\taha and mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
URLSearchHook: HKLM - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: No Name -> {88c7f2aa-f93f-432c-8f0e-b7d85967a527} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 41.212.3.2 41.212.3.253 62.8.64.6 8.8.8.8
Tcpip\..\Interfaces\{5EF44394-B4BA-463B-8B96-0605E9D58522}: [NameServer]196.201.208.2 209.244.0.3
Tcpip\..\Interfaces\{66ACB9B4-01A4-4869-8443-A2A9FA17389C}: [NameServer]196.201.208.2 209.244.0.3
Tcpip\..\Interfaces\{DF43A343-6194-48E6-8197-F53C31D2F2CA}: [NameServer]196.201.217.11 209.244.0.3

FireFox:
========
FF ProfilePath: C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: proicechoip - C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\hormv.8u5@jw-tai.org [2014-07-20]
FF Extension: EPUBReader - C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-04-08]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010-11-24]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-22]

Chrome:
=======
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn [2014-07-20]
CHR Extension: (Keep Me) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-20]
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn\3.9 [2014-07-20]
CHR HKLM\...\Chrome\Extension: [ecjjcfnelnmnlkacilelkkihjicinbfe] - C:\ProgramData\Bcool\ecjjcfnelnmnlkacilelkkihjicinbfe.crx [2014-07-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx [2012-05-28]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\TAHAAN~1\AppData\Local\Temp\crxD1D3.tmp [2012-05-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-27] (AVAST Software)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-27] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-27] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-27] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-27] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-27] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-27] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-27] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-27] ()
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109056 2010-04-01] (ELAN Microelectronics Corp.)
S3 massfilter; C:\windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
S3 orange_zte_cdc_acm; C:\windows\System32\DRIVERS\orange_zte_cdc_acm.sys [66432 2011-01-18] (ZTE)
S3 orange_zte_cpo; C:\windows\System32\DRIVERS\orange_zte_cpo.sys [9984 2011-01-18] (ZTE)
R0 PxHelp20; C:\windows\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-02-25] (Windows ® 2003 DDK 3790 provider)
R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [File not signed]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 13:21 - 2014-07-30 13:21 - 00016463 _____ () C:\Users\taha and mariam\Downloads\FRST.txt
2014-07-30 13:20 - 2014-07-30 13:21 - 00000000 ___DC () C:\FRST
2014-07-30 13:17 - 2014-07-30 13:18 - 01084416 _____ (Farbar) C:\Users\taha and mariam\Downloads\FRST.exe
2014-07-27 14:39 - 2014-07-27 14:39 - 00000000 ___DC () C:\NPE
2014-07-27 14:37 - 2014-07-27 14:51 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\NPE
2014-07-27 09:25 - 2014-07-27 09:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-23 09:00 - 2014-07-23 09:00 - 01005928 _____ () C:\Users\taha and mariam\Downloads\Attachments_2014723.zip
2014-07-21 13:58 - 2014-07-30 10:34 - 00000616 _____ () C:\windows\setupact.log
2014-07-21 13:58 - 2014-07-21 13:58 - 00000000 _____ () C:\windows\setuperr.log
2014-07-20 23:17 - 2014-07-20 23:17 - 00000000 ____D () C:\ProgramData\GreenBay App
2014-07-20 23:14 - 2014-07-27 09:39 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-20 23:13 - 2014-07-27 09:40 - 00000000 ____D () C:\ProgramData\PRicecchopa
2014-07-20 23:13 - 2014-07-27 09:35 - 00000000 ____D () C:\Program Files\PRicecchopa
2014-07-20 23:12 - 2014-07-20 23:15 - 00000000 ____D () C:\ProgramData\817a3789b96703e
2014-07-20 23:12 - 2014-07-20 23:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Chromatic Browser
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 13:22 - 2011-09-24 13:19 - 00000000 ____D () C:\Users\taha and mariam\AppData\Roaming\BitTorrent
2014-07-30 13:21 - 2014-07-30 13:21 - 00016463 _____ () C:\Users\taha and mariam\Downloads\FRST.txt
2014-07-30 13:21 - 2014-07-30 13:20 - 00000000 ___DC () C:\FRST
2014-07-30 13:18 - 2014-07-30 13:17 - 01084416 _____ (Farbar) C:\Users\taha and mariam\Downloads\FRST.exe
2014-07-30 13:16 - 2014-06-18 17:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 13:09 - 2010-11-25 05:06 - 01256846 _____ () C:\windows\WindowsUpdate.log
2014-07-30 12:30 - 2012-09-18 16:26 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 10:41 - 2009-07-14 07:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 10:41 - 2009-07-14 07:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 10:34 - 2014-07-21 13:58 - 00000616 _____ () C:\windows\setupact.log
2014-07-30 10:34 - 2012-09-30 19:28 - 00000432 ____H () C:\windows\Tasks\OptimizerPro1UpdaterTask{0E669224-4E6A-4078-82E7-F6602D52720E}.job
2014-07-30 10:34 - 2012-09-18 16:26 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 10:34 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-27 16:46 - 2014-02-05 14:56 - 00000000 ____D () C:\Users\taha and mariam\Documents\3 Current PaySlips_files
2014-07-27 16:43 - 2009-07-26 23:06 - 00730320 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-27 14:51 - 2014-07-27 14:37 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\NPE
2014-07-27 14:39 - 2014-07-27 14:39 - 00000000 ___DC () C:\NPE
2014-07-27 14:37 - 2010-11-24 12:31 - 00000000 ____D () C:\ProgramData\Norton
2014-07-27 12:45 - 2011-10-17 21:56 - 00000000 ____D () C:\Program Files\PowerISO
2014-07-27 09:56 - 2012-05-05 15:58 - 00000000 ____D () C:\Program Files\1ClickDownload
2014-07-27 09:40 - 2014-07-20 23:13 - 00000000 ____D () C:\ProgramData\PRicecchopa
2014-07-27 09:39 - 2014-07-20 23:14 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-27 09:39 - 2012-09-30 19:27 - 00000000 ____D () C:\ProgramData\Bcool
2014-07-27 09:35 - 2014-07-20 23:13 - 00000000 ____D () C:\Program Files\PRicecchopa
2014-07-27 09:28 - 2012-09-18 16:26 - 00000000 ____D () C:\Program Files\Google
2014-07-27 09:26 - 2011-05-03 06:24 - 00291168 _____ () C:\windows\PFRO.log
2014-07-27 09:25 - 2014-07-27 09:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-27 09:25 - 2014-04-24 20:10 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-27 09:25 - 2014-02-15 07:18 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-27 09:25 - 2013-11-22 20:52 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-27 09:25 - 2013-03-12 20:49 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-27 09:25 - 2013-03-12 20:49 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-27 09:25 - 2012-12-22 20:14 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-24 22:49 - 2011-04-20 06:49 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Adobe
2014-07-23 09:00 - 2014-07-23 09:00 - 01005928 _____ () C:\Users\taha and mariam\Downloads\Attachments_2014723.zip
2014-07-21 13:58 - 2014-07-21 13:58 - 00000000 _____ () C:\windows\setuperr.log
2014-07-20 23:17 - 2014-07-20 23:17 - 00000000 ____D () C:\ProgramData\GreenBay App
2014-07-20 23:17 - 2012-09-30 19:25 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-20 23:15 - 2014-07-20 23:12 - 00000000 ____D () C:\ProgramData\817a3789b96703e
2014-07-20 23:12 - 2014-07-20 23:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Chromatic Browser
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-20 23:12 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-20 23:12 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 23:12 - 2011-09-24 13:26 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Google
2014-07-20 23:12 - 2011-07-22 23:35 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\CrashDumps
2014-07-20 23:12 - 2009-07-14 05:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator

Some content of TEMP:
====================
C:\Users\taha and mariam\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\taha and mariam\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:57

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-07-2014
Ran by taha and mariam at 2014-07-30 13:22:52
Running from C:\Users\taha and mariam\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
„Messenger“ pagalbinė priemonė (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1ClickDownloader (HKLM\...\1ClickDownloader) (Version: 2.1 Build 26473 - 1ClickDownload) <==== ATTENTION
Adblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 3.1.0.1741 - Adblocker)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Angry Birds (HKLM\...\{370CA4B0-A1D8-4863-A3C5-6879AEE1663A}) (Version: 3.0.0 - Rovio)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Bcool (HKLM\...\{20E7BC40-33F6-4A81-9D52-B58349326206}) (Version:  - Bcool)
BCool Gadget (HKLM\...\{8B1881C3-A40C-4DF3-BFD2-CCD2FEDD7D83}) (Version: 1.0 - BCool Gadget)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
BitTorrentBar Toolbar (HKLM\...\BitTorrentBar Toolbar) (Version: 6.8.5.1 - BitTorrentBar)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Complément Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Default (Version: 1.0.0.1 - Default Company Name) Hidden
Doplnok programu Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Content Share (HKLM\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy Resolution Manager (HKLM\...\{18AA278D-E0B9-4F99-ACCC-070978A38453}) (Version: 1.0.9 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
ETDWare PS/2-x86 7.0.7.0_WHQL (HKLM\...\Elantech) (Version: 7.0.7.0 - ELAN Microelectronics Corp.)
Fast Booting SW (HKLM\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 1.8.0.0 - SAMSUNG)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hijri Calendar (HKLM\...\{9FC722B4-4355-4270-999A-C3995C130383}) (Version: 1.1.50 - H. Motiwala)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSilo (HKLM\...\iSilo) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Nokia PC Internet Access (HKLM\...\Nokia PC Internet Access) (Version: 2.0.2.1 - Nokia)
Nokia PC Internet Access (Version: 2.0.2.1 - Nokia) Hidden
Orange Internet Everywhere (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Poczta usługi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
PRicecchopa (HKLM\...\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}) (Version: 4.3.0.1667 - piriicechhopi) <==== ATTENTION
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
REALTEK PCIE Wireless LAN Software (HKLM\...\{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}) (Version: 0136.10.0325 - REALTEK Semiconductor Corp.)
Safaricom Broadband (HKLM\...\Safaricom Broadband) (Version: 16.001.06.01.94 - Huawei Technologies Co.,Ltd)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Spremljevalec Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
STDU Viewer version 1.5.622.0 (HKLM\...\STDU Viewer_is1) (Version: 1.5.622.0 - STDUtility)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{91E130AA-C37F-42D8-9D5D-397B3416A7F2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zain e-GO (HKLM\...\Zain e-GO) (Version: 11.300.05.06.419 - Huawei Technologies Co.,Ltd)
Συλλογή φωτογραφιών του Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-06-2014 19:38:02 Scheduled Checkpoint
13-06-2014 07:15:59 Scheduled Checkpoint
22-06-2014 09:29:33 Scheduled Checkpoint
07-07-2014 12:41:40 Scheduled Checkpoint
17-07-2014 03:36:29 Scheduled Checkpoint
27-07-2014 06:23:22 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0875C348-D460-4162-9E0D-09990BEDB2BB} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {255A9500-189E-4905-AD16-8F236EB9DB87} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-27] (AVAST Software)
Task: {3F61A3E9-9385-4EBD-89D5-B32CDF9A0C41} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {5FB08D84-77B3-4000-A329-69E2BA2DE49D} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-05053A92\EPM.exe
Task: {782E4433-40DF-4E26-BEF4-51E0762A3EA5} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {7F54EC73-A61F-46E8-82DE-8B77A1D71A40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {8FE6CB28-1C17-423C-9FDE-6CA357C88553} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {97BEA30A-1E0D-4BE2-B608-89133AC0421B} - System32\Tasks\4785 => Wscript.exe C:\Users\TAHAAN~1\AppData\Local\Temp\launchie.vbs //B
Task: {B0B8D6C9-FAA8-42DD-9557-7BC5A562F69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {B2DE2532-8898-42AE-ADB3-67A5952A2D8A} - System32\Tasks\OptimizerPro1UpdaterTask{0E669224-4E6A-4078-82E7-F6602D52720E} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: {D7EDC36A-E75D-4458-AC0A-FA0307105ED8} - System32\Tasks\EasySpeedUpManager => C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-08-05] (Samsung Electronics)
Task: {E04380B6-1468-4181-BCC9-FACF92C2C77B} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-06-03] (Samsung Electronics Co., Ltd.)
Task: {EB9CA67B-4FD0-4BB2-9265-C56FB9A5C17C} - System32\Tasks\0 => Iexplore.exe
Task: {ED985C65-D7E6-43CD-947F-0DE07B178C57} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-10-14] (Samsung Electronics. Co. Ltd.)
Task: {FB921A95-22BF-45A9-A631-B3D53336D4BD} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\OptimizerPro1UpdaterTask{0E669224-4E6A-4078-82E7-F6602D52720E}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 09:25 - 2014-07-27 09:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-29 20:40 - 2014-07-29 20:40 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072900\algo.dll
2014-07-27 09:25 - 2014-07-27 09:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-11-12 10:18 - 2008-11-12 10:18 - 00011776 _____ () C:\Program Files\Nokia\PC Internet Access\TextResources_eng-us.nlr
2009-04-16 16:31 - 2009-04-16 16:31 - 04210688 _____ () C:\Program Files\Nokia\PC Internet Access\GraphicsResources.ngr
2010-11-24 12:20 - 2006-08-12 06:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2009-02-27 22:52 - 2009-02-27 22:52 - 00258048 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00107008 _____ () C:\Program Files\VideoLAN\VLC\vlc.exe
2010-11-13 19:46 - 2010-11-13 19:46 - 00101376 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 02262528 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00067072 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00210944 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 02170368 _____ () C:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00046592 _____ () C:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00033792 _____ () C:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00090112 _____ () C:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00231424 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00034304 _____ () C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00078848 _____ () C:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031232 _____ () C:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00108032 _____ () C:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01199104 _____ () C:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00337920 _____ () C:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01141248 _____ () C:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00046592 _____ () C:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00033792 _____ () C:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00194048 _____ () C:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 11047936 _____ () C:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031744 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00044544 _____ () C:\Program Files\VideoLAN\VLC\plugins\libvobsub_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00052224 _____ () C:\Program Files\VideoLAN\VLC\plugins\libsubtitle_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00037376 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00034304 _____ () C:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00238080 _____ () C:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01025536 _____ () C:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00265216 _____ () C:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01712128 _____ () C:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00130048 _____ () C:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01747968 _____ () C:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00045568 _____ () C:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00033280 _____ () C:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00309760 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00368640 _____ () C:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00035840 _____ () C:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00258048 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 07065600 _____ () C:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00291840 _____ () C:\Program Files\VideoLAN\VLC\plugins\libsdl_image_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01451520 _____ () C:\Program Files\VideoLAN\VLC\plugins\libzvbi_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00033280 _____ () C:\Program Files\VideoLAN\VLC\plugins\libinvmem_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00152576 _____ () C:\Program Files\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032768 _____ () C:\Program Files\VideoLAN\VLC\plugins\librawvideo_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00150528 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdvbsub_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\libadpcm_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\libspudec_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00039424 _____ () C:\Program Files\VideoLAN\VLC\plugins\libcc_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\libsubsdec_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 01747456 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00048640 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00039936 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00297472 _____ () C:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00046080 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00135680 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00037888 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00073728 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036352 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00040448 _____ () C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00052224 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032768 _____ () C:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00038400 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032768 _____ () C:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031744 _____ () C:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031232 _____ () C:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00061440 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031232 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00128000 _____ () C:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00178176 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00065536 _____ () C:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00047104 _____ () C:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032768 _____ () C:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032256 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00033792 _____ () C:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00030720 _____ () C:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032256 _____ () C:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031232 _____ () C:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00038912 _____ () C:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00032256 _____ () C:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00041472 _____ () C:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00031744 _____ () C:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00036864 _____ () C:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
2010-11-13 19:46 - 2010-11-13 19:46 - 00057344 _____ () C:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
2014-06-18 17:11 - 2014-06-18 17:12 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-12 23:14 - 2014-02-12 23:14 - 16287624 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:268F887D
AlternateDataStreams: C:\ProgramData\Temp:5C270C64
AlternateDataStreams: C:\ProgramData\Temp:8530A643
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E7BA7168

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 09:00:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 09:00:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 09:00:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 08:58:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 08:57:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/28/2014 08:57:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 01:20:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 01:20:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 01:20:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2014 01:17:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/30/2014 10:36:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/30/2014 10:34:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/29/2014 01:52:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/29/2014 01:50:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/28/2014 01:26:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/28/2014 01:24:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 02:50:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/27/2014 02:48:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/27/2014 02:41:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/27/2014 02:39:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (06/26/2011 04:08:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12574 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (05/16/2011 00:07:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2758 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (05/11/2011 10:31:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6026 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (05/04/2011 11:57:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5544 seconds with 840 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 2037.3 MB
Available physical RAM: 875.6 MB
Total Pagefile: 4074.59 MB
Available Pagefile: 2753.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:85 GB) (Free:54.18 GB) NTFS
Drive d: () (Fixed) (Total:127.79 GB) (Free:76.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 78B32E04)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=128 GB) - (Type=OF Extended)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 30 July 2014 - 06:35 AM

Ok. Then continue with this:


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 tahasey

tahasey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 30 July 2014 - 09:52 AM

following you;

 

 

# AdwCleaner v3.301 - Report created 30/07/2014 at 17:41:15
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Starter  (32 bits)
# Username : taha and mariam - TAHAANDMARIAM
# Running from : C:\Users\taha and mariam\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\ItsReadyApp
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\ProgramData\PRicecchopa
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\PRicecchopa
Folder Deleted : C:\Program Files\BitTorrentBar
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\taha and mariam\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\taha and mariam\AppData\Local\Conduit
Folder Deleted : C:\Users\taha and mariam\AppData\Local\torch
Folder Deleted : C:\Users\taha and mariam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\taha and mariam\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\taha and mariam\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Smartbar
Folder Deleted : C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\ValueApps

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stdu-viewer[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stdu-viewer[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F65AF619-ECA8-495E-BBF1-5C926BCF3C72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF1A1508-77E4-4528-8C8F-349D1FB12528}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B1881C3-A40C-4DF3-BFD2-CCD2FEDD7D83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\prefs.js ]

Line Deleted : user_pref("CT2217979.1000234.TWC_TMP_city", "NAIROBI");
Line Deleted : user_pref("CT2217979.1000234.TWC_TMP_country", "KE");
Line Deleted : user_pref("CT2217979.1000234.TWC_country", "KENYA");
Line Deleted : user_pref("CT2217979.1000234.TWC_locId", "KEXX0009");
Line Deleted : user_pref("CT2217979.1000234.TWC_location", "Nairobi, Kenya");
Line Deleted : user_pref("CT2217979.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2217979.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2217979.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT2217979.FF19Solved", "true");
Line Deleted : user_pref("CT2217979.FirstTime", "true");
Line Deleted : user_pref("CT2217979.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2217979.UserID", "UN73513726032172272");
Line Deleted : user_pref("CT2217979.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2217979.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT2217979.autoDisableScopes", -1);
Line Deleted : user_pref("CT2217979.countryCode", "KE");
Line Deleted : user_pref("CT2217979.defaultSearch", "false");
Line Deleted : user_pref("CT2217979.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT2217979.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2217979.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2217979.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT2217979.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2217979.fixUrls", true);
Line Deleted : user_pref("CT2217979.fullUserID", "UN73513726032172272.IN.20130624113741");
Line Deleted : user_pref("CT2217979.installDate", "24/06/2013 11:37:42");
Line Deleted : user_pref("CT2217979.installSessionId", "F03CC917-17DF-4E19-8B3B-E3F6F96F3F24");
Line Deleted : user_pref("CT2217979.installSp", "false");
Line Deleted : user_pref("CT2217979.installType", "xpe");
Line Deleted : user_pref("CT2217979.installUsage", "2013-06-24T11:38:04.1341075+03:00");
Line Deleted : user_pref("CT2217979.installUsageEarly", "2013-06-24T11:38:02.7613339+03:00");
Line Deleted : user_pref("CT2217979.installerVersion", "1.4.3.3");
Line Deleted : user_pref("CT2217979.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2217979.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2217979.keyword", "true");
Line Deleted : user_pref("CT2217979.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT2217979.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT2217979.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2217979.openThankYouPage", "false");
Line Deleted : user_pref("CT2217979.openUninstallPage", "true");
Line Deleted : user_pref("CT2217979.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT2217979.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2217979.search.searchAppId", "128819304016625457");
Line Deleted : user_pref("CT2217979.search.searchCount", "2");
Line Deleted : user_pref("CT2217979.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2217979.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2217979.searchRevert", "false");
Line Deleted : user_pref("CT2217979.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT2217979.searchUserMode", "1");
Line Deleted : user_pref("CT2217979.serviceLayer_services_Configuration_lastUpdate", "1392437675111");
Line Deleted : user_pref("CT2217979.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380516525520");
Line Deleted : user_pref("CT2217979.serviceLayer_services_appTracking_lastUpdate", "1376627189563");
Line Deleted : user_pref("CT2217979.serviceLayer_services_appsMetadata_lastUpdate", "1380954823863");
Line Deleted : user_pref("CT2217979.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380648953989");
Line Deleted : user_pref("CT2217979.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372063083181");
Line Deleted : user_pref("CT2217979.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372063085036");
Line Deleted : user_pref("CT2217979.serviceLayer_services_location_lastUpdate", "1372317237687");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372317238348");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.16.4.19_lastUpdate", "1372219873559");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373850913778");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.16.7.525_lastUpdate", "1374687276902");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377679475943");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378932175041");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379784647803");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381609432863");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.21.1.507_lastUpdate", "1385142973329");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387002078910");
Line Deleted : user_pref("CT2217979.serviceLayer_services_login_10.23.0.822_lastUpdate", "1392437674289");
Line Deleted : user_pref("CT2217979.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380648953784");
Line Deleted : user_pref("CT2217979.serviceLayer_services_searchAPI_lastUpdate", "1392437674874");
Line Deleted : user_pref("CT2217979.serviceLayer_services_serviceMap_lastUpdate", "1392437674618");
Line Deleted : user_pref("CT2217979.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380648953617");
Line Deleted : user_pref("CT2217979.serviceLayer_services_toolbarSettings_lastUpdate", "1392437674197");
Line Deleted : user_pref("CT2217979.serviceLayer_services_translation_lastUpdate", "1392437674120");
Line Deleted : user_pref("CT2217979.settingsINI", true);
Line Deleted : user_pref("CT2217979.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2217979.smartbar.CTID", "CT2217979");
Line Deleted : user_pref("CT2217979.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2217979.smartbar.toolbarName", "Malumaat ");
Line Deleted : user_pref("CT2217979.startPage", "false");
Line Deleted : user_pref("CT2217979.toolbarBornServerTime", "24-6-2013");
Line Deleted : user_pref("CT2217979.toolbarCurrentServerTime", "15-2-2014");
Line Deleted : user_pref("CT2217979.toolbarLoginClientTime", "Mon Jun 24 2013 11:38:05 GMT+0300");
Line Deleted : user_pref("CT2217979.versionFromInstaller", "10.16.4.19");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("extensions.gsrJ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.qw4lu.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2217979");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2217979&SearchSource=2&CUI=UN73513726032172272&UM=1&q=");
Line Deleted : user_pref("smartbar.machineId", "QPJMXAV/SSNDA4Z8QGF/LUEXHFF7D6HERL9PFKYI4/D+3FZHLXVW8OMDFJ9T1QZALAJHHTK+9NQSZJ9N1AJ8NG");
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT2217979.mam_gk_userBornDate.storedInFile", false);

-\\ Google Chrome v

[ File : C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14869 octets] - [30/07/2014 17:36:18]
AdwCleaner[S0].txt - [14868 octets] - [30/07/2014 17:41:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14929 octets] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by taha and mariam (administrator) on TAHAANDMARIAM on 30-07-2014 17:49:18
Running from C:\Users\taha and mariam\Downloads
Platform: Microsoft Windows 7 Starter  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Nokia) C:\Program Files\Nokia\PC Internet Access\NPCIA.exe
(BitTorrent Inc.) C:\Users\taha and mariam\AppData\Roaming\BitTorrent\BitTorrent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\Run: [NokiaPCInternetAccess] => C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [663552 2009-09-17] (Nokia)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\Run: [BitTorrent] => C:\Users\taha and mariam\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2df25a2b-0971-11e2-8c6c-e81132295421} - H:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2fccd533-4410-11e1-8660-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {2fccd545-4410-11e1-8660-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d2eb-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d2fa-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {3a48d312-4435-11e1-ac1a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {5adcaf52-b230-11e1-9bc3-001bb1fb43d4} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {60e84c21-ac4b-11e0-a695-001bb1fb43d4} - E:\PcOptions.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {6f44fe96-2757-11e1-9442-001bb1fb43d4} - F:\Windows\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72b4f637-9281-11e1-b4c1-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72d8f5ab-5a20-11e1-9c96-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {72d8f5db-5a20-11e1-9c96-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {90baaca3-81b8-11e1-85a1-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {99d37de4-8fbb-11e1-949a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {99d37df2-8fbb-11e1-949a-001bb1fb43d4} - F:\AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {a5332369-0991-11e2-80c7-e81132295421} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-3277420264-3927685385-4293435932-1000\...\MountPoints2: {f6a7816e-91cf-11e1-9b53-001bb1fb43d4} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\taha and mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 41.212.3.2 41.212.3.253 62.8.64.6 8.8.8.8
Tcpip\..\Interfaces\{5EF44394-B4BA-463B-8B96-0605E9D58522}: [NameServer]196.201.208.2 209.244.0.3
Tcpip\..\Interfaces\{66ACB9B4-01A4-4869-8443-A2A9FA17389C}: [NameServer]196.201.208.2 209.244.0.3
Tcpip\..\Interfaces\{DF43A343-6194-48E6-8197-F53C31D2F2CA}: [NameServer]196.201.217.11 209.244.0.3

FireFox:
========
FF ProfilePath: C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: proicechoip - C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\hormv.8u5@jw-tai.org [2014-07-20]
FF Extension: EPUBReader - C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-04-08]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010-11-24]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-11-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-22]

Chrome:
=======
CHR HomePage:
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn [2014-07-20]
CHR Extension: (Keep Me) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-20]
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn\3.9 [2014-07-20]
CHR HKLM\...\Chrome\Extension: [ecjjcfnelnmnlkacilelkkihjicinbfe] - C:\ProgramData\Bcool\ecjjcfnelnmnlkacilelkkihjicinbfe.crx [2014-07-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\TAHAAN~1\AppData\Local\Temp\crxD1D3.tmp [2014-07-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-27] (AVAST Software)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-27] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-27] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-27] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-27] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-27] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-27] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-27] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-27] ()
S3 btwampfl; C:\windows\System32\drivers\btwampfl.sys [297000 2010-07-14] (Broadcom Corporation.)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [109056 2010-04-01] (ELAN Microelectronics Corp.)
S3 massfilter; C:\windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
S3 orange_zte_cdc_acm; C:\windows\System32\DRIVERS\orange_zte_cdc_acm.sys [66432 2011-01-18] (ZTE)
S3 orange_zte_cpo; C:\windows\System32\DRIVERS\orange_zte_cpo.sys [9984 2011-01-18] (ZTE)
R0 PxHelp20; C:\windows\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2011-02-25] (Windows ® 2003 DDK 3790 provider)
R1 SCDEmu; C:\windows\system32\Drivers\SCDEmu.sys [59388 2009-11-09] (PowerISO Computing, Inc.) [File not signed]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 17:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-30 17:35 - 2014-07-30 17:41 - 00000000 ___DC () C:\AdwCleaner
2014-07-30 17:34 - 2014-07-30 17:35 - 01365551 _____ () C:\Users\taha and mariam\Downloads\AdwCleaner.exe
2014-07-30 13:22 - 2014-07-30 13:24 - 00047189 _____ () C:\Users\taha and mariam\Downloads\Addition.txt
2014-07-30 13:21 - 2014-07-30 17:49 - 00015326 _____ () C:\Users\taha and mariam\Downloads\FRST.txt
2014-07-30 13:20 - 2014-07-30 17:49 - 00000000 ___DC () C:\FRST
2014-07-30 13:17 - 2014-07-30 13:18 - 01084416 _____ (Farbar) C:\Users\taha and mariam\Downloads\FRST.exe
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-27 14:39 - 2014-07-27 14:39 - 00000000 ___DC () C:\NPE
2014-07-27 14:37 - 2014-07-27 14:51 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\NPE
2014-07-27 09:25 - 2014-07-27 09:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-23 09:00 - 2014-07-23 09:00 - 01005928 _____ () C:\Users\taha and mariam\Downloads\Attachments_2014723.zip
2014-07-21 13:58 - 2014-07-30 17:42 - 00000672 _____ () C:\windows\setupact.log
2014-07-21 13:58 - 2014-07-21 13:58 - 00000000 _____ () C:\windows\setuperr.log
2014-07-20 23:17 - 2014-07-20 23:17 - 00000000 ____D () C:\ProgramData\GreenBay App
2014-07-20 23:12 - 2014-07-20 23:15 - 00000000 ____D () C:\ProgramData\817a3789b96703e
2014-07-20 23:12 - 2014-07-20 23:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 17:49 - 2014-07-30 13:21 - 00015326 _____ () C:\Users\taha and mariam\Downloads\FRST.txt
2014-07-30 17:49 - 2014-07-30 13:20 - 00000000 ___DC () C:\FRST
2014-07-30 17:48 - 2011-09-24 13:19 - 00000000 ____D () C:\Users\taha and mariam\AppData\Roaming\BitTorrent
2014-07-30 17:43 - 2012-09-30 19:28 - 00000432 ____H () C:\windows\Tasks\OptimizerPro1UpdaterTask{0E669224-4E6A-4078-82E7-F6602D52720E}.job
2014-07-30 17:43 - 2012-09-18 16:26 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 17:43 - 2009-07-14 07:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-30 17:42 - 2014-07-21 13:58 - 00000672 _____ () C:\windows\setupact.log
2014-07-30 17:42 - 2013-02-22 06:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 17:42 - 2011-05-03 06:24 - 00291482 _____ () C:\windows\PFRO.log
2014-07-30 17:42 - 2010-11-25 05:06 - 01260428 _____ () C:\windows\WindowsUpdate.log
2014-07-30 17:41 - 2014-07-30 17:35 - 00000000 ___DC () C:\AdwCleaner
2014-07-30 17:35 - 2014-07-30 17:34 - 01365551 _____ () C:\Users\taha and mariam\Downloads\AdwCleaner.exe
2014-07-30 17:30 - 2012-09-18 16:26 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 13:24 - 2014-07-30 13:22 - 00047189 _____ () C:\Users\taha and mariam\Downloads\Addition.txt
2014-07-30 13:18 - 2014-07-30 13:17 - 01084416 _____ (Farbar) C:\Users\taha and mariam\Downloads\FRST.exe
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 10:41 - 2009-07-14 07:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 10:41 - 2009-07-14 07:34 - 00010272 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 16:46 - 2014-02-05 14:56 - 00000000 ____D () C:\Users\taha and mariam\Documents\3 Current PaySlips_files
2014-07-27 16:43 - 2009-07-26 23:06 - 00730320 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-27 14:51 - 2014-07-27 14:37 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\NPE
2014-07-27 14:39 - 2014-07-27 14:39 - 00000000 ___DC () C:\NPE
2014-07-27 14:37 - 2010-11-24 12:31 - 00000000 ____D () C:\ProgramData\Norton
2014-07-27 12:45 - 2011-10-17 21:56 - 00000000 ____D () C:\Program Files\PowerISO
2014-07-27 09:28 - 2012-09-18 16:26 - 00000000 ____D () C:\Program Files\Google
2014-07-27 09:25 - 2014-07-27 09:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-27 09:25 - 2014-04-24 20:10 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-27 09:25 - 2014-02-15 07:18 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-27 09:25 - 2013-11-22 20:52 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-27 09:25 - 2013-03-12 20:49 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-27 09:25 - 2013-03-12 20:49 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-27 09:25 - 2012-12-22 20:14 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-27 09:25 - 2012-12-22 20:14 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-24 22:49 - 2011-04-20 06:49 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Adobe
2014-07-23 09:00 - 2014-07-23 09:00 - 01005928 _____ () C:\Users\taha and mariam\Downloads\Attachments_2014723.zip
2014-07-21 13:58 - 2014-07-21 13:58 - 00000000 _____ () C:\windows\setuperr.log
2014-07-20 23:17 - 2014-07-20 23:17 - 00000000 ____D () C:\ProgramData\GreenBay App
2014-07-20 23:17 - 2012-09-30 19:25 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-20 23:15 - 2014-07-20 23:12 - 00000000 ____D () C:\ProgramData\817a3789b96703e
2014-07-20 23:12 - 2014-07-20 23:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-20 23:12 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 23:12 - 2011-09-24 13:26 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Google
2014-07-20 23:12 - 2011-07-22 23:35 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\CrashDumps
2014-07-20 23:12 - 2009-07-14 05:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Guest
2014-07-20 23:11 - 2014-07-20 23:11 - 00000000 ____D () C:\Users\Administrator

Some content of TEMP:
====================
C:\Users\taha and mariam\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\taha and mariam\AppData\Local\Temp\Quarantine.exe
C:\Users\taha and mariam\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 20:57

==================== End Of Log ============================
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 30 July 2014 - 10:05 AM

Do you still get these alerts from avast after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   1.76KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 tahasey

tahasey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 30 July 2014 - 05:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by taha and mariam at 2014-07-30 21:24:59 Run:1
Running from C:\Users\taha and mariam\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: proicechoip - C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\hormv.8u5@jw-tai.org [2014-07-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn [2014-07-20]
CHR Extension: (Keep Me) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-20]
CHR Extension: (proicechoip) - C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn\3.9 [2014-07-20]
CHR HKLM\...\Chrome\Extension: [ecjjcfnelnmnlkacilelkkihjicinbfe] - C:\ProgramData\Bcool\ecjjcfnelnmnlkacilelkkihjicinbfe.crx [2014-07-20]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\TAHAAN~1\AppData\Local\Temp\crxD1D3.tmp [2014-07-27]
2014-07-20 23:17 - 2014-07-20 23:17 - 00000000 ____D () C:\ProgramData\GreenBay App
2014-07-20 23:12 - 2014-07-20 23:15 - 00000000 ____D () C:\ProgramData\817a3789b96703e
2014-07-20 23:12 - 2014-07-20 23:12 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\taha and mariam\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-20 23:12 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-20 23:11 - 2014-07-20 23:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
Reboot:
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\taha and mariam\AppData\Roaming\Mozilla\Firefox\Profiles\izix435n.default\Extensions\hormv.8u5@jw-tai.org => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn => Moved successfully.
C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb => Moved successfully.
C:\Users\taha and mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\debldekdocnhckcekbadnaffimdmfmgn\3.9 directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ecjjcfnelnmnlkacilelkkihjicinbfe" => Key deleted successfully.
"C:\ProgramData\Bcool\ecjjcfnelnmnlkacilelkkihjicinbfe.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
"C:\Users\TAHAAN~1\AppData\Local\Temp\crxD1D3.tmp" => File/Directory not found.
C:\ProgramData\GreenBay App => Moved successfully.
C:\ProgramData\817a3789b96703e => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\Users\taha and mariam\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo => Moved successfully.
C:\Users\Guest\AppData\Local\Google => Moved successfully.
C:\Users\Administrator\AppData\Local\Google => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6eb79732f190b64ba5cf5581cd52cf0d
# engine=19424
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-30 08:51:02
# local_time=2014-07-30 11:51:02 (+0300, E. Africa Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 311076 171170352 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9012 158384653 0 0
# scanned=106875
# found=24
# cleaned=0
# scan_time=7419
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\BitTorrentBarToolbarHelper.exe.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\BitTorrentBarToolbarHelper1.exe.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\ldrtbBit0.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\ldrtbBitT.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\prxtbBit0.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\prxtbBitT.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\tbBit0.dll.vir"
sh=D1E4276CD4BECD62673458D3259E38E07E2344E1 ft=1 fh=99d4677c02598452 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BitTorrentBar\tbBitT.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=65B47ED5EC889E0E558C79A13A81193FC59B8CE9 ft=1 fh=8d1793675b672a4e vn="Win32/Adware.MultiPlug.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Bcool\506873f657cf9.ocx.vir"
sh=193B1979FF8871BD3457B7A287F0735544B18BBC ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Bcool\506873f657d2f.html.vir"
sh=8EE9FB5AE2B8B6679E36388F102438C3C72C628E ft=1 fh=fc1817d8cca0d243 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\Local\Conduit\CT2790392\BitTorrentBarAutoUpdateHelper.exe.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\ldrtbBit0.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\ldrtbBitT.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\tbBit0.dll.vir"
sh=B4267CC9FBAA1133921BBF40835E07DAA481E025 ft=1 fh=39d86043333a1074 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\tbBit1.dll.vir"
sh=D1E4276CD4BECD62673458D3259E38E07E2344E1 ft=1 fh=99d4677c02598452 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\tbBitT.dll.vir"
sh=2E1B7C43065B37D868D13C78AFC08B6955BE63AD ft=1 fh=d8370df7613a73e4 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\taha and mariam\AppData\LocalLow\BitTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll.vir"
sh=5372947AB0DFEDA021C107EA5F15F8939F19F9E6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome\bittorrentbar.jar"
sh=6E1C93430FCB79BEDEEA49E988558819D4B99DBD ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\taha and mariam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC9SN1KX\rewardzone_tjosurveys_com[1].htm"
sh=52DB4A3DF4CA6C9E4E95FE0851DBDBBA143ABA46 ft=1 fh=edcaab60c905b421 vn="a variant of Win32/Tool.TPE.A potentially unsafe application" ac=I fn="C:\Users\taha and mariam\Documents\Tally 9 & 9.1 Full\Tally Full 9.1.0\patch-fixed.exe"
sh=6764F362CD06DBEB907FA3F7C5B89302632ADDD8 ft=1 fh=892ef3c25ca9521a vn="a variant of Win32/Tool.TPE.A potentially unsafe application" ac=I fn="C:\Users\taha and mariam\Documents\Tally 9 & 9.1 Full\Tally Full 9.1.0\Tally 9 1.0\patch.exe"
sh=10EB6A231C1EFAFCC0425E5366F1D1D2FE52C8E5 ft=1 fh=12f8b9c4bcc25b17 vn="a variant of Win32/Toolbar.Conduit.AE potentially unwanted application" ac=I fn="C:\Users\taha and mariam\Downloads\tb_Malumaat.exe"
sh=024210644D88CFCAD58FE13E4EAEA05F02B339A7 ft=1 fh=e5615f6a483f2ccf vn="multiple threats" ac=I fn="C:\Windows\Temp\RegistryOptimizer.exe"



#8 tahasey

tahasey
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 30 July 2014 - 05:46 PM

Thanks alot for assisting me, it seems the alerts have stopped now. i hope it means i am clean now. can you advice me on a reliable antivirus/ antimalware which can keep my comp safe in future.

salute you for an excellent job.

 

Taha



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 31 July 2014 - 01:54 AM

This looks good indeed. The stuff that ESET has found is already in quarantine or just some remnants, but no more active malware.
There is nothing wrong with avast, no need to change anything there. But more important than the choice of an antivirus software are other things. I provide you with a link to a list of security tips at the end.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.1

Also: Download and install Service Pack 1 for Windows 7.
Afterwards go to Start -> All programs -> Windows Update and install all updates. Repeat this step until no more new updates are provided there. Also open the settings and make sure that automatic Windows updates are enabled.




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:40 AM

Posted 03 September 2014 - 05:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users