Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hello please help :(


  • This topic is locked This topic is locked
26 replies to this topic

#1 kittenme

kittenme

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 12:57 AM

the malwarebyte program found virus called hijack userinit

i downloaded hijackthis program from here and i followed the instrucures and this is the the logfile result

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:41:32 AM, on 3/30/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 36.0.4 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Dell\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\missAU.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1427688521
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User '?')
O4 - HKUS\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [Adobe Speed Launcher] 1427688521 (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11659 bytes



BC AdBot (Login to Remove)

 


#2 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 01:14 AM

start up list

 

 

StartupList report, 3/30/2015, 9:11:55 AM
StartupList version: 1.52.2
Started from : C:\Users\Dell\Downloads\HijackThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v8.00 (8.00.7601.17514)
* Using default options
==================================================

Running processes:

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Dell\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
Bluetooth.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\missAU.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AdobeCS5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
KiesHelper = C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Avira Systray = C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

KiesPDLR = C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
AdobeBridge =
SandboxieControl = "C:\Program Files\Sandboxie\SbieCtrl.exe"
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Akamai NetSession Interface = "C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Adobe Speed Launcher = 1427688521

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SkypeIEPluginBHO - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
(no name) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\system32\wshbth.dll
NameSpace #6: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
NameSpace #7: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\Dell\AppData\Local\Temp\~nsu.tmp\Au_.exe||C:\Users\Dell\AppData\Local\Temp\_iu14D2N.tmp


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
End of report, 6,132 bytes
Report generated in 0.063 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 AM

Posted 30 March 2015 - 01:58 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 02:20 AM

thanks for your help i am doing scan and will send the result when it finished



#5 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 02:22 AM

FRST result is :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Dell (administrator) on DELL-PC on 30-03-2015 10:19:32
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell &  (Available profiles: Dell)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-30] (Samsung)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-30] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\missAU.exe [X]
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-02] (Microsoft Corporation)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-30] ()
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\RunOnce: [Adobe Speed Launcher] => 1427688521
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: {531b0745-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: {531b0756-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-30] ()
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] => 1427688521
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {531b0745-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {531b0756-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1654346481-3145013308-632138677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-09-30] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=027cf9ca-bffc-4804-9cbe-eeca8f4cf199&SearchSource=55&CUI=&UM=5&UP=SPDEA580AF-742B-4940-9F23-158B7563065A&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Skype Click to Call) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-28] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-29] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-29] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2011-08-25] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-29] ()
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Iviaspi; system32\drivers\iviaspi.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 10:17 - 2015-03-30 10:19 - 00020531 _____ () C:\Users\Dell\Downloads\FRST.txt
2015-03-30 10:17 - 2015-03-30 10:19 - 00000000 ____D () C:\FRST
2015-03-30 10:16 - 2015-03-30 10:16 - 02095616 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2015-03-30 09:11 - 2015-03-30 09:11 - 00005947 _____ () C:\Users\Dell\Downloads\startuplist.txt
2015-03-30 09:10 - 2015-03-30 09:10 - 00000000 ____D () C:\Users\Dell\Downloads\backups
2015-03-30 08:31 - 2015-03-30 08:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dell\Downloads\HijackThis.exe
2015-03-30 07:53 - 2015-03-30 07:59 - 41840320 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\Windows-KB890830-x64-V5.22.exe
2015-03-30 07:53 - 2015-03-30 07:54 - 02238600 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\DefaultPack.EXE
2015-03-30 05:16 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-03-30 01:23 - 2015-03-30 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-30 01:22 - 2015-03-30 01:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-30 01:22 - 2015-03-30 01:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-29 23:00 - 2015-03-29 23:03 - 00000000 ____D () C:\EEK
2015-03-29 22:02 - 2015-03-29 22:56 - 162059872 _____ () C:\Users\Dell\Downloads\EmsisoftEmergencyKit.exe
2015-03-29 22:00 - 2015-03-29 22:06 - 00000000 ____D () C:\AdwCleaner
2015-03-29 21:59 - 2015-03-29 21:59 - 02168320 _____ () C:\Users\Dell\Downloads\AdwCleaner.exe
2015-03-29 20:23 - 2015-03-29 21:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-29 20:23 - 2015-03-29 20:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-29 20:18 - 2015-03-29 20:22 - 16727128 _____ () C:\Users\Dell\Downloads\RogueKiller.exe
2015-03-29 19:09 - 2015-03-29 19:09 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-29 18:43 - 2015-03-29 19:06 - 00000294 _____ () C:\Windows\system32\.crusader
2015-03-29 18:19 - 2015-03-29 18:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-29 18:18 - 2015-03-29 18:18 - 00000020 _____ () C:\Users\Dell\AppData\Roaming\appdataFr3.bin
2015-03-29 18:14 - 2015-03-29 18:16 - 11028616 _____ (SurfRight B.V.) C:\Users\Dell\Downloads\HitmanPro_x64.exe
2015-03-29 17:23 - 2015-03-29 17:23 - 00887280 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\mssstool64.exe
2015-03-29 15:34 - 2015-03-29 15:34 - 00043004 _____ () C:\Users\Dell\Downloads\Extras.Txt
2015-03-29 15:33 - 2015-03-29 15:33 - 00084970 _____ () C:\Users\Dell\Downloads\OTL.Txt
2015-03-29 15:06 - 2015-03-29 15:06 - 00688992 _____ (Swearware) C:\Users\Dell\Downloads\dds.scr
2015-03-29 15:05 - 2015-03-29 15:05 - 00688992 _____ (Swearware) C:\Users\Dell\Downloads\dds.com
2015-03-29 14:27 - 2015-03-29 14:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dell\Downloads\rkill.scr
2015-03-29 14:27 - 2015-03-29 14:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dell\Downloads\rkill.com
2015-03-29 14:27 - 2015-03-29 14:28 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dell\Downloads\rkill(1).exe
2015-03-29 14:27 - 2015-03-29 14:27 - 02347384 _____ (ESET) C:\Users\Dell\Downloads\esetsmartinstaller_enu.exe
2015-03-29 14:11 - 2015-03-29 14:14 - 21542776 _____ (SUPERAntiSpyware) C:\Users\Dell\Downloads\SUPERAntiSpyware.exe
2015-03-29 13:41 - 2015-03-29 13:41 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Dell\Downloads\tdsskiller.exe
2015-03-29 12:34 - 2015-03-29 12:34 - 00026624 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\userinit.exe
2015-03-29 11:10 - 2015-03-29 11:11 - 00000000 ____D () C:\KVRT_Data
2015-03-29 10:49 - 2015-03-29 10:50 - 00602112 _____ (OldTimer Tools) C:\Users\Dell\Downloads\OTL.exe
2015-03-29 10:43 - 2015-03-29 10:43 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Dell\Downloads\rkill64.exe
2015-03-29 10:42 - 2015-03-29 10:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Dell\Downloads\rkill.exe
2015-03-29 10:15 - 2015-03-29 10:15 - 03060320 _____ (Symantec Corporation) C:\Users\Dell\Downloads\NPE.exe
2015-03-29 09:15 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-29 09:15 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-29 09:15 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-29 09:15 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-29 09:15 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-29 09:15 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-29 09:15 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-29 09:15 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-29 09:15 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-29 09:15 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-29 09:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-29 09:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-29 09:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-29 09:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-29 09:12 - 2015-03-29 15:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-29 08:00 - 2015-03-29 08:00 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2015-03-29 07:53 - 2015-03-29 07:53 - 00001409 _____ () C:\Users\Dell\Desktop\JRT.txt
2015-03-29 07:09 - 2015-03-29 07:11 - 14160536 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\MSEInstall.exe
2015-03-29 04:02 - 2015-03-29 04:02 - 01389240 _____ (Thisisu) C:\Users\Dell\Downloads\JRT.exe
2015-03-29 03:59 - 2015-03-30 09:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 03:49 - 2015-03-29 03:49 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 03:49 - 2015-03-29 03:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 03:48 - 2015-03-29 15:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-29 03:48 - 2015-03-29 03:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 03:48 - 2015-03-29 03:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 03:48 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-29 03:48 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-29 03:35 - 2015-03-29 03:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Dell\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-24 00:53 - 2015-03-30 09:12 - 01250547 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 15:25 - 2015-03-23 17:23 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\Avira
2015-03-22 14:49 - 2015-03-17 14:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-22 14:49 - 2015-03-17 14:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-22 14:49 - 2015-03-17 14:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-22 14:49 - 2015-03-17 14:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-21 23:50 - 2015-03-29 23:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 03:22 - 2015-03-21 03:23 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Dell\Downloads\avira_en_av_550cb9b0e0922__ws.exe
2015-03-20 06:04 - 2015-03-24 09:51 - 00001094 _____ () C:\Users\Public\Desktop\Singularity (64 bit) Viewer.lnk
2015-03-20 06:03 - 2015-03-21 02:08 - 00000000 ____D () C:\Program Files\Singularity
2015-03-19 22:45 - 2015-03-20 06:01 - 31313116 _____ () C:\Users\Dell\Downloads\Singularity_1-8-6-6157_x86-64_Setup.exe
2015-03-15 15:51 - 2015-03-15 15:51 - 00000000 ____D () C:\Users\Dell\Tracing

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 10:19 - 2013-06-05 06:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 10:05 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2015-03-30 10:03 - 2013-06-04 01:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 09:00 - 2013-11-15 04:02 - 00000193 _____ () C:\Windows\WORDPAD.INI
2015-03-30 08:59 - 2014-01-13 03:47 - 00000000 ____D () C:\Users\Dell\AppData\Local\AChat
2015-03-30 08:25 - 2013-07-27 10:28 - 00000000 ____D () C:\Program Files (x86)\AliveMedia
2015-03-30 07:15 - 2014-06-03 02:57 - 00000000 ____D () C:\Users\Dell\AppData\Local\CrashDumps
2015-03-30 07:15 - 2009-07-14 07:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 07:15 - 2009-07-14 07:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 07:09 - 2013-06-03 21:29 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\Skype
2015-03-30 07:07 - 2013-06-05 06:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 07:06 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 06:08 - 2009-07-14 10:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-30 06:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\tracing
2015-03-30 06:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-30 06:07 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-30 06:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-03-30 06:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-30 06:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-30 06:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-30 06:06 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-30 05:29 - 2013-11-01 00:55 - 00771372 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-30 05:29 - 2009-07-14 08:13 - 00771372 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 01:14 - 2013-11-01 04:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-29 20:04 - 2013-06-03 19:56 - 00000000 ____D () C:\Users\Dell
2015-03-29 19:53 - 2013-11-07 05:03 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\IMVU
2015-03-29 19:45 - 2014-03-30 17:30 - 00000000 ____D () C:\Users\Dell\AppData\Local\FirestormOS_x64
2015-03-29 09:12 - 2013-06-07 20:10 - 00001828 _____ () C:\Windows\Sandboxie.ini
2015-03-29 05:03 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\schemas
2015-03-24 09:51 - 2013-06-05 06:24 - 00002106 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 22:52 - 2015-02-08 04:10 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\IDM
2015-03-23 17:20 - 2015-02-10 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-23 17:19 - 2014-03-01 01:32 - 00000000 ____D () C:\ProgramData\Avira
2015-03-22 15:02 - 2015-02-08 01:58 - 00000000 ____D () C:\ProgramData\{b334f003-fa1a-e573-b334-4f003fa1c00f}
2015-03-22 14:49 - 2015-02-10 17:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-21 23:51 - 2014-07-11 02:00 - 00000000 ____D () C:\Users\Dell\AppData\Local\Adobe
2015-03-21 02:08 - 2013-12-04 21:41 - 00000000 ____D () C:\Users\Dell\AppData\Local\SingularityViewer64
2015-03-19 22:27 - 2015-02-22 21:58 - 00000000 ____D () C:\Program Files (x86)\Urban Dictionary Search
2015-03-19 22:01 - 2015-02-08 04:09 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-15 16:34 - 2013-09-29 09:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-15 16:24 - 2013-09-29 09:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-15 16:19 - 2014-02-25 08:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-15 15:50 - 2013-06-03 21:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 15:49 - 2013-06-03 21:29 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 18:48 - 2013-06-04 15:09 - 122905856 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 11:07 - 2013-06-29 07:58 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\DMCache
2015-03-03 16:17 - 2013-06-03 21:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-06-05 18:39 - 2013-06-05 18:39 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-06-05 06:10 - 2015-02-21 06:17 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-10-02 13:01 - 2013-10-02 13:01 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-03-29 18:18 - 2015-03-29 18:18 - 0000020 _____ () C:\Users\Dell\AppData\Roaming\appdataFr3.bin

Some content of TEMP:
====================
C:\Users\Dell\AppData\Local\Temp\avgnt.exe
C:\Users\Dell\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dell\AppData\Local\Temp\HitmanPro.exe
C:\Users\Dell\AppData\Local\Temp\Quarantine.exe
C:\Users\Dell\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-30 09:52

==================== End Of Log ============================



#6 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 02:26 AM

addition :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Dell at 2015-03-30 10:20:29
Running from C:\Users\Dell\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.502 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eudemons Online (HKLM-x32\...\{74DAC110-F3C3-4E35-83A8-E6D8193927EE}_is1) (Version: 1690 - TQ Digital Entertainment Inc.)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Singularity (64 bit) (remove only) (HKLM-x32\...\Singularity (64 bit)) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.4 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.2.4 - SmartSound Software Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-03-2015 09:13:34 Windows Update
29-03-2015 10:38:43 Windows Update
29-03-2015 19:05:51 Checkpoint by HitmanPro
30-03-2015 00:56:39 Windows Update
30-03-2015 03:01:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2BC86BAC-5690-45EA-B408-A38FCCD86BF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {767C51D7-FD15-4D75-B334-F56EF94B98F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {7A746272-FCB1-4BAF-B3FA-39B3DCD9336E} - System32\Tasks\AdobeAAMUpdater-1.0-Dell-PC-Dell => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {A9042BD3-8045-4AEC-93C8-076249D056ED} - System32\Tasks\{26F551AE-7919-45A2-9437-07CFDCA96773} => Iexplore.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {AF007DDD-9FA7-43AB-AB2B-F727E5781100} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {C97B86E5-3EEC-43A0-8AA3-889B7D7B7EB6} - System32\Tasks\{D47E9E70-01BC-4D65-9348-550316C02312} => Firefox.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {F9989EDF-4534-4B4B-86D3-59697A3CC301} - System32\Tasks\{4A6FC72B-95EC-4766-9E07-63940296A8DF} => pcalua.exe -a D:\edmons\Demons-online-Client-Ver8130.exe -d D:\edmons
Task: {FBF02A9E-0689-415E-A009-C35B900E2959} - System32\Tasks\{64FCD619-240D-4307-908B-6D439B990151} => pcalua.exe -a "C:\Users\Dell\Downloads\Compressed\Nemooco-FulGame Kamla\لابد من تسطيب هذا البرنامج.exe" -d "C:\Users\Dell\Downloads\Compressed\Nemooco-FulGame Kamla"
Task: {FEE4069E-256D-40C8-8406-A31473F6E4EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-12-29 14:19 - 2009-12-29 14:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-02-19 14:43 - 2013-02-19 14:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-30 12:52 - 2011-09-30 12:52 - 00020880 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2015-03-29 18:46 - 2015-03-29 18:46 - 00115137 _____ () C:\Users\Dell\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1654346481-3145013308-632138677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1654346481-3145013308-632138677-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1654346481-3145013308-632138677-500 - Administrator - Disabled)
Dell (S-1-5-21-1654346481-3145013308-632138677-1000 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-1654346481-3145013308-632138677-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 10:17:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 398

Start Time: 01d06ab981c0d2be

Termination Time: 10

Application Path: C:\Users\Dell\Downloads\FRST64.exe

Report Id:

Error: (03/30/2015 10:01:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/30/2015 08:02:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/29/2015 08:51:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x11fc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/29/2015 07:58:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000218,(null),0,REG_BINARY,0000000001D9EB00.72).  hr = 0x80070005, Access is denied.
.

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,(null),0,REG_BINARY,00000000020BEE60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {0f6a0ed1-2911-433b-9c1a-01e0f010db4e}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,(null),0,REG_BINARY,00000000020BEE60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {0f6a0ed1-2911-433b-9c1a-01e0f010db4e}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b38,(null),0,REG_BINARY,0000000005DCE380.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {c7327fa5-c675-4468-9e5d-d3c864a9b1cc}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000004c4,(null),0,REG_BINARY,00000000052DE0A0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {be4e5077-df09-4d2b-980f-aee1f2e3cc7a}


System errors:
=============
Error: (03/30/2015 08:53:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/30/2015 08:53:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/30/2015 08:16:28 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:25 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:21 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:18 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:14 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:11 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/30/2015 08:16:04 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (03/30/2015 10:17:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe11.3.2015.039801d06ab981c0d2be10C:\Users\Dell\Downloads\FRST64.exe

Error: (03/30/2015 10:01:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Dell\downloads\esetsmartinstaller_enu.exe

Error: (03/30/2015 08:02:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dell\Downloads\esetsmartinstaller_enu.exe

Error: (03/29/2015 08:51:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e0211fc01d06a448631c9daC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll4bce5171-d63c-11e4-9a7d-bd88404d0cdb

Error: (03/29/2015 07:58:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dell\Downloads\esetsmartinstaller_enu.exe

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000218,(null),0,REG_BINARY,0000000001D9EB00.72)0x80070005, Access is denied.

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,00000000020BEE60.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {0f6a0ed1-2911-433b-9c1a-01e0f010db4e}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,00000000020BEE60.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {0f6a0ed1-2911-433b-9c1a-01e0f010db4e}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b38,(null),0,REG_BINARY,0000000005DCE380.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {c7327fa5-c675-4468-9e5d-d3c864a9b1cc}

Error: (03/29/2015 07:07:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000004c4,(null),0,REG_BINARY,00000000052DE0A0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {be4e5077-df09-4d2b-980f-aee1f2e3cc7a}


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 72%
Total physical RAM: 2934.7 MB
Available physical RAM: 812.82 MB
Total Pagefile: 5867.59 MB
Available Pagefile: 3262.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.39 GB) (Free:99.11 GB) NTFS
Drive d: () (Fixed) (Total:319.28 GB) (Free:268.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 31CFA4FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 02:31 AM

i have a question .. this virus can move to my flash drive that i use sometimes or can move to my phone f it connected to my labtop by cable?

and if the answer is (yes)  , this virus can move again from my flash drive and y phone to my labtop again , and be never ending cyrcle xD!

thanks so much for helping me i am really worry i read on internet that virus can streal my passwords and ids :(

, sorry my english not perfect ,it's my second language not my first



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 AM

Posted 30 March 2015 - 05:24 AM

Hi,
for now: Please do not connect any drives/phones with your computer.

Next steps are:
 
Step 1

Disable Registry Protection
 
version2013_disable-registry-protection_

Step 2

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Winlogon: [Userinit] C:\Windows\missAU.exe [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 3

revouninstaller.pngRevo Uninstaller Free

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 4

Reinstall Google Chrome. Download

Step 5

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 05:30 AM

avira antivrus looks different than the one you post it111.jpg



#10 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 05:39 AM

ok i disabled avira antivirus i am following the other steps now



#11 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 06:19 AM

fixlog.txt is :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Dell at 2015-03-30 13:13:09 Run:2
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell (Available profiles: Dell)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\missAU.exe [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
EmptyTemp: => Removed 23.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:13:13 ====



#12 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 06:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Dell (administrator) on DELL-PC on 30-03-2015 13:47:01
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell (Available profiles: Dell)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [929680 2011-09-30] (Samsung)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-30] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-30] ()
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: {531b0745-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-21-1654346481-3145013308-632138677-1000\...\MountPoints2: {531b0756-0f3e-11e3-aec9-782bcbec646a} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-02] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1654346481-3145013308-632138677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-09-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-09-30] (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\uogzaevm.default-1427603869289\Extensions\abs@avira.com [2015-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=027cf9ca-bffc-4804-9cbe-eeca8f4cf199&SearchSource=55&CUI=&UM=5&UP=SPDEA580AF-742B-4940-9F23-158B7563065A&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Skype Click to Call) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-27] (Emsisoft GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-29] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-29] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2002-03-19] (Pinnacle Systems GmbH) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2011-08-25] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-29] ()
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Iviaspi; system32\drivers\iviaspi.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 13:46 - 2015-03-30 13:46 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-30 13:46 - 2015-03-30 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-30 13:40 - 2015-03-30 13:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 13:40 - 2015-03-30 13:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 13:40 - 2015-03-30 13:40 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-30 13:40 - 2015-03-30 13:40 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-30 13:39 - 2015-03-30 13:39 - 00880208 _____ (Google Inc.) C:\Users\Dell\Downloads\ChromeSetup.exe
2015-03-30 13:20 - 2015-03-30 13:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-30 13:17 - 2015-03-30 13:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dell\Downloads\revosetup.exe
2015-03-30 13:08 - 2015-03-30 13:08 - 00000000 ____D () C:\OETemp
2015-03-30 12:49 - 2015-03-30 13:14 - 00000168 _____ () C:\Windows\setupact.log
2015-03-30 12:49 - 2015-03-30 13:13 - 00002240 _____ () C:\Windows\PFRO.log
2015-03-30 12:49 - 2015-03-30 12:49 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-30 09:20 - 2015-03-30 09:21 - 00024612 _____ () C:\Users\Dell\Downloads\Addition.txt
2015-03-30 09:17 - 2015-03-30 13:47 - 00015324 _____ () C:\Users\Dell\Downloads\FRST.txt
2015-03-30 09:17 - 2015-03-30 13:47 - 00000000 ____D () C:\FRST
2015-03-30 09:16 - 2015-03-30 09:16 - 02095616 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2015-03-30 08:11 - 2015-03-30 08:11 - 00005947 _____ () C:\Users\Dell\Downloads\startuplist.txt
2015-03-30 08:10 - 2015-03-30 08:10 - 00000000 ____D () C:\Users\Dell\Downloads\backups
2015-03-30 07:31 - 2015-03-30 07:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dell\Downloads\HijackThis.exe
2015-03-30 06:53 - 2015-03-30 06:59 - 41840320 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\Windows-KB890830-x64-V5.22.exe
2015-03-30 06:53 - 2015-03-30 06:54 - 02238600 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\DefaultPack.EXE
2015-03-30 04:16 - 2013-10-14 17:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-03-30 00:23 - 2015-03-30 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-30 00:22 - 2015-03-30 00:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-30 00:22 - 2015-03-30 00:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-29 22:00 - 2015-03-29 22:03 - 00000000 ____D () C:\EEK
2015-03-29 19:23 - 2015-03-29 20:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-29 19:23 - 2015-03-29 19:23 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-29 18:09 - 2015-03-29 18:09 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-29 17:43 - 2015-03-29 18:06 - 00000294 _____ () C:\Windows\system32\.crusader
2015-03-29 17:19 - 2015-03-29 17:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-29 17:18 - 2015-03-29 17:18 - 00000020 _____ () C:\Users\Dell\AppData\Roaming\appdataFr3.bin
2015-03-29 14:34 - 2015-03-29 14:34 - 00043004 _____ () C:\Users\Dell\Downloads\Extras.Txt
2015-03-29 14:05 - 2015-03-29 14:05 - 00688992 _____ (Swearware) C:\Users\Dell\Downloads\dds.com
2015-03-29 13:27 - 2015-03-29 13:27 - 02347384 _____ (ESET) C:\Users\Dell\Downloads\esetsmartinstaller_enu.exe
2015-03-29 11:34 - 2015-03-29 11:34 - 00026624 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\userinit.exe
2015-03-29 10:10 - 2015-03-29 10:11 - 00000000 ____D () C:\KVRT_Data
2015-03-29 08:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-29 08:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-29 08:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-29 08:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-29 08:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-29 08:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-29 08:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-29 08:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-29 08:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-29 08:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-29 08:14 - 2014-05-14 08:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-29 08:14 - 2014-05-14 08:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-29 08:14 - 2014-05-14 08:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-29 08:14 - 2014-05-14 08:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-29 08:12 - 2015-03-29 14:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-29 07:00 - 2015-03-29 07:00 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2015-03-29 06:53 - 2015-03-29 06:53 - 00001409 _____ () C:\Users\Dell\Desktop\JRT.txt
2015-03-29 02:59 - 2015-03-30 12:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 02:49 - 2015-03-29 02:49 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 02:49 - 2015-03-29 02:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 02:48 - 2015-03-29 14:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-29 02:48 - 2015-03-29 02:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 02:48 - 2015-03-29 02:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 02:48 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-29 02:48 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-23 23:53 - 2015-03-30 13:17 - 01302257 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 22:50 - 2015-03-29 22:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 05:04 - 2015-03-24 08:51 - 00001094 _____ () C:\Users\Public\Desktop\Singularity (64 bit) Viewer.lnk
2015-03-20 05:03 - 2015-03-21 01:08 - 00000000 ____D () C:\Program Files\Singularity
2015-03-19 21:45 - 2015-03-20 05:01 - 31313116 _____ () C:\Users\Dell\Downloads\Singularity_1-8-6-6157_x86-64_Setup.exe
2015-03-15 14:51 - 2015-03-15 14:51 - 00000000 ____D () C:\Users\Dell\Tracing

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 13:46 - 2013-06-05 05:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-30 13:29 - 2013-06-03 20:29 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\Skype
2015-03-30 13:21 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 13:21 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 13:18 - 2009-07-14 07:13 - 00785460 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 13:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 13:09 - 2014-03-01 00:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-30 13:09 - 2014-03-01 00:32 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 13:03 - 2013-06-04 00:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 12:36 - 2014-03-30 16:30 - 00000000 ____D () C:\Users\Dell\AppData\Local\FirestormOS_x64
2015-03-30 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-30 08:00 - 2013-11-15 03:02 - 00000193 _____ () C:\Windows\WORDPAD.INI
2015-03-30 07:59 - 2014-01-13 02:47 - 00000000 ____D () C:\Users\Dell\AppData\Local\AChat
2015-03-30 07:25 - 2013-07-27 09:28 - 00000000 ____D () C:\Program Files (x86)\AliveMedia
2015-03-30 06:15 - 2014-06-03 01:57 - 00000000 ____D () C:\Users\Dell\AppData\Local\CrashDumps
2015-03-30 05:08 - 2009-07-14 09:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-30 05:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-03-30 05:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-30 05:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-30 05:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-03-30 05:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-30 05:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-30 05:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-30 05:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-30 04:29 - 2013-10-31 23:55 - 00771372 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-30 00:14 - 2013-11-01 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-29 19:04 - 2013-06-03 18:56 - 00000000 ____D () C:\Users\Dell
2015-03-29 18:53 - 2013-11-07 04:03 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\IMVU
2015-03-29 08:12 - 2013-06-07 19:10 - 00001828 _____ () C:\Windows\Sandboxie.ini
2015-03-29 04:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-03-23 21:52 - 2015-02-08 03:10 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\IDM
2015-03-22 14:02 - 2015-02-08 00:58 - 00000000 ____D () C:\ProgramData\{b334f003-fa1a-e573-b334-4f003fa1c00f}
2015-03-21 22:51 - 2014-07-11 01:00 - 00000000 ____D () C:\Users\Dell\AppData\Local\Adobe
2015-03-21 01:08 - 2013-12-04 20:41 - 00000000 ____D () C:\Users\Dell\AppData\Local\SingularityViewer64
2015-03-19 21:27 - 2015-02-22 20:58 - 00000000 ____D () C:\Program Files (x86)\Urban Dictionary Search
2015-03-19 21:01 - 2015-02-08 03:09 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-03-15 15:34 - 2013-09-29 08:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-15 15:24 - 2013-09-29 08:51 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-15 15:19 - 2014-02-25 07:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-15 14:50 - 2013-06-03 20:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 14:49 - 2013-06-03 20:29 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 17:48 - 2013-06-04 14:09 - 122905856 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 10:07 - 2013-06-29 06:58 - 00000000 ____D () C:\Users\Dell\AppData\Roaming\DMCache
2015-03-03 15:17 - 2013-06-03 20:31 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-06-05 17:39 - 2013-06-05 17:39 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-06-05 05:10 - 2015-02-21 05:17 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-10-02 12:01 - 2013-10-02 12:01 - 0000132 _____ () C:\Users\Dell\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-03-29 17:18 - 2015-03-29 17:18 - 0000020 _____ () C:\Users\Dell\AppData\Roaming\appdataFr3.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-30 08:52

==================== End Of Log ============================



#13 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 08:46 AM

and can you suggest for me a good antivirus that dose't slow the computer perfomance . :rolleyes: :blush: and which windows system is better and not heavy on my computer   7 or 8   ,so i can play graphic games :horse:


Edited by kittenme, 30 March 2015 - 10:03 AM.


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:35 AM

Posted 30 March 2015 - 11:58 AM

and can you suggest for me a good antivirus that dose't slow the computer perfomance . :rolleyes: :blush: and which windows system is better and not heavy on my computer   7 or 8   ,so i can play graphic games :horse:


Will do! :)

Step 1

logoMcShield.png Scan with McSield

Please download McShield by dr_bora and save it to your Desktop.

  • Install it on your machine.
  • It will initially run a scan and show the result as a toaster by the system clock.
  • Start the Control Centre by clicking on the logoMcShield.png icon in your system tray.
  • Go to the Scanner tab and tick unhide items on flash drives.
  • Each time you'll plug in the drive McShield will start a scan.
  • A logfile of this scan may be found in the Logs tab of the main screen.

If anything will be found, include that logfile in your reply. Otherwise no need to.


Connect your flashdrive with the computer and run ESET. Make sure that under "current scan targets" every drive letter (esp. your flashdrive) is checked.



Step 2


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 kittenme

kittenme
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Egypt
  • Local time:11:35 AM

Posted 30 March 2015 - 04:00 PM

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.23.1 / Windows 7 <<<


3/30/2015 10:41:50 PM > Drive C: - scan started (no label ~146 GB, NTFS HDD )...



=> The drive is clean.


3/30/2015 10:41:51 PM > Drive D: - scan started (no label ~319 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.23.1 / Windows 7 <<<


3/30/2015 10:53:36 PM > Drive F: - scan started (KINGSTON ~15190 MB, FAT32 flash drive )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2015.3.23.1 / Windows 7 <<<


3/30/2015 10:54:01 PM > Drive F: - scan started (KINGSTON ~15190 MB, FAT32 flash drive )...



=> The drive is clean.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users