Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

boot.malmo virus not removed by kaspersky rescue disk

Started by Rahma_Mohamed , Jul 15 2015 02:06 PM

  • Please log in to reply
8 replies to this topic

#1 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 15 July 2015 - 02:06 PM

my kaspersky internet security detects virus.boot.malmo but can't remove it . so, I used kaspersky rescue disk but it didn't detect this virus !!



the laptop gradually becomes very slow and all the processes take much time . the programs freeze alot :(


    Advertisements

Register to Remove

#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 16 July 2015 - 01:01 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 

#3 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 17 July 2015 - 12:39 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by h (administrator) on H-PC on 17-07-2015 20:29:18
Running from C:\Users\h\Desktop
Loaded Profiles: h (Available Profiles: h)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(AVAST Software) C:\Users\h\Downloads\aswmbr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-09-06] (RealNetworks, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-149214832-1409363243-1669270168-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-149214832-1409363243-1669270168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06CEAC88-A554-4ECB-AEF8-E65B9F877CF2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A3D197B-396F-4708-B495-06194C6CBDA8}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-13] ()
FF Plugin: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-13] ()
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-13] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\user.js [2015-05-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\searchplugins\youtube.xml [2015-05-26]
FF Extension: YouTube Unblocker - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\youtubeunblocker@unblocker.yt [2015-05-28]
FF Extension: Flash and Video Download - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-28]
FF Extension: AdBlock for Facebook - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-05-16]
FF Extension: Adblock Plus - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-06]
FF HKLM\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-13]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-13]
FF HKLM\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-13]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\h\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\h\AppData\Roaming\IDM\idmmzcc5 [2015-07-17]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\h\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\h\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-14]
CHR Extension: (AdBlock) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (IDM Integration Module) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKU\S-1-5-21-149214832-1409363243-1669270168-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.goog...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [36928 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [119816 2014-12-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36536 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [673976 2015-03-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44992 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [64200 2014-12-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [146240 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\h\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\h\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 20:29 - 2015-07-17 20:31 - 00017923 _____ C:\Users\h\Desktop\FRST.txt
2015-07-17 20:17 - 2015-07-17 20:17 - 05200384 _____ (AVAST Software) C:\Users\h\Downloads\aswmbr.exe
2015-07-17 19:57 - 2015-07-17 19:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7FC63AD3.sys
2015-07-16 17:39 - 2015-07-17 20:30 - 00000000 ___DC C:\FRST
2015-07-16 17:38 - 2015-07-16 17:38 - 01636864 _____ (Farbar) C:\Users\h\Desktop\FRST.exe
2015-07-16 11:44 - 2015-07-17 19:56 - 00000448 _____ C:\Windows\setupact.log
2015-07-16 11:44 - 2015-07-16 11:44 - 00000000 _____ C:\Windows\setuperr.log
2015-07-16 06:48 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-16 06:48 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-16 06:48 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-16 06:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-16 06:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-16 06:48 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-16 06:48 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-16 06:47 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-16 06:47 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-16 06:47 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-16 06:47 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-16 06:47 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-16 06:47 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-16 06:47 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-16 06:47 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-16 06:47 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-16 06:47 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-16 06:47 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-16 06:47 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-16 06:47 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-16 06:47 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 06:47 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-16 06:47 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-16 06:47 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-16 06:47 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-16 06:47 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-16 06:47 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-16 06:47 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-16 06:47 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-16 06:47 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-16 06:46 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-16 06:46 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-16 06:25 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-16 06:25 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-16 06:25 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-16 06:25 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-16 06:25 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-16 06:25 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-16 06:25 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-16 06:25 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-16 06:25 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 06:25 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 06:25 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 06:25 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 06:24 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-16 06:24 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-16 06:24 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 06:24 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-16 06:24 - 2015-06-11 19:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-16 06:24 - 2015-06-11 19:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-16 06:24 - 2015-06-11 19:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-16 06:20 - 2015-07-09 19:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 06:20 - 2015-07-09 19:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 06:20 - 2015-07-09 19:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 06:20 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 06:20 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-16 06:15 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-16 06:15 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-16 06:15 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-16 06:15 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-16 06:05 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-16 06:02 - 2015-07-03 19:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-16 06:02 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-16 06:02 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 06:02 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-16 06:02 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 17:25 - 2015-07-15 23:16 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-07-14 03:49 - 2010-08-19 19:22 - 00409600 _____ (Kaspersky Lab ZAO) C:\Users\h\Documents\rescue2usb.exe
2015-07-14 03:49 - 2010-08-16 17:02 - 00019181 ____R C:\Users\h\Documents\license_notice.txt
2015-07-14 03:49 - 2010-06-22 13:39 - 00000237 _____ C:\Users\h\Documents\syslinux.cfg
2015-07-14 03:49 - 2010-04-01 11:01 - 00028160 _____ C:\Users\h\Documents\syslinux.exe
2015-07-14 03:49 - 2009-10-16 16:43 - 00237849 _____ C:\Users\h\Documents\grub.exe
2015-07-14 03:47 - 2015-07-14 03:47 - 00387584 _____ C:\Users\h\Desktop\rescue2usb.exe
2015-07-10 15:37 - 2015-07-17 19:58 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 15:36 - 2015-07-10 15:36 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-10 15:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-10 15:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-10 15:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-09 23:40 - 2015-07-09 23:40 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-07-09 23:38 - 2015-07-09 23:39 - 00000000 ___DC C:\Program Files\Unlocker
2015-07-09 23:38 - 2015-07-09 23:39 - 00000000 ____D C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-07-09 23:36 - 2015-07-09 23:36 - 00402911 _____ C:\Users\h\Desktop\Unlocker1.9.2.exe
2015-07-09 22:07 - 2015-07-09 22:07 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-09 22:07 - 2015-07-09 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-09 22:05 - 2015-07-09 23:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-07 17:18 - 2015-07-07 17:19 - 00000000 ____D C:\ProgramData\PopCap Games
2015-07-04 18:03 - 2015-07-04 18:03 - 00000000 ____D C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-04 18:03 - 2015-07-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-03 18:17 - 2015-07-14 04:16 - 00032768 _____ C:\Windows\system32\persistent_q.db-shm
2015-07-03 18:17 - 2015-07-03 18:17 - 00000000 _____ C:\Windows\system32\persistent_q.db-wal
2015-06-20 17:56 - 2015-06-20 17:57 - 00000000 ____D C:\Users\h\AppData\Local\Microsoft Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-17 20:32 - 2014-09-07 02:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 20:31 - 2014-09-07 04:02 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-17 20:26 - 2015-01-13 19:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-17 20:26 - 2014-09-05 20:22 - 01837847 _____ C:\Windows\WindowsUpdate.log
2015-07-17 20:12 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:12 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 20:08 - 2014-09-06 19:58 - 00080384 _____ C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-17 19:57 - 2015-04-03 13:09 - 00000974 _____ C:\Windows\Tasks\yhkA2kQgb.job
2015-07-17 19:57 - 2015-04-03 01:06 - 00000990 _____ C:\Windows\Tasks\zpJLUzFXa6dx5sV5Z.job
2015-07-17 19:57 - 2014-09-07 04:02 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 19:57 - 2014-09-06 01:01 - 00000338 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-07-17 19:56 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 02:58 - 2014-09-07 22:04 - 00000000 ____D C:\Users\h\AppData\Roaming\DMCache
2015-07-17 01:55 - 2014-09-07 22:04 - 00000000 ____D C:\Users\h\AppData\Roaming\IDM
2015-07-17 00:02 - 2015-04-04 20:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 23:35 - 2014-09-06 09:16 - 00000000 ____D C:\Users\h\AppData\Roaming\Media Player Classic
2015-07-16 23:23 - 2009-07-14 06:33 - 00435624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 21:38 - 2014-09-08 15:19 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 21:26 - 2014-10-13 20:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 21:25 - 2014-10-13 20:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-16 17:28 - 2014-09-07 22:03 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-07-16 14:02 - 2015-04-16 12:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 14:02 - 2015-04-16 12:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 13:50 - 2009-07-14 04:04 - 00000580 _____ C:\Windows\win.ini
2015-07-15 14:46 - 2015-05-16 23:20 - 00000000 ____D C:\Users\h\Desktop\صور رحمة
2015-07-15 05:34 - 2014-09-07 02:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 05:34 - 2014-09-07 02:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 22:31 - 2014-09-07 04:04 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-10 16:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-10 02:35 - 2014-10-13 18:44 - 00000000 ____D C:\Users\h\AppData\Local\Adobe
2015-07-09 23:50 - 2014-10-15 06:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-09 22:17 - 2015-03-15 03:27 - 00000000 ___DC C:\Program Files\CCleaner
2015-07-08 04:45 - 2015-01-23 22:32 - 00000000 ____D C:\Windows\Minidump
2015-07-08 02:10 - 2014-09-05 20:33 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 00:40 - 2015-05-13 16:31 - 00000000 ____D C:\Windows\system32\%Data%
2015-07-06 04:43 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-04 18:03 - 2014-10-06 12:46 - 00000979 _____ C:\Users\h\Desktop\Internet Download Manager.lnk
2015-07-03 08:49 - 2009-10-14 11:57 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-30 20:49 - 2014-11-28 10:53 - 00000432 ____H C:\Windows\Tasks\Norton Security Scan for h.job
2015-06-29 03:40 - 2015-01-13 19:18 - 00002276 _____ C:\Users\h\Desktop\Safe Money.lnk
2015-06-23 13:27 - 2009-10-14 11:58 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-21 08:37 - 2014-12-04 13:26 - 00000000 __SHD C:\Users\h\AppData\Local\EmieBrowserModeList
2015-06-21 08:37 - 2014-10-12 00:43 - 00000000 __SHD C:\Users\h\AppData\Local\EmieUserList
2015-06-21 08:37 - 2014-10-12 00:43 - 00000000 __SHD C:\Users\h\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2015-01-02 17:37 - 2015-01-02 17:37 - 0033193 _____ () C:\Users\h\AppData\Roaming\UserTile.png
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\h\AppData\Roaming\yhkA2kQgb
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z
2014-09-06 19:58 - 2015-07-17 20:08 - 0080384 _____ () C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-15 03:07 - 2015-03-15 03:07 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 


#4 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 17 July 2015 - 12:40 PM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by h at 2015-07-17 20:32:42
Running from C:\Users\h\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-149214832-1409363243-1669270168-500 - Administrator - Disabled)
Guest (S-1-5-21-149214832-1409363243-1669270168-501 - Limited - Disabled)
h (S-1-5-21-149214832-1409363243-1669270168-1000 - Administrator - Enabled) => C:\Users\h
HomeGroupUser$ (S-1-5-21-149214832-1409363243-1669270168-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
EaseUS Partition Master 10.2 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Human Anatomy Atlas 3.0.1 (HKLM\...\Human Anatomy Atlas 3.0.1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 6.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.8.0 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skeleton Premium 2.0.0 (HKLM\...\Skeleton Premium 2.0.0) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Uninstall 6.13.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.13.0 - Gavrila Martau)
UltraISO Premium V9.35 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version:  - Microsoft)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03140862-234C-49CA-91AA-022CFECC746C} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: {1C92D7EC-0E0D-4CDE-9ABF-277CD30DABD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2B2E33E1-CF4D-4602-9D39-E96C03ACBC0F} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3259D817-368A-42CB-8379-E0EFC4074D88} - System32\Tasks\RNUpgradeHelperResumePrompt_h => C:\Users\h\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-09] (RealNetworks, Inc.)
Task: {3D9A897B-CB62-4717-BCB4-0BEAFA37ED4C} - System32\Tasks\RNUpgradeHelperLogonPrompt_h => C:\Users\h\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-09] (RealNetworks, Inc.)
Task: {3F116919-C640-462D-80BA-9C6707417B06} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {54D3F6ED-8CD6-41BC-B812-355A3C3704C8} - System32\Tasks\ReclaimerUpdateFiles_h => C:\Users\h\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-09] (RealNetworks, Inc.)
Task: {551B6454-06CC-433C-A57F-DF27444CF7F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {6ED5AFAC-FC86-460E-943E-6BC11E380CE2} - System32\Tasks\zpJLUzFXa6dx5sV5Z => C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z.exe <==== ATTENTION
Task: {766C4F62-FF1A-4AC0-B20C-AB68CBB072E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7BE67203-4567-4184-A0C6-6416FF32E714} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-13] ()
Task: {8B279AA3-76F3-4741-B93B-A7AD4C3A16D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8FC58F0B-DC01-4033-B623-18ED9EFD0466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {99432F96-394E-4144-AD7B-9F8BCD7B6E13} - System32\Tasks\yhkA2kQgb => C:\Users\h\AppData\Roaming\yhkA2kQgb.exe <==== ATTENTION
Task: {9BFBEF11-C689-4C54-BBCF-3B916AB13810} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {A3462087-6564-4A9C-8941-834F3317E868} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {ABF6EEBA-DD40-4F04-99CF-9CE315C64A04} - System32\Tasks\Norton Security Scan for h => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {CD17D5D6-83FA-48B8-A955-9CD34F74D4B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {D4C5308D-DBA3-4735-8F91-116D284453BF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-149214832-1409363243-1669270168-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {EC3A1F31-F328-4E11-B5E7-28A86314F58C} - System32\Tasks\ReclaimerUpdateXML_h => C:\Users\h\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-09] (RealNetworks, Inc.)
Task: {F1D1BE45-1CEB-4705-AF3A-2CA1A2771EE9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-149214832-1409363243-1669270168-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F7EDE90B-0605-4468-9CAE-BB05FB849D1C} - \Update Service YourFileDownloader No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for h.job => 0x0106010044BDCD1513CF8547AFF7A5AA9BEB4EF946007E0100000000D0020100200000000074B7010000000000130400D0228021DF07060002001E0011001C0033004B0200002D0043003A005C00500052004F004700520041007E0031005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400310030007E0031002E00320038005C004E00730073002E00650078006500000017002F007300630061006E002D0071007500690063006B0020002F007300630068006500640075006C00650064000000360043003A005C00500072006F006700720061006D002000460069006C00650073005C004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E005C0045006E00670069006E0065005C0034002E0031002E0030002E0032003800000002006800000015004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E000000000008000000000000000000010030000000DE070B001C00000000000000110003000000000000000000000000000200000001007F000000000000000000
Task: C:\Windows\Tasks\yhkA2kQgb.job => C:\Users\h\AppData\Roaming\yhkA2kQgb.exe <==== ATTENTION
Task: C:\Windows\Tasks\zpJLUzFXa6dx5sV5Z.job => C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============
 


#5 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 17 July 2015 - 01:30 PM

aswMBR.txt

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-17 20:39:00
-----------------------------
20:39:00.856    OS Version: Windows 6.1.7601 Service Pack 1
20:39:00.856    Number of processors: 2 586 0xF0D
20:39:00.864    ComputerName: H-PC  UserName: h
20:40:20.415    Initialize success
20:40:21.605    VM: initialized successfully
20:40:21.607    VM: Intel CPU BiosDisabled
20:41:07.179    AVAST engine defs: 15071700
20:41:43.310    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:41:43.313    Disk 0 Vendor: ST320LT007-9ZV142 0005HPM1 Size: 305245MB BusType: 11
20:41:44.403    Disk 0 MBR read successfully
20:41:44.406    Disk 0 MBR scan
20:41:44.499    Disk 0 Windows 7 default MBR code
20:41:44.716    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
20:41:44.746    Disk 0 Boot: NTFS     code=2
20:41:44.984    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        36649 MB offset 206848
20:41:45.023    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       268485 MB offset 75280584
20:41:45.140    Disk 0 scanning sectors +625139712
20:41:45.844    Disk 0 scanning C:\Windows\system32\drivers
20:42:28.009    Service scanning
20:42:39.655    Service cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys **LOCKED** 5
20:42:48.370    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
20:42:48.447    Service kldisk C:\Windows\system32\DRIVERS\kldisk.sys **LOCKED** 5
20:42:48.513    Service klflt C:\Windows\system32\DRIVERS\klflt.sys **LOCKED** 5
20:42:48.531    Service klhk C:\Windows\system32\DRIVERS\klhk.sys **LOCKED** 5
20:42:48.889    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
20:42:48.925    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
20:42:48.966    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
20:42:48.988    Service klpd C:\Windows\system32\DRIVERS\klpd.sys **LOCKED** 5
20:42:49.037    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
20:42:49.170    Service Klwtp C:\Windows\system32\DRIVERS\klwtp.sys **LOCKED** 5
20:42:49.256    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
20:43:12.352    Modules scanning
20:43:12.354    Disk 0 trace - called modules:
20:43:12.368    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:43:12.369    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c5030]
20:43:12.369    3 CLASSPNP.SYS[8997a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x861ac030]
20:43:16.605    AVAST engine scan C:\Windows
20:43:21.057    AVAST engine scan C:\Windows\system32
20:57:01.203    AVAST engine scan C:\Windows\system32\drivers
20:57:32.169    AVAST engine scan C:\Users\h
21:00:51.350    File: C:\Users\h\Desktop\FRST.exe  **INFECTED** Win32:Dropper-gen [Drp]
21:00:58.948    AVAST engine scan C:\ProgramData
21:02:41.767    Disk 0 statistics 2542198/0/0 @ 1.86 MB/s
21:02:41.783    Scan finished successfully
21:26:17.345    Disk 0 MBR has been saved successfully to "C:\Users\h\Desktop\MBR.dat"
21:26:17.361    The log file has been saved successfully to "C:\Users\h\Desktop\aswMBR.txt"

By the way, the windows crushed when I was scanning using the 2 files :\


#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 July 2015 - 07:34 AM

Please reboot into safe mode and rescan with FRST (create a new addition.txt as well).

when finished, post both logs (because one of them is incomplete)


Proud Member of UNITE & TB
 

#7 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 22 July 2015 - 03:52 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015 (ATTENTION: ====> FRSTversion is 10 days old and could be outdated)
Ran by h (administrator) on H-PC on 22-07-2015 23:31:58
Running from C:\Users\h\Desktop
Loaded Profiles: h (Available Profiles: h)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-09-06] (RealNetworks, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-149214832-1409363243-1669270168-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-149214832-1409363243-1669270168-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-149214832-1409363243-1669270168-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06CEAC88-A554-4ECB-AEF8-E65B9F877CF2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A3D197B-396F-4708-B495-06194C6CBDA8}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-13] ()
FF Plugin: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-13] ()
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-13] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-06] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-06] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\user.js [2015-05-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\searchplugins\youtube.xml [2015-05-26]
FF Extension: YouTube Unblocker - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\youtubeunblocker@unblocker.yt [2015-05-28]
FF Extension: Flash and Video Download - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-06-28]
FF Extension: AdBlock for Facebook - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\jid1-dwtGBwQjx3SUQc@jetpack.xpi [2015-05-16]
FF Extension: Adblock Plus - C:\Users\h\AppData\Roaming\Mozilla\Firefox\Profiles\7pyor1ib.default-1431647785576\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-06]
FF HKLM\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-13]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-13]
FF HKLM\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-13]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\h\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\h\AppData\Roaming\IDM\idmmzcc5 [2015-07-22]
FF HKU\S-1-5-21-149214832-1409363243-1669270168-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\h\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\h\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-14]
CHR Extension: (AdBlock) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (IDM Integration Module) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\h\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-07]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKU\S-1-5-21-149214832-1409363243-1669270168-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.goog...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP15.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10208 2014-11-18] ()
S1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [36928 2014-07-02] (Kaspersky Lab ZAO)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [119816 2014-12-03] (Kaspersky Lab ZAO)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [36536 2014-08-12] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [673976 2015-03-12] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44992 2014-06-05] (Kaspersky Lab ZAO)
S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [64200 2014-12-03] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [146240 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 23:31 - 2015-07-22 23:32 - 00016020 _____ C:\Users\h\Desktop\FRST.txt
2015-07-22 00:56 - 2015-07-22 22:18 - 00000336 _____ C:\Windows\setupact.log
2015-07-22 00:56 - 2015-07-22 00:56 - 00000000 _____ C:\Windows\setuperr.log
2015-07-21 01:06 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 01:06 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 01:06 - 2015-07-15 04:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 01:06 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 01:06 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-17 20:17 - 2015-07-17 20:17 - 05200384 _____ (AVAST Software) C:\Users\h\Downloads\aswmbr.exe
2015-07-17 19:57 - 2015-07-17 19:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7FC63AD3.sys
2015-07-16 17:39 - 2015-07-22 23:32 - 00000000 ___DC C:\FRST
2015-07-16 17:38 - 2015-07-16 17:38 - 01636864 _____ (Farbar) C:\Users\h\Desktop\FRST.exe
2015-07-16 06:48 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-16 06:48 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-16 06:48 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-16 06:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-16 06:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-16 06:48 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-16 06:48 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-16 06:47 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-16 06:47 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-16 06:47 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-16 06:47 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-16 06:47 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-16 06:47 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-16 06:47 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-16 06:47 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-16 06:47 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-16 06:47 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-16 06:47 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-16 06:47 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-16 06:47 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-16 06:47 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-16 06:47 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-16 06:47 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-16 06:47 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-16 06:47 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-16 06:47 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-16 06:47 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-16 06:47 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-16 06:47 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-16 06:47 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-16 06:46 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-16 06:46 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-16 06:25 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-16 06:25 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-16 06:25 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-16 06:25 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-16 06:25 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-16 06:25 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-16 06:25 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-16 06:25 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-16 06:25 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-16 06:25 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 06:25 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 06:25 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 06:25 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 06:24 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-16 06:24 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-16 06:24 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-16 06:24 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 06:24 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-16 06:24 - 2015-06-11 19:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-16 06:24 - 2015-06-11 19:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-16 06:24 - 2015-06-11 19:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-16 06:20 - 2015-07-09 19:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 06:20 - 2015-07-09 19:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 06:20 - 2015-07-09 19:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 06:20 - 2015-07-09 19:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 06:20 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 06:20 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-16 06:15 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-16 06:15 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-16 06:15 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-16 06:15 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-16 06:15 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-16 06:15 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-16 06:05 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 17:25 - 2015-07-15 23:16 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-07-14 03:49 - 2010-08-19 19:22 - 00409600 _____ (Kaspersky Lab ZAO) C:\Users\h\Documents\rescue2usb.exe
2015-07-14 03:49 - 2010-08-16 17:02 - 00019181 ____R C:\Users\h\Documents\license_notice.txt
2015-07-14 03:49 - 2010-06-22 13:39 - 00000237 _____ C:\Users\h\Documents\syslinux.cfg
2015-07-14 03:49 - 2010-04-01 11:01 - 00028160 _____ C:\Users\h\Documents\syslinux.exe
2015-07-14 03:49 - 2009-10-16 16:43 - 00237849 _____ C:\Users\h\Documents\grub.exe
2015-07-14 03:47 - 2015-07-14 03:47 - 00387584 _____ C:\Users\h\Desktop\rescue2usb.exe
2015-07-10 15:37 - 2015-07-22 22:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 15:36 - 2015-07-10 15:36 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 15:36 - 2015-07-10 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-10 15:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-10 15:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-10 15:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-09 23:40 - 2015-07-09 23:40 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-07-09 23:38 - 2015-07-09 23:39 - 00000000 ___DC C:\Program Files\Unlocker
2015-07-09 23:38 - 2015-07-09 23:39 - 00000000 ____D C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-07-09 23:36 - 2015-07-09 23:36 - 00402911 _____ C:\Users\h\Desktop\Unlocker1.9.2.exe
2015-07-09 22:07 - 2015-07-09 22:07 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-09 22:07 - 2015-07-09 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-09 22:05 - 2015-07-09 23:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-07 17:18 - 2015-07-07 17:19 - 00000000 ____D C:\ProgramData\PopCap Games
2015-07-04 18:03 - 2015-07-04 18:03 - 00000000 ____D C:\Users\h\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-04 18:03 - 2015-07-04 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-03 18:17 - 2015-07-14 04:16 - 00032768 _____ C:\Windows\system32\persistent_q.db-shm
2015-07-03 18:17 - 2015-07-03 18:17 - 00000000 _____ C:\Windows\system32\persistent_q.db-wal

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 23:29 - 2015-04-15 18:47 - 00000000 ____D C:\Windows\pss
2015-07-22 23:29 - 2014-09-07 22:04 - 00000000 ____D C:\Users\h\AppData\Roaming\DMCache
2015-07-22 23:29 - 2014-09-05 20:22 - 01665949 _____ C:\Windows\WindowsUpdate.log
2015-07-22 22:34 - 2014-09-06 19:58 - 00096256 _____ C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-22 22:32 - 2014-09-07 02:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 22:31 - 2014-09-07 04:02 - 00000830 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 22:30 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 22:30 - 2009-07-14 06:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 22:19 - 2015-01-13 19:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-22 22:18 - 2015-04-03 13:09 - 00000974 _____ C:\Windows\Tasks\yhkA2kQgb.job
2015-07-22 22:18 - 2015-04-03 01:06 - 00000990 _____ C:\Windows\Tasks\zpJLUzFXa6dx5sV5Z.job
2015-07-22 22:18 - 2014-09-07 04:02 - 00000826 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 22:18 - 2014-09-06 01:01 - 00000338 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-07-22 22:18 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 04:25 - 2014-09-07 22:04 - 00000000 ____D C:\Users\h\AppData\Roaming\IDM
2015-07-22 01:04 - 2014-09-06 09:16 - 00000000 ____D C:\Users\h\AppData\Roaming\Media Player Classic
2015-07-21 09:02 - 2009-07-14 06:33 - 00435624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 21:43 - 2014-10-13 20:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 00:02 - 2015-04-04 20:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-16 21:38 - 2014-09-08 15:19 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 21:25 - 2014-10-13 20:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-16 17:28 - 2014-09-07 22:03 - 00000000 ____D C:\Program Files\Internet Download Manager
2015-07-16 14:02 - 2015-04-16 12:10 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-16 14:02 - 2015-04-16 12:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 13:50 - 2009-07-14 04:04 - 00000580 _____ C:\Windows\win.ini
2015-07-15 14:46 - 2015-05-16 23:20 - 00000000 ____D C:\Users\h\Desktop\صور رحمة
2015-07-15 05:34 - 2014-09-07 02:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 05:34 - 2014-09-07 02:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-14 22:31 - 2014-09-07 04:04 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-10 16:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-10 02:35 - 2014-10-13 18:44 - 00000000 ____D C:\Users\h\AppData\Local\Adobe
2015-07-09 23:50 - 2014-10-15 06:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-09 22:17 - 2015-03-15 03:27 - 00000000 ___DC C:\Program Files\CCleaner
2015-07-08 04:45 - 2015-01-23 22:32 - 00000000 ____D C:\Windows\Minidump
2015-07-08 02:10 - 2014-09-05 20:33 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 00:40 - 2015-05-13 16:31 - 00000000 ____D C:\Windows\system32\%Data%
2015-07-06 04:43 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-04 18:03 - 2014-10-06 12:46 - 00000979 _____ C:\Users\h\Desktop\Internet Download Manager.lnk
2015-07-03 08:49 - 2009-10-14 11:57 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-30 20:49 - 2014-11-28 10:53 - 00000432 ____H C:\Windows\Tasks\Norton Security Scan for h.job
2015-06-29 03:40 - 2015-01-13 19:18 - 00002276 _____ C:\Users\h\Desktop\Safe Money.lnk
2015-06-23 13:27 - 2009-10-14 11:58 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-01-02 17:37 - 2015-01-02 17:37 - 0033193 _____ () C:\Users\h\AppData\Roaming\UserTile.png
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\h\AppData\Roaming\yhkA2kQgb
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z
2014-09-06 19:58 - 2015-07-22 22:34 - 0096256 _____ () C:\Users\h\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-15 03:07 - 2015-03-15 03:07 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 22:14

==================== End of log ============================


#8 Rahma_Mohamed

Rahma_Mohamed

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 22 July 2015 - 03:54 PM

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by h at 2015-07-22 23:32:49
Running from C:\Users\h\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-149214832-1409363243-1669270168-500 - Administrator - Disabled)
Guest (S-1-5-21-149214832-1409363243-1669270168-501 - Limited - Disabled)
h (S-1-5-21-149214832-1409363243-1669270168-1000 - Administrator - Enabled) => C:\Users\h
HomeGroupUser$ (S-1-5-21-149214832-1409363243-1669270168-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
EaseUS Partition Master 10.2 (HKLM\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Human Anatomy Atlas 3.0.1 (HKLM\...\Human Anatomy Atlas 3.0.1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Kaspersky Internet Security (HKLM\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 6.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.8.0 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skeleton Premium 2.0.0 (HKLM\...\Skeleton Premium 2.0.0) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Uninstall 6.13.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.13.0 - Gavrila Martau)
UltraISO Premium V9.35 (HKLM\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BBF212C-5BD8-4C8A-B65F-91342D904ED8}) (Version:  - Microsoft)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03140862-234C-49CA-91AA-022CFECC746C} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: {1C92D7EC-0E0D-4CDE-9ABF-277CD30DABD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2B2E33E1-CF4D-4602-9D39-E96C03ACBC0F} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {2E128880-09C0-44B2-8FEC-71453D18FCD7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-13] ()
Task: {3F116919-C640-462D-80BA-9C6707417B06} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {551B6454-06CC-433C-A57F-DF27444CF7F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {6ED5AFAC-FC86-460E-943E-6BC11E380CE2} - System32\Tasks\zpJLUzFXa6dx5sV5Z => C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z.exe <==== ATTENTION
Task: {766C4F62-FF1A-4AC0-B20C-AB68CBB072E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8B279AA3-76F3-4741-B93B-A7AD4C3A16D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8FC58F0B-DC01-4033-B623-18ED9EFD0466} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {99432F96-394E-4144-AD7B-9F8BCD7B6E13} - System32\Tasks\yhkA2kQgb => C:\Users\h\AppData\Roaming\yhkA2kQgb.exe <==== ATTENTION
Task: {9BFBEF11-C689-4C54-BBCF-3B916AB13810} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-07] (Google Inc.)
Task: {A3462087-6564-4A9C-8941-834F3317E868} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {ABF6EEBA-DD40-4F04-99CF-9CE315C64A04} - System32\Tasks\Norton Security Scan for h => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {CD17D5D6-83FA-48B8-A955-9CD34F74D4B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {D4C5308D-DBA3-4735-8F91-116D284453BF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-149214832-1409363243-1669270168-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F1D1BE45-1CEB-4705-AF3A-2CA1A2771EE9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-149214832-1409363243-1669270168-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F7EDE90B-0605-4468-9CAE-BB05FB849D1C} - \Update Service YourFileDownloader No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for h.job => 0x0106010044BDCD1513CF8547AFF7A5AA9BEB4EF946007E0100000000D0020100200000000074B7010000000000130400D0228021DF07060002001E0011001C0033004B0200002D0043003A005C00500052004F004700520041007E0031005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400310030007E0031002E00320038005C004E00730073002E00650078006500000017002F007300630061006E002D0071007500690063006B0020002F007300630068006500640075006C00650064000000360043003A005C00500072006F006700720061006D002000460069006C00650073005C004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E005C0045006E00670069006E0065005C0034002E0031002E0030002E0032003800000002006800000015004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E000000000008000000000000000000010030000000DE070B001C00000000000000110003000000000000000000000000000200000001007F000000000000000000
Task: C:\Windows\Tasks\yhkA2kQgb.job => C:\Users\h\AppData\Roaming\yhkA2kQgb.exe <==== ATTENTION
Task: C:\Windows\Tasks\zpJLUzFXa6dx5sV5Z.job => C:\Users\h\AppData\Roaming\zpJLUzFXa6dx5sV5Z.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2150E7D5

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-149214832-1409363243-1669270168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\h\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: EaseUS EPM tray => D:\EaseUS Partition Master 10.2\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "D:\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E50211C7-15EC-4FDA-A5BE-5A134B8A4D9F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8E6C62C7-5C57-4C16-BF53-84BD696D2A26}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D745A0DA-D2D8-4BEA-9FC3-DB5D59EECC98}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3E38BBCF-022F-45D6-B70F-CEC8B4B7B352}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{30C04E51-AA42-41DF-BC97-B8CEEED539AB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{92607229-081E-49B1-A8AD-7DA309146002}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{287A500C-E2B6-4C1C-8AED-7B97AAC45E58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CBDB5754-8D21-4740-8ED3-BBD60F42B849}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6990C1FD-6F63-4F89-9656-BCB7BBB13928}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6754E510-1182-403B-B104-AFFD75414457}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BC6E2787-0748-4638-9BD5-BCCF124134A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{86FA1B15-A4AD-485B-A0DF-640EC0390093}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C804FB0-58EC-4FE1-9EE5-3F2B397EC836}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F906EE9C-65BA-42FF-9D1C-A3E2CC4152BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 12:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ffmpeg.dll, version: 0.0.0.0, time stamp: 0x4d2e3732
Exception code: 0xc0000005
Fault offset: 0x0013bdb2
Faulting process id: 0x628
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/21/2015 01:43:03 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (992) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 98304 (0x00018000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/21/2015 10:56:03 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1032) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 98304 (0x00018000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.


System errors:
=============
Error: (07/22/2015 11:32:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/22/2015 11:31:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office:
=========================
Error: (07/22/2015 12:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ffmpeg.dll0.0.0.04d2e3732c00000050013bdb262801d0c4630e43f0cfC:\Windows\Explorer.EXEC:\Program Files\K-Lite Codec Pack\ffdshow\ffmpeg.dllf6cae3c5-3058-11e5-a4b0-001d09d64575

Error: (07/21/2015 01:43:03 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll992SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb0 (0x0000000000000000)98304 (0x00018000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (07/21/2015 10:56:03 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll1032SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb0 (0x0000000000000000)98304 (0x00018000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2015 10:50:16 PM) (Source: MsiInstaller) (EventID: 11711) (User: h-PC)
Description: Product: Adobe Reader XI (11.0.12) -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2015-03-15 20:08:40.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 20:08:40.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 2037.97 MB
Available physical RAM: 1335.02 MB
Total Virtual: 4075.94 MB
Available Virtual: 3401.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:35.79 GB) (Free:0.59 GB) NTFS
Drive d: () (Fixed) (Total:262.19 GB) (Free:28.87 GB) NTFS
Drive e: (rahma) (CDROM) (Total:3.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9159553B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=262.2 GB) - (Type=07 NTFS)

==================== End of log ============================


#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 23 July 2015 - 12:04 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·