Inactive Possible infection

[malis2007]

OTL LOG :

All processes killed
========== OTL ==========
Service trufos stopped successfully!
Service trufos deleted successfully!
C:\Windows\SysNative\drivers\trufos.sys moved successfully.
HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
File C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npqscan.dll not found.
C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\js folder moved successfully.
C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\images folder moved successfully.
C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\css folder moved successfully.
C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-131767206-1543947898-356316412-1022\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
File Protocol\Handler\gopher - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Administrator\AppData\Roaming\Bitdefender\Desktop\Profiles\Logs folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Bitdefender\Desktop\Profiles\LGKC folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Bitdefender\Desktop\Profiles folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Bitdefender\Desktop folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Bitdefender folder moved successfully.
ADS C:\ProgramData\Temp:981884E7 deleted successfully.
ADS C:\ProgramData\Temp:52DBE86F deleted successfully.
ADS C:\ProgramData\Temp:029E021F deleted successfully.
ADS C:\ProgramData\Temp20FFA63 deleted successfully.
ADS C:\ProgramData\Temp:3E7393FC deleted successfully.
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ali
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 56877973 bytes
->Java cache emptied: 57647 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 364540399 bytes
->Apple Safari cache emptied: 171150336 bytes
->Flash cache emptied: 570 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: S34N
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73651066 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1121561338 bytes

Total Files Cleaned = 1,705.00 mb


[EMPTYJAVA]

User: Administrator

User: ali
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: S34N

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: ali
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: S34N

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06242013_134436

Files\Folders moved on Reboot...
C:\Users\ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[malis2007]

CheckUp.txt log :

Results of screen317's Security Check version 0.99.67
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 6.0
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.7009)
Visual Studio Extensions for Windows Library for JavaScript
JavaScript Tooling
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

[malis2007]

FSS.txt log :

Farbar Service Scanner Version: 16-06-2013
Ran by ali (administrator) on 24-06-2013 at 14:07:08
Running from "C:\Users\ali\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-13 02:09] - [2013-05-08 08:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-13 02:03] - [2013-05-13 07:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Eset?

Also...

ESET Smart Security 6.0
Antivirus out of date!

Why?

 

[malis2007]

Hmm I dunno :/
and yea I have eset.. but.. ESET was disabled when I was doing the stuff which you told me to do
and about F-Secure Online Scanner
first.. this link is kinda wrong.. :/
second.. when I downloaded it and runned it .. there were no logs
but it found 2 wrong stuff I guess.. XD

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB) and install one of two free alternatives:

- Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[malis2007]

OTL LOG from the RUNFIX :

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ali
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66845320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 226498132 bytes
->Apple Safari cache emptied: 42920960 bytes
->Flash cache emptied: 506 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: S34N
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 321.00 mb


[EMPTYFLASH]

User: Administrator

User: ali
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: S34N

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: ali
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Public

User: S34N

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06262013_051214

Files\Folders moved on Reboot...
C:\Users\ali\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[malis2007]

Thanks alot for your help
but..
the computer still have some missing services.. like the "DNS Client" and "windows time".. etc
and by the way.. when I say missing services I mean that.. when I turn them from "Disabled" to "Manual" it says.. "The system cannot find the path specified" other than that..
every thing is fine
and the computer is a little bit faster now than before..
but.. is there anyway else to make it faster..? :/
and I see some weird logs in the "C" drive should I post them here?
just to check them up for me and tell me why they are there..? and what program made them?
and in my "D" drive.. I have some weird folders.. which have names like this "1d34917538a4673b3e63cb5b18a2" and "6351acadbf83b14964bc2458"
the "6351acadbf83b14964bc2458" folder when I open it.. it requires sys allows and when I click countine I shows up as empty.. so.. am I alowed to delete it..?
and about the "1d34917538a4673b3e63cb5b18a2" folder it has some files.. and one of them is :
$shtdwn$.req
so.. are they normal or something..?
they aren't hidden by the way.. and so is the "$RECYCLE.BIN" folder..
but in drive "C" I have the following folders.. first.. the same folder "$RECYCLE.BIN" unhidden and..
"@RestoreQuarantine" and "ASUS.DAT" and "Boot" and "Documents and Settings" but about this "Documents and Settings" it shows up as a shortcut.. :/
and I am afraid of that when I delete it.. IT WILL DELETE THE REAL "Documents and Settings" folder.. XD, like what was happening to me before.. :/
and I have afolder called "dumps" and "eSupport" and "ExpressGateUtil" and "Intel" and "JRT" and "MSOCache" and "NVIDIA" and "ProgramData" and "Recovery" and "RegBackup" and "temp" and "Users" and "Windows" and ofc.. the two program files folders.. xD
I also have the following files in the "C" drive a file named ".rnd" and "AdobeReader.log" and "bdlog.txt" and "BOOTSECT.BAK" and "bootmgr" and "bootsqm.dat" and "devlist.txt" and "FTPParam.txt" and "N53Jq.BIN" and "N53JQ_WIN7.30" and "Quarantine.lst" and "RECOVERY.DAT" and "RHDSetup.log" and "setup.log" and "shimgvw.dll" and "st330AdaptorMgr.log" and "stInstall.log" .. please tell me what to do with these :/
Thanks again

 

[Broni]

It looks like you have system files visible.

Open Windows Explorer. Go Tools>Folder Options>View tab (Windows 8 users Go View>Options>Change folder and search options>View tab), put a checkmark next to Hide protected operating system files.
Press F5 to refresh the view and let me know if any "weird" files/folders are still there.

Then we'll see about DNS service.

 

[malis2007]

Oh well.. about that..
It's already checked :/
and those files still visible..
I mean.. when I posted the prev post.. that checkbox was checked xD
and about services.. they really give me a headache.
almost all the disabled services.. when I turn them to manual or automatic.. it shows me the error which I told you about.. :/
and by the way.. when I said that the computer was a little bit faster.. it is really faster now than before..
but.. it is still taking long time to boot. :/
anyway to fix that?!
it wasn't like that before.. xD
when I checked the Startup tab.. from the "msconfig" it shows me that only 6 programs only are starting when system BOOTS and that is the lowest amount of programs which I need.. I mean that I cant make them anyhow lower.
the programs are :
ESET
internet download manger
VistaSwitcher
FileHippo.com
Skype
Dropbox
..
and about services tab with out the ms service :
ESET
AND ONLY.
and it takes up to 2 mins just to boot.
and that is sooooooooooooooooooooooooooooooooo slow.. :/
I really need your help about that ^
it wasn't like that 2 or 1 years before.. xD

 

[Broni]

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

[malis2007]

first.. I am so sorry for not posting the log yesterday..
because.. it toke alot of time.. and I ran it in night :/
then I went to sleep..
anyway.. when I woke up.. I found my dad in my laptop.. and he said why you run stuff like these?! XD
so.. I dont know if he stopped it.. or canceled it.. or exited it :/
or just restarted the pc..
if he did anything bad.. then please tell me to RE-do the steps which you said..
I am so sorry for that ^

Here is the _windows_repair_log.txt :

Running Repair Under System Account
Starting Repairs...
Start (27/06/2013 09:31:20 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (27/06/2013 09:31:20 PM)
Running Repair Under Current User Account
Done (27/06/2013 09:31:53 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (27/06/2013 09:31:53 PM)
Running Repair Under System Account
Done (27/06/2013 09:34:51 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (27/06/2013 09:34:51 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:42 PM)

Reset File Permissions 01/22
C:\@RestoreQuarantine & Sub Folders
Start (27/06/2013 09:36:42 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:44 PM)

Reset File Permissions 02/22
C:\ASUS.DAT & Sub Folders
Start (27/06/2013 09:36:44 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:47 PM)

Reset File Permissions 03/22
C:\autorun.inf & Sub Folders
Start (27/06/2013 09:36:47 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:49 PM)

Reset File Permissions 04/22
C:\Boot & Sub Folders
Start (27/06/2013 09:36:50 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:52 PM)

Reset File Permissions 05/22
C:\comment.htt & Sub Folders
Start (27/06/2013 09:36:52 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:55 PM)

Reset File Permissions 06/22
C:\Config.Msi & Sub Folders
Start (27/06/2013 09:36:55 PM)
Running Repair Under System Account
Done (27/06/2013 09:36:57 PM)

Reset File Permissions 07/22
C:\desktop.ini & Sub Folders
Start (27/06/2013 09:36:57 PM)
Running Repair Under System Account
Done (27/06/2013 09:37:00 PM)

Reset File Permissions 08/22
C:\dumps & Sub Folders
Start (27/06/2013 09:37:00 PM)
Running Repair Under System Account
Done (27/06/2013 09:37:02 PM)

Reset File Permissions 09/22
C:\eSupport & Sub Folders
Start (27/06/2013 09:37:02 PM)
Running Repair Under System Account
Done (27/06/2013 09:37:44 PM)

Reset File Permissions 10/22
C:\Evolution Games & Sub Folders
Start (27/06/2013 09:37:44 PM)
Running Repair Under System Account
Done (27/06/2013 09:38:35 PM)

Reset File Permissions 11/22
C:\ExpressGateUtil & Sub Folders
Start (27/06/2013 09:38:35 PM)
Running Repair Under System Account
Done (27/06/2013 09:38:37 PM)

Reset File Permissions 12/22
C:\Intel & Sub Folders
Start (27/06/2013 09:38:37 PM)
Running Repair Under System Account
Done (27/06/2013 09:38:40 PM)

Reset File Permissions 13/22
C:\JRT & Sub Folders
Start (27/06/2013 09:38:40 PM)
Running Repair Under System Account
Done (27/06/2013 09:38:43 PM)

Reset File Permissions 14/22
C:\MSOCache & Sub Folders
Start (27/06/2013 09:38:43 PM)
Running Repair Under System Account
Done (27/06/2013 09:38:45 PM)

Reset File Permissions 15/22
C:\NVIDIA & Sub Folders
Start (27/06/2013 09:38:45 PM)
Running Repair Under System Account
Done (27/06/2013 09:39:00 PM)

Reset File Permissions 16/22
C:\Program Files & Sub Folders
Start (27/06/2013 09:39:00 PM)
Running Repair Under System Account
Done (27/06/2013 09:40:10 PM)

Reset File Permissions 17/22
C:\Program Files (x86) & Sub Folders
Start (27/06/2013 09:40:10 PM)
Running Repair Under System Account
Done (27/06/2013 09:57:03 PM)

Reset File Permissions 18/22
C:\ProgramData & Sub Folders
Start (27/06/2013 09:57:03 PM)
Running Repair Under System Account
Done (27/06/2013 10:54:47 PM)

Reset File Permissions 19/22
C:\Recovery & Sub Folders
Start (27/06/2013 10:54:47 PM)
Running Repair Under System Account
Done (27/06/2013 10:54:49 PM)

Reset File Permissions 20/22
C:\RegBackup & Sub Folders
Start (27/06/2013 10:54:49 PM)
Running Repair Under System Account
Done (27/06/2013 10:54:54 PM)

Reset File Permissions 21/22
C:\temp & Sub Folders
Start (27/06/2013 10:54:54 PM)
Running Repair Under System Account
Done (27/06/2013 10:54:56 PM)

Reset File Permissions 22/22
C:\Windows & Sub Folders
Start (27/06/2013 10:54:56 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:13 PM)

Reset File Permissions 01/63
D:\0 & Sub Folders
Start (27/06/2013 11:33:14 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:17 PM)

Reset File Permissions 02/63
D:\12345 & Sub Folders
Start (27/06/2013 11:33:17 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:19 PM)

Reset File Permissions 03/63
D:\1d34917538a4673b3e63cb5b18a2 & Sub Folders
Start (27/06/2013 11:33:19 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:22 PM)

Reset File Permissions 04/63
D:\5730 backup & Sub Folders
Start (27/06/2013 11:33:22 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:47 PM)

Reset File Permissions 05/63
D:\6351acadbf83b14964bc2458 & Sub Folders
Start (27/06/2013 11:33:47 PM)
Running Repair Under System Account
Done (27/06/2013 11:33:50 PM)

Reset File Permissions 06/63
D:\ali_hp & Sub Folders
Start (27/06/2013 11:33:50 PM)
Running Repair Under System Account
Done (27/06/2013 11:34:32 PM)

Reset File Permissions 07/63
D:\autorun.inf & Sub Folders
Start (27/06/2013 11:34:32 PM)
Running Repair Under System Account
Done (27/06/2013 11:34:35 PM)

Reset File Permissions 08/63
D:\BOUT Evolution & Sub Folders
Start (27/06/2013 11:34:35 PM)
Running Repair Under System Account
Done (27/06/2013 11:35:25 PM)

Reset File Permissions 09/63
D:\comment.htt & Sub Folders
Start (27/06/2013 11:35:25 PM)
Running Repair Under System Account
Done (27/06/2013 11:35:28 PM)

Reset File Permissions 10/63
D:\desktop.ini & Sub Folders
Start (27/06/2013 11:35:28 PM)
Running Repair Under System Account
Done (27/06/2013 11:35:30 PM)

Reset File Permissions 11/63
D:\Extensions & Sub Folders
Start (27/06/2013 11:35:30 PM)
Running Repair Under System Account
Done (27/06/2013 11:35:33 PM)

Reset File Permissions 12/63
D:\Malis2007 & Sub Folders
Start (27/06/2013 11:35:33 PM)
Running Repair Under System Account
Done (27/06/2013 11:45:30 PM)

Reset File Permissions 13/63
D:\mg & Sub Folders
Start (27/06/2013 11:45:30 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:00 PM)

Reset File Permissions 14/63
D:\mobail_Contacts & Sub Folders
Start (27/06/2013 11:46:00 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:05 PM)

Reset File Permissions 15/63
D:\movie & Sub Folders
Start (27/06/2013 11:46:05 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:07 PM)

Reset File Permissions 16/63
D:\NEW KF-SERVER BackUp & Sub Folders
Start (27/06/2013 11:46:07 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:18 PM)

Reset File Permissions 17/63
D:\nokia & Sub Folders
Start (27/06/2013 11:46:18 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:21 PM)

Reset File Permissions 18/63
D:\Nokia 5130c-2 & Sub Folders
Start (27/06/2013 11:46:21 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:23 PM)

Reset File Permissions 19/63
D:\nokia 5730 xpress music & Sub Folders
Start (27/06/2013 11:46:24 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:41 PM)

Reset File Permissions 20/63
D:\NOKIA c2700 & Sub Folders
Start (27/06/2013 11:46:41 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:43 PM)

Reset File Permissions 21/63
D:\pic2012 & Sub Folders
Start (27/06/2013 11:46:43 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:46 PM)

Reset File Permissions 22/63
D:\pic22 & Sub Folders
Start (27/06/2013 11:46:46 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:50 PM)

Reset File Permissions 23/63
D:\saleh ahmed & Sub Folders
Start (27/06/2013 11:46:51 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:55 PM)

Reset File Permissions 24/63
D:\ScreenSaver & Sub Folders
Start (27/06/2013 11:46:55 PM)
Running Repair Under System Account
Done (27/06/2013 11:46:58 PM)

Reset File Permissions 25/63
D:\server_ye1x & Sub Folders
Start (27/06/2013 11:46:58 PM)
Running Repair Under System Account
Done (27/06/2013 11:49:01 PM)

Reset File Permissions 26/63
D:\soft & Sub Folders
Start (27/06/2013 11:49:01 PM)
Running Repair Under System Account
Done (27/06/2013 11:51:54 PM)

Reset File Permissions 27/63
D:\vivvo & Sub Folders
Start (27/06/2013 11:51:54 PM)
Running Repair Under System Account
Done (27/06/2013 11:52:55 PM)

Reset File Permissions 28/63
D:\wafaa & Sub Folders
Start (27/06/2013 11:52:55 PM)
Running Repair Under System Account
Done (27/06/2013 11:52:58 PM)

Reset File Permissions 29/63
D:\wefaq & Sub Folders
Start (27/06/2013 11:52:58 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:00 PM)

Reset File Permissions 30/63
D:\yazan & Sub Folders
Start (27/06/2013 11:53:00 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:03 PM)

Reset File Permissions 31/63
D:\ye1.org & Sub Folders
Start (27/06/2013 11:53:03 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:22 PM)

Reset File Permissions 32/63
D:\ye22 & Sub Folders
Start (27/06/2013 11:53:22 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:46 PM)

Reset File Permissions 33/63
D:\احمد حرمل & Sub Folders
Start (27/06/2013 11:53:46 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:48 PM)

Reset File Permissions 34/63
D:\ادوية & Sub Folders
Start (27/06/2013 11:53:48 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:51 PM)

Reset File Permissions 35/63
D:\اغاني & Sub Folders
Start (27/06/2013 11:53:51 PM)
Running Repair Under System Account
Done (27/06/2013 11:53:57 PM)

Reset File Permissions 36/63
D:\افلام ومسلسلات & Sub Folders
Start (27/06/2013 11:53:58 PM)
Running Repair Under System Account
Done (27/06/2013 11:54:19 PM)

Reset File Permissions 37/63
D:\الجهمي & Sub Folders
Start (27/06/2013 11:54:19 PM)
Running Repair Under System Account
Done (27/06/2013 11:54:21 PM)

Reset File Permissions 38/63
D:\المجلة & Sub Folders
Start (27/06/2013 11:54:22 PM)
Running Repair Under System Account
Done (27/06/2013 11:55:26 PM)

Reset File Permissions 39/63
D:\المريسي & Sub Folders
Start (27/06/2013 11:55:26 PM)
Running Repair Under System Account
Done (27/06/2013 11:55:31 PM)

Reset File Permissions 40/63
D:\المطعم & Sub Folders
Start (27/06/2013 11:55:31 PM)
Running Repair Under System Account
Done (27/06/2013 11:55:34 PM)

Reset File Permissions 41/63
D:\الموقع & Sub Folders
Start (27/06/2013 11:55:34 PM)
Running Repair Under System Account
Done (27/06/2013 11:56:47 PM)

Reset File Permissions 42/63
D:\اناشيد & Sub Folders
Start (27/06/2013 11:56:47 PM)
Running Repair Under System Account
Done (27/06/2013 11:56:50 PM)

Reset File Permissions 43/63
D:\بيان تاييد القملي & Sub Folders
Start (27/06/2013 11:56:50 PM)
Running Repair Under System Account
Done (27/06/2013 11:56:52 PM)

Reset File Permissions 44/63
D:\بيان خاص & Sub Folders
Start (27/06/2013 11:56:53 PM)
Running Repair Under System Account
Done (27/06/2013 11:56:55 PM)

Reset File Permissions 45/63
D:\تقرير طبي & Sub Folders
Start (27/06/2013 11:56:55 PM)
Running Repair Under System Account
Done (27/06/2013 11:56:58 PM)

Reset File Permissions 46/63
D:\خاص & Sub Folders
Start (27/06/2013 11:56:58 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:40 PM)

Reset File Permissions 47/63
D:\خاص جدا & Sub Folders
Start (27/06/2013 11:57:40 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:43 PM)

Reset File Permissions 48/63
D:\سيارة & Sub Folders
Start (27/06/2013 11:57:43 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:45 PM)

Reset File Permissions 49/63
D:\شبام & Sub Folders
Start (27/06/2013 11:57:45 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:48 PM)

Reset File Permissions 50/63
D:\صحة & Sub Folders
Start (27/06/2013 11:57:48 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:50 PM)

Reset File Permissions 51/63
D:\صور خاصة & Sub Folders
Start (27/06/2013 11:57:51 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:55 PM)

Reset File Permissions 52/63
D:\ضيوف المجلس اليمني & Sub Folders
Start (27/06/2013 11:57:55 PM)
Running Repair Under System Account
Done (27/06/2013 11:57:58 PM)

Reset File Permissions 53/63
D:\فتحي بن لزرق & Sub Folders
Start (27/06/2013 11:57:58 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:00 PM)

Reset File Permissions 54/63
D:\فلم وثائقي خاص & Sub Folders
Start (27/06/2013 11:58:01 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:03 PM)

Reset File Permissions 55/63
D:\فيديو & Sub Folders
Start (27/06/2013 11:58:03 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:08 PM)

Reset File Permissions 56/63
D:\قران & Sub Folders
Start (27/06/2013 11:58:08 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:10 PM)

Reset File Permissions 57/63
D:\كاميرا & Sub Folders
Start (27/06/2013 11:58:11 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:13 PM)

Reset File Permissions 58/63
D:\مؤتمر القاهرة & Sub Folders
Start (27/06/2013 11:58:13 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:16 PM)

Reset File Permissions 59/63
D:\مظاهرات & Sub Folders
Start (27/06/2013 11:58:16 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:20 PM)

Reset File Permissions 60/63
D:\معجم البلدان و القبائل اليمنية & Sub Folders
Start (27/06/2013 11:58:21 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:23 PM)

Reset File Permissions 61/63
D:\معهد الطيران & Sub Folders
Start (27/06/2013 11:58:23 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:26 PM)

Reset File Permissions 62/63
D:\مواضيع هامة & Sub Folders
Start (27/06/2013 11:58:26 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:28 PM)

Reset File Permissions 63/63
D:\يوسف علي صالح & Sub Folders
Start (27/06/2013 11:58:28 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:31 PM)

Reset File Permissions: Cleanup
& Sub Folders
Start (27/06/2013 11:58:31 PM)
Running Repair Under System Account
Done (27/06/2013 11:58:38 PM)

Register System Files
Start (27/06/2013 11:58:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (27/06/2013 11:59:17 PM)

Repair WMI
Start (27/06/2013 11:59:17 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (28/06/2013 12:01:10 AM)

Repair Windows Firewall
Start (28/06/2013 12:01:10 AM)
Running Repair Under Current User Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (28/06/2013 12:01:35 AM)

Repair Internet Explorer
Start (28/06/2013 12:01:36 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:02:17 AM)

Remove Policies Set By Infections
Start (28/06/2013 12:02:17 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:02:22 AM)

Repair Icons
Start (28/06/2013 12:02:22 AM)
Running Repair Under System Account
Could Not Find C:\Users\ali\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\ali\AppData\Local\IconCache.db
Done (28/06/2013 12:02:24 AM)

Repair Winsock & DNS Cache
Start (28/06/2013 12:02:25 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:02:29 AM)

Repair Proxy Settings
Start (28/06/2013 12:02:29 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:02:34 AM)

Repair Windows Updates
Start (28/06/2013 12:02:34 AM)
Running Repair Under Current User Account
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (28/06/2013 12:02:55 AM)

Repair MSI (Windows Installer)
Start (28/06/2013 12:02:55 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:04 AM)

Repair bat Association
Start (28/06/2013 12:03:04 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:09 AM)

Repair cmd Association
Start (28/06/2013 12:03:09 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:14 AM)

Repair com Association
Start (28/06/2013 12:03:14 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:19 AM)

Repair Directory Association
Start (28/06/2013 12:03:19 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:24 AM)

Repair Drive Association
Start (28/06/2013 12:03:24 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:29 AM)

Repair exe Association
Start (28/06/2013 12:03:29 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:34 AM)

Repair Folder Association
Start (28/06/2013 12:03:34 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:39 AM)

Repair inf Association
Start (28/06/2013 12:03:39 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:43 AM)

Repair lnk (Shortcuts) Association
Start (28/06/2013 12:03:44 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:48 AM)

Repair msc Association
Start (28/06/2013 12:03:48 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:53 AM)

Repair reg Association
Start (28/06/2013 12:03:53 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:03:58 AM)

Repair scr Association
Start (28/06/2013 12:03:58 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:04:03 AM)

Repair Print Spooler
Start (28/06/2013 12:04:03 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:04:16 AM)

Restore Important Windows Services
Start (28/06/2013 12:04:17 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:04:21 AM)

Set Windows Services To Default Startup
Start (28/06/2013 12:04:22 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (28/06/2013 12:04:33 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (28/06/2013 12:04:33 AM)
Total Repair Time: 02:33:13


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

 

[malis2007]

By the way.. there is other logs than this ^ if you want from me to post them all then please say so
Thanks again for trying to help me..
and btw.. about this log ^
which I have just posted in the previous post..
would you please.. DELETE/REMOVE it after you examine it?
because it contains some important(personal) files names.. which I don't want from anyone else to look at it.. :/
Thanks again

 

[malis2007]

Oh and forgot to mention that the problems still the same.. none of them is fixed yet.. :/
the weird files.. nor the services problem..

 

[Broni]

Next step would be repair installation: http://www.sevenforums.com/tutorials/3413-repair-install.html

 

[malis2007]

About this :
http://www.sevenforums.com/tutorials/3413-repair-install.html
I have looked at it before but didn't do it.. :/
first is it safe?
second.. what to download and what to do? XD
I hardly understanded anything from their "Warning"
I can just understand the "[FONT=verdana]Here's How:[/FONT] " only :/
but.. FROM WHERE TO BEGIN?! XD
I mean what is the.. [FONT=verdana]OEM Windows 7 "Factory" Restore/Recovery [/FONT]and those stuff? :/

 

[malis2007]

Oh and forgot to say that..
WILL IT UPGRADE MY WINDOWS TO WIN8?! XD
if so then I don't want it :/
I want to remain in win 7
and will any of my programs in the "C" drive be removed?

 

[Broni]

I don't think I can explain repair installation better than that guide does.
Possibly you ask a friend to help you out with going through those steps.