yesterday my pc infected by virus called remote desktop … UUV (something like that i don’t remember the name )
i think that i remove it but not sure about that
i attach all 3 logs generated by Farbar
could u check it plz !
your help is greatly appreciated
thanks in advance
Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this. It has also altered a chrome dll file
CHR Extension: (Avast Online Security) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: GroupPolicy: Restriction - Chrome <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File FF NetworkProxy: "autoconfig_url", "data:text/javascript,%2F*ZenMate*%2F%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%0A%20%20var%20e%20%3D%20%7B%20data%3A%20%7B%22localDomains%22%3A%5B%22zenguard.biz%22%2C%22local%22%2C%22dev%22%2C%22ip%22%2C%22box%22%2C%22lvh.me%22%2C%22ripe%22%2C%22invalid%22%2C%22intra%22%2C%22intranet%22%2C%22onion%22%2C%22vcap.me%22%2C%22zeus.pm%22%2C%22127.0.0.1.xip.io%22%2C%22smackaho.st%22%2C%22localtest.me%22%2C%22site%22%2C%22about%3Aaddons%22%2C%22about%3Anewtab%22%2C%22about%3Apreferences%22%2C%22about%3Aconfig%22%5D%2C%22nodeOverrides%22%3A%5B%7B%22target_cc%22%3A%22US%22%2C%22hosts%22%3A%5B%22hulu.com%22%5D%2C%22premium_only%22%3Atrue%2C%22nodes%22%3A%22US-ALT1%22%7D%5D%2C%22IPv4NotationRE%22%3A%7B%7D%2C%22localIPsRE%22%3A%7B%7D%7D%2CnodeLookup%3A%20function%20(nodeDict%2C%20cc)%20%7B%0A%20%20%20%20%20%20return%20nodeDict%5Bcc%5D%20%7C%7C%20false%3B%0A%20%20%20%20%7D%2CcompareHosts%3A%20function%20(hosts%2C%20host)%20%7B%0A%20%20%20%20%20%20var%20h%2C%20_i%2C%20_len%3B%0A%20%20%20%20%20%20for%20(_i%20%3D%200%2C%20_len%20%3D%20hosts.length%3B%20_i%20%3C%20_len%3B%20_i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20h%20%3D%20hosts%5B_i%5D%3B%0A%20%20%20%20%20%20%20%20if%20(this.matchWildcardDomain(host%2C%20h))%20%7B%0A%20%20%20%20%20%20%20%20%20%20return%20h%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%2CcompareURLs%3A%20function%20(patterns%2C%20url)%20%7B%0A%20%20%20%20%20%20var%20p%2C%20_i%2C%20_len%3B%0A%20%20%20%20%20%20for%20(_i%20%3D%200%2C%20_len%20%3D%20patterns.length%3B%20_i%20%3C%20_len%3B%20_i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20p%20%3D%20patterns%5B_i%5D%3B%0A%20%20%20%20%20%20%20%20if%20(p.test(url))%20%7B%0A%20%20%20%20%20%20%20%20%20%20return%20p%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%2CdnsDomainIs%3A%20function%20(host%2C%20pattern)%20%7B%0A%20%20%20%20%20%20return%20host.length%20%3E%3D%20pattern.length%20%26%26%20host.substring(host.length%20-%20pattern.length)%20%3D%3D%3D%20pattern%3B%0A%20%20%20%20%7D%2CmatchWildcardDomain%3A%20function%20(host%2C%20domain)%20%7B%0A%20%20%20%20%20%20var%20exactMatch%2C%20hasSubdomain%2C%20tldMatch%3B%0A%20%20%20%20%20%20exactMatch%20%3D%20host%20%3D%3D%3D%20domain%3B%0A%20%20%20%20%20%20tldMatch%20%3D%20host.slice(-domain.length)%20%3D%3D%3D%20domain%3B%0A%20%20%20%20%20%20hasSubdomain%20%3D%20host%5Bhost.lastIndexOf(domain)%20-%201%5D%20%3D%3D%3D%20'.'%3B%0A%20%20%20%20%20%20return%20exactMatch%20%7C%7C%20(tldMatch%20%26%26%20hasSubdomain)%3B%0A%20%20%20%20%7D%2CmatchNodeOverride%3A%20function%20(host%2C%20cc)%20%7B%0A%20%20%20%20%20%20var%20o%2C%20result%2C%20_ref%3B%0A%20%20%20%20%20%20result%20%3D%20(function()%20%7B%0A%20%20%20%20%20%20%20%20var%20_i%2C%20_len%2C%20_ref%2C%20_results%3B%0A%20%20%20%20%20%20%20%20_ref%20%3D%20this.data.nodeOverrides%3B%0A%20%20%20%20%20%20%20%20_results%20%3D%20%5B%5D%3B%0A%20%20%20%20%20%20%20%20for%20(_i%20%3D%200%2C%20_len%20%3D%20_ref.length%3B%20_i%20%3C%20_len%3B%20_i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20%20%20o%20%3D%20_ref%5B_i%5D%3B%0A%20%20%20%20%20%20%20%20%20%20if%20(o.target_cc%20%3D%3D%3D%20cc%20%26%26%20this.compareHosts(o.hosts%2C%20host))%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20_results.push(o)%3B%0A%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20return%20_results%3B%0A%20%20%20%20%20%20%7D).call(this)%3B%0A%20%20%20%20%20%20return%20(result%20!%3D%20null%20%3F%20(_ref%20%3D%20result%5B0%5D)%20!%3D%20null%20%3F%20_ref.nodes%20%3A%20void%200%20%3A%20void%200)%20%7C%7C%20false%3B%0A%20%20%20%20%7D%2CmatchRules%3A%20function%20(rules%2C%20host%2C%20url)%20%7B%0A%20%20%20%20%20%20var%20i%2C%20rule%2C%20_i%2C%20_len%3B%0A%20%20%20%20%20%20if%20(!((rules%20!%3D%20null%20%3F%20rules.length%20%3A%20void%200)%20%3E%200))%20%7B%0A%20%20%20%20%20%20%20%20return%3B%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20if%20(this.data.rulesWithOverrides%20%3D%3D%20null)%20%7B%0A%20%20%20%20%20%20%20%20rules%20%3D%20mergeRuleOverrides(rules%2C%20config.ruleOverrides)%3B%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20for%20(i%20%3D%20_i%20%3D%200%2C%20_len%20%3D%20rules.length%3B%20_i%20%3C%20_len%3B%20i%20%3D%20%2B%2B_i)%20%7B%0A%20%20%20%20%20%20%20%20rule%20%3D%20rules%5Bi%5D%3B%0A%20%20%20%20%20%20%20%20if%20(this.matchWildcardDomain(host%2C%20rule.domain)%20%7C%7C%20((rule.hosts%20!%3D%20null)%20%26%26%20this.compareHosts(rule.hosts%2C%20host)))%20%7B%0A%20%20%20%20%20%20%20%20%20%20return%20i%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%2C_getProxyState%3A%20function%20(url%2C%20host%2C%20rules)%20%7B%0A%20%20%20%20%20%20var%20local%2C%20match%2C%20_i%2C%20_len%2C%20_ref%3B%0A%20%20%20%20%20%20url%20%3D%20url.toLowerCase()%3B%0A%20%20%20%20%20%20if%20(!~host.indexOf('.')%20%26%26%20!~host.indexOf('%3A'))%20%7B%0A%20%20%20%20%20%20%20%20return%20'LOCAL'%3B%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20if%20(this.data.IPv4NotationRE.test(host)%20%26%26%20data.localIPsRE.test(host))%20%7B%0A%20%20%20%20%20%20%20%20return%20'LOCAL'%3B%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20_ref%20%3D%20this.data.localDomains%3B%0A%20%20%20%20%20%20for%20(_i%20%3D%200%2C%20_len%20%3D%20_ref.length%3B%20_i%20%3C%20_len%3B%20_i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20local%20%3D%20_ref%5B_i%5D%3B%0A%20%20%20%20%20%20%20%20if%20(this.matchWildcardDomain(host%2C%20local))%20%7B%0A%20%20%20%20%20%20%20%20%20%20return%20'LOCAL'%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20match%20%3D%20this.matchRules(rules%2C%20host%2C%20url)%3B%0A%20%20%20%20%20%20if%20(match%20!%3D%20null)%20%7B%0A%20%20%20%20%20%20%20%20return%20rules%5Bmatch%5D.cc%3B%0A%20%20%20%20%20%20%7D%20else%20%7B%0A%20%20%20%20%20%20%20%20return%20'DEFAULT'%3B%0A%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%20%7D%3B%0A%20%20e.data.localDomains%20%3D%20e.data.localDomains.concat(%5B%22zenmate.com%22%2C%22d1jr1idae5ms9n.cloudfront.net%22%5D)%3B%0A%20%20e.data.IPv4NotationRE%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%0Ae.data.localIPsRE%20%3D%20%2F(%5E127%5C.)%7C(%5E192%5C.168%5C.)%7C(%5E10%5C.)%7C(%5E172%5C.1%5B6-9%5D%5C.)%7C(%5E172%5C.2%5B0-9%5D%5C.)%7C(%5E172%5C.3%5B0-1%5D%5C.)%2F%3B%0A%0A%20%20e.data.defaultLocation%20%3D%20'RO'%3B%0A%20%20e.data.nodeDict%20%3D%20%7B%22RO%22%3A%22PROXY%20127.0.0.1%3A56471%22%2C%22DE%22%3A%22PROXY%20127.0.0.1%3A56472%22%2C%22HK%22%3A%22PROXY%20127.0.0.1%3A56473%22%2C%22US%22%3A%22PROXY%20127.0.0.1%3A56474%22%2C%22US-ALT1%22%3A%22PROXY%20127.0.0.1%3A56475%22%7D%3B%0A%20%20e.data.rulesWithOverrides%20%3D%20%5B%5D%3B%0A%0A%20%20var%20res%20%3D%20e._getProxyState(url%2C%20host%2C%20e.data.rulesWithOverrides)%3B%0A%0A%20%20if%20(res%20%3D%3D%3D%20'LOCAL'%20%7C%7C%20res%20%3D%3D%3D%20'DIRECT'%20%7C%7C%20res%20%3D%3D%3D%20'OFF')%20%7Breturn%20'DIRECT'%7D%3B%0A%20%20if%20(res%20%3D%3D%3D%20'DEFAULT')%20%7Bcc%20%3D%20e.data.defaultLocation%7D%20else%20%7Bcc%20%3D%20res%7D%3B%0A%0A%20%20var%20override%20%3D%20e.matchNodeOverride(host%2C%20cc)%3B%0A%20%20if%20(override)%20%7Bcc%20%3D%20override%7D%3B%0A%0A%20%20return%20e.nodeLookup(e.data.nodeDict%2C%20cc)%20%7C%7C%20'DIRECT'%3B%0A%7D" FF NetworkProxy: "type", 2 CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2427239002-3345539292-2558161799-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\win\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.) Task: {107562D2-B245-4796-B602-07A5E49DF8A5} - System32\Tasks\Advanced File Optimizer_checkupdate_startup => C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe [2015-03-28] (Systweak) Task: {2AF0ABE3-EAAC-441B-B14D-E4FC58CDEF96} - System32\Tasks\{A65C13B2-F282-4B0E-9189-F999A0265061} => pcalua.exe -a E:\setup.exe -d E:\ Task: {30889B0F-B8CE-4301-B118-92EBB09BF17A} - System32\Tasks\{D007FB3A-1817-4188-9B8F-B20C76463578} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe Task: {34A1F2E5-6649-431C-A002-3DFC3CB4A491} - System32\Tasks\{2A45ECD7-BFD3-49A5-9B41-578F9AB0D989} => pcalua.exe -a C:\Users\win\Desktop\fadle\setup.exe -d C:\Users\win\Desktop\fadle Task: {3D2BD454-CB68-4886-9D82-97316FBE384A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {46E42E77-FA5F-43D1-8C62-A2611A2C9AF5} - System32\Tasks\{4A2B9B8A-DE70-4716-B3A5-DFD20F29B3A5} => pcalua.exe -a "F:\Seagate Dashboard Installer.exe" -d F:\ Task: {490035BF-3D89-4AC7-9E9F-DD1670B7629E} - System32\Tasks\{8DB6779F-9D50-489F-A05B-3265B5732E35} => pcalua.exe -a "C:\Users\win\Desktop\New folder (6)\Software\Player\General_Player_Eng_V1.6.0.0.R.20120706.exe" -d "C:\Users\win\Desktop\New folder (6)\Software\Player" Task: {4F1F5306-221B-470B-99F5-0165AF6F9906} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {582704C6-B568-408F-9AC8-2520DF129535} - System32\Tasks\{0D41BF49-EB4A-4547-8326-51DA907637DF} => pcalua.exe -a G:\ \Kaspersky_Anti-Virus_2009\kav8.0.0.454en.exe -d G:\ \Kaspersky_Anti-Virus_2009 Task: {5FF83097-0FE3-4FBA-99CF-43F5DD7D6BA4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427239002-3345539292-2558161799-1000UA => C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {935067B5-A62D-4AB3-A52C-55343B46714E} - System32\Tasks\{432080D3-1994-4A88-A9D3-6741B5407501} => pcalua.exe -a C:\Users\win\Downloads\Programs\deldrvvst2120ej.exe -d C:\Users\win\Downloads\Programs Task: {B0132E11-D2C6-4450-83E2-256C9A268CA6} - System32\Tasks\{AB6EC3D2-9BC2-4B81-B674-2DB0835FC099} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" Task: {BD944A18-1086-4E30-A026-8818A3F5B618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2427239002-3345539292-2558161799-1000Core => C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {C06F907D-6197-4D20-9DD9-5C4BD331887B} - System32\Tasks\{007DE9DF-F0CE-41A5-8FAF-8213BEDFCB12} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe Task: {CE09E99B-901B-4F41-8437-AE8A82EAE8E0} - System32\Tasks\{518378A7-8493-495A-9D9F-55BE7C04CDD0} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe Task: {D69A626F-7E1E-4D53-A808-78C1CA066D49} - System32\Tasks\{99F921C9-7A1D-455D-A114-62802F0032C3} => pcalua.exe -a C:\Users\win\Downloads\Programs\SafeHouseExplorerSetup.exe -d C:\Users\win\Downloads\Programs Task: {D936809C-7748-4D28-A39E-77C2B2E5EB2B} - System32\Tasks\{F230D3B5-46EC-4C37-BFFD-BB7B01335A76} => pcalua.exe -a C:\Users\win\Downloads\Programs\BT_Intel_W74_A02_Setup-50PWW_ZPE.exe -d C:\Users\win\Downloads\Programs Task: {E0E9EF1F-5988-49B8-AEFD-AB29280F8961} - System32\Tasks\{17EE6C8C-6D61-4B32-9205-DB0BB1F98EAE} => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427239002-3345539292-2558161799-1000Core.job => C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2427239002-3345539292-2558161799-1000UA.job => C:\Users\win\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} C:\Program Files\Advanced File Optimizer Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
FINALLY
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
YOU ARE THE KING 
OMG my laptop now fast as lightning
1-i was suffering from slow scrolling down or up during browsing internet or even when right click on google search results
and some times freezing ( i use Firefox and its my default browser i didn’t use chrome however i deleted it now permanently )
2-also i was suffer from browsing images on folders it takes lot of time to be sorted i thought that due huge amount of images i had!!
but now every thing fine 
3- fast booting as well
i feel curious what the main reasons or virus that causes those problems and why is avast didn’t detect them !!! plz let me know if u found it on the log
one more thing i had two accounts on this laptop and i am the admin ,i read log i notice that some viruses ( i think it is stored on the other account ) not deleted
do i have to logon to other account and do the same cleaning !!!
FRST looks at all accounts 
It was the network proxy on firefox… here is just one very small part of it
FF NetworkProxy: "autoconfig_url", "data:text/javascript,%2F*ZenMate*%2F%0Afunction%20FindProxyForURL(url%2C%20host)%20%7B%0A%0A%20%20var%20e%20%3D%20%7B%20data%3A%20%7B%22localDomains%22%3A%5B%22zenguard.biz%22%2C%22local%22%2C%22dev%22%2C%22ip%22%2C%22box%22%2C%22lvh.me%22%2C%22ripe%22%2C%22invalid%22%2C%22intra%22%2C%22intranet%22%2C%22onion%22%2C%22vcap.me%22%2C%22zeus.pm%22%2C%22127.0.0.1.xip.io%22%2C%22smackaho.st%22%2C%22localtest.me%22%2C%22site%22%2C%22about%3Aaddons%22%2C%22about%3Anewtab%22%2C%22about%3Apreferences%22%2C%22about%3Aconfig%22%5D%2C%22nodeOverrides%22%3A%5B%7B%22target_cc%22%3A%22US%22%2C%22hosts%22%3A%5B%22hulu.com%22%5D%2C%22premium_only%22%3Atrue%2C%22nodes%22%3A%22US-ALT1%22%7D%5D%2C%22IPv4NotationRE%22%3A%7B%7D%2C%22localIPsRE%22%3A%7B%7D%7D%2CnodeLookup%3A%20function%20(nodeDict%2C%20cc)%20%
Unfortunately there are far to many variables within this area for any antivirus to make halfway sense of it and this is generally considered a user applied area. Apart from that one rather long line the rest of the fix was just a tidying up exercise
Any further problems ?
thanks again
yes i use that proxy but i think that will slow down the internet speed only not the PC
however every thing now seems fine except two important things :
1- system restore doesn’t work although it says created by your last fixing
when trying to restore i can see the restore point but when click says check hard disk error
2- windows defender doesn’t work also
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
OK first you will need to run chkdsk /r on the main drive http://www.w7forums.com/threads/how-to-use-chkdsk-check-disk.448/
Then what error does defender give ?
after restart says check disk cancel (although i didn’t press any key to cancel !!)
Did the computer reboot to a black/blue screen with writing
my laptop monitor is broken so that i use external monitor
on restart or boating external monitor doesn’t work ,very difficult to read from internal monitor on laptop
and yes the computer restart to black screen and all i can read partially is something like:
“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”““it’s constantly check drive c””“”“”“”“”"
“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”““you select to cancel checking although its important “”””“”“”“”“”“”“”“”“”
i didn’t select to cancel check !!!
Do you have a stuck escape key on the keyboard
no of course not
Could you press and hold F8 as soon as you power on the computer… Does that give you the option to go to a command prompt ?
If so then type chkdsk /x
sorry for late
i was trying to solve this issue of checking drive c and finally solve it by change the ChkDsk timer setting type to zero
chkntfs /t:seconds where equals the number of seconds delay.
it works but it takes long time (i think more than 3 hours ) so that i went for sleep and i leave it checking
when i wake i see no report generated ,all i see is windows logon page (i think checking is done well then rebooted by it self)
so what is the next move !!!
OK next move is to tell me what problems you are now seeing
ok lets start with windows defender
i have error msg “The service cannot be started, either because it is disabled or because it has no enabled devices associated with it”
Defender should be disabled when you have an Antivirus installed http://www.thewindowsclub.com/windows-defender-is-turned-off
ok everything now looks fine even system restore also fixed
but one more weird thing, last week my yahoo email send emails by it self contain attachments to four of my friends
this attach contain photos of mine (which stored in my email )plus pdf file contain links extra links and not mine ,also i check draft contain some weird attachments and receivers but not sent ,any idea about this!!!
at the same time i found email in draft to this (701034936fadiaden@hotmail.com)while the correct one is fadiaden@hotmail.com
and 701034936 is his phone number (he is my friend and he has no idea )this is combine email and phone number
and here is another receiver benjamin.whiteley@moody.edu and no idea about this !!
in brief all weird sent emails or still not sent on draft contain one of my photo and one or two pdf files (not mine)
i block this weird emails and move them to spam and clean all spam folder and of course i change password
anymore things should i do !!!
thanks
Change your yahoo password it may have been hacked
sure and i want to say THANK YOU for your magic !
you are wizard
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix
Select the options as shown
https://dl.dropboxusercontent.com/u/73555776/delfix.JPG
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
Update and run weekly to keep your system clean
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe 