Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet is filled with adware! BlockUTubeAD, RightCoupon, OnlineBrowserAdverts


  • This topic is locked This topic is locked
21 replies to this topic

#1 shebbz

shebbz

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 26 April 2014 - 01:21 PM

Dear all, 

 

My internet is filled with adware/malware/spyware and I am experiencing many problems:

 

- Whenever I go on a webpage (apart from the homepage) I see ads by RightCoupon

- When I perform a Google search, I see the first two results are links from BlockUTubeAD. I also cannot remove BlockUTubeAD from my Google Chrome extensions (Chrome is the Web browser I use). I have seen other ways to remove it via YouTube, but the files they select to delete are not visible when I try to do the same thing (i.e. via regedit).

- Sometimes, when I open a new tab, I am redirected to some random website (some are caandaltax and alkavaid (or something similar to that)).

- Sometimes I am redirected to install Java and Adobe (I don't know if this is legit because when I install them (i.e. Java updates), then a few days later it comes with another update and redirects me to the java page to install.

- Sometimes, I go on a webpage and a blue-background page comes up and says, Aw, Snap, cannot load page for random reasons.

- Another problem is that I cannot delete Oberon Media from my applications list in Control Panel

 

I've followed the steps malware.tips gives me (via a basic Google search) i.e. using adware killer, SAS and others. 

 

I have Ad-Aware, SAS, AnviSmart Defender and CC Cleaner already installed on my computer.

 

I am not in any way experienced with software, malware, adware etc. so I would like to please  request someone to advise and follow me through the best way to remove these viruses from my computer once and for all. 

 

Below is the log file from the DDS file and 'attach' file (for some reason it's not attaching).

 

Please help!

 

Thank you for your time.

 

Kind regards,

 

shebbz.

 

----------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Shohaib at 18:57:35 on 2014-04-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.1007 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxeacoms.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [ueralxng] <no file>
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Browsing Protection] <no file>
StartupFolder: C:\Users\Shohaib\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Shohaib\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Shohaib\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 213.120.234.6 213.120.234.30
TCP: Interfaces\{4D714909-BE80-4596-846D-3E826E90D0D6} : DHCPNameServer = 213.120.234.6 213.120.234.30
TCP: Interfaces\{4D714909-BE80-4596-846D-3E826E90D0D6}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4D714909-BE80-4596-846D-3E826E90D0D6}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A3D57210-F2E2-4DA5-9A31-6454176527F3} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Anti-phishing Domain Advisor] <no file>
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shohaib\AppData\Roaming\Mozilla\Firefox\Profiles\4yy95fzu.default-1388864446199\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Shohaib\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2014-1-11 18768]
R1 asdws;asdws;C:\Windows\System32\drivers\asdws.sys [2014-1-11 17232]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-29 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-3-30 282968]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2014-1-11 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-10-21 742584]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-3-10 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-4-14 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-3-10 244624]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-2-5 123384]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-3-30 1444120]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-3-10 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-10 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-10 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-10 287232]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
RUnknown mwlPSDFilter;mwlPSDFilter; [x]
RUnknown mwlPSDNServ;mwlPSDNServ; [x]
RUnknown mwlPSDVDisk;mwlPSDVDisk; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
S2 ProtectMonitor;Protect Monitor;C:\monitorsvc.exe --> C:\monitorsvc.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-31 119512]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2012-4-24 316312]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-3-30 397848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-10 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S4 bckd;bckd;C:\Windows\System32\drivers\bckd.sys [2012-2-13 108304]
S4 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]
.
=============== Created Last 30 ================
.
2014-04-26 17:43:15 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-04-25 21:24:38 -------- d-----w- C:\Users\Shohaib\AppData\Local\{1E19DE36-8DC4-4B6C-BDC1-7136D5F7B22E}
2014-04-25 20:58:04 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6363AA7C-C3AC-4D59-B596-DD92415275FD}\mpengine.dll
2014-04-25 17:22:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-04-25 17:21:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 10:54:38 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-24 22:24:33 -------- d-----w- C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics
2014-04-24 21:30:36 -------- d-----w- C:\Program Files\Lavasoft
2014-04-24 21:29:50 -------- d-----w- C:\ProgramData\Search Protection
2014-04-24 21:29:46 -------- d-----w- C:\Users\Shohaib\AppData\Local\adawarebp
2014-04-24 21:29:40 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2014-04-24 21:29:20 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2014-04-24 21:29:11 -------- d-----w- C:\Users\Shohaib\AppData\Roaming\SecureSearch
2014-04-24 21:28:23 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-04-24 21:24:05 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-04-23 20:52:36 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-04-22 04:50:49 -------- d-----w- C:\Users\Shohaib\AppData\Local\{AEF28BDC-C19D-4DE0-B632-9B2F587E20D3}
2014-04-22 01:48:59 8011776 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-04-21 10:27:57 -------- d-----w- C:\Users\Shohaib\AppData\Local\{E74CC28D-4B83-4BB5-B928-5CD80DAC9157}
2014-04-20 09:10:01 -------- d-----w- C:\Users\Shohaib\AppData\Local\{A930E4FF-53EF-472F-9F34-AE0A1150824E}
2014-04-19 13:02:36 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58687322-C49C-4CDB-9714-35EFFFFE4AF4}\gapaengine.dll
2014-04-17 21:14:13 -------- d-----w- C:\Users\Shohaib\AppData\Local\{D02FA8BA-5A27-4EF4-A121-7E7686802C0B}
2014-04-13 04:17:37 -------- d-----w- C:\Users\Shohaib\AppData\Local\{F4A8FAD2-8188-4B3C-ACB3-79BA896C64C5}
2014-04-10 05:00:46 -------- d-----w- C:\Users\Shohaib\AppData\Local\{3DB66349-4E99-43BB-83F6-61CF737CBDDD}
2014-04-09 16:11:40 -------- d-----w- C:\Users\Shohaib\AppData\Local\{82747838-CC62-4B31-B9A7-D75E9F1919D0}
2014-04-09 14:04:25 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-09 14:04:25 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 14:04:24 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-09 14:04:24 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-09 14:04:23 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 14:04:23 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-09 14:04:15 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-09 14:04:14 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 14:04:14 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-08 04:55:02 -------- d-----w- C:\Users\Shohaib\AppData\Local\{428467C8-B570-4DD4-992A-D99511EDDBF8}
2014-04-06 20:41:37 242048 ----a-w- C:\Windows\System32\cnvshell.dll
2014-04-06 20:41:36 -------- d-----w- C:\Program Files\ImageConverter Plus
2014-04-06 02:55:36 -------- d-----w- C:\Users\Shohaib\AppData\Local\{D3C28BCE-BDC1-4B29-9960-41F7D6384083}
2014-04-05 15:33:59 -------- d-----w- C:\ProgramData\eBay
2014-04-05 15:33:59 -------- d-----w- C:\Program Files (x86)\eBay
2014-04-05 09:48:00 -------- d-----w- C:\Users\Shohaib\AppData\Local\{60CA656E-6ED5-4E5B-B3F4-E540FA385B8A}
2014-04-04 04:24:33 -------- d-----w- C:\Users\Shohaib\AppData\Local\{5600AF65-8298-4428-BF3F-9A645E97455A}
2014-04-03 04:42:11 -------- d-----w- C:\Users\Shohaib\AppData\Local\{D7E3844A-5AF2-4C06-9752-910DF761A6BF}
2014-03-31 10:49:49 -------- d-----w- C:\Users\Shohaib\AppData\Local\{A0492C4F-4CC3-4DE7-96B6-4F49BAB64179}
2014-03-31 10:29:40 -------- d-----w- C:\AdwCleaner
2014-03-31 09:37:04 -------- d-----w- C:\Users\Shohaib\AppData\Roaming\SUPERAntiSpyware.com
2014-03-31 09:36:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-31 09:36:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-31 05:46:02 -------- d-----w- C:\Program Files\Enigma Software Group
2014-03-31 05:43:16 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-31 05:43:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-31 04:57:55 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-31 04:43:28 -------- d-----w- C:\Program Files (x86)\SuperFastPC
2014-03-30 22:41:09 -------- d-----w- C:\Users\Shohaib\AppData\Local\{52E6CA5C-0872-4F02-B3F5-7B4971289F2C}
2014-03-30 21:01:49 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-30 18:45:36 1172776 ----a-w- C:\Users\Shohaib\AppData\Local\nsf2078.tmp
2014-03-30 09:32:07 -------- d-----w- C:\Users\Shohaib\AppData\Local\{AE990A7E-B3E5-4D72-AFAF-05EC651AA4EC}
2014-03-29 08:49:18 -------- d-----w- C:\Users\Shohaib\AppData\Local\{8FD2330D-CEFC-423D-ABF7-40D2EFBE1012}
2014-03-28 17:06:50 -------- d-----w- C:\Users\Shohaib\AppData\Local\Skype
2014-03-28 11:14:51 -------- d-----w- C:\Users\Shohaib\AppData\Local\{7DDB79C3-AFFE-4A7F-A12B-0FBF8A50585D}
.
==================== Find3M  ====================
.
2014-03-30 19:30:24 316312 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-03-12 00:00:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:00:30 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-12 00:00:15 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 08:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-03 11:50:38 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2014-03-03 11:50:37 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2014-02-13 14:12:36 487517 ----a-w- C:\monitor.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH: 19:00:21.17 ===============
 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 09/06/2011 15:37:13
System Uptime: 26/04/2014 06:31:47 (13 hours ago)
.
Motherboard: Acer |  | Aspire 5742
Processor: Intel® Core™ i3 CPU       M 380  @ 2.53GHz | CPU | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 195.305 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C6C2BDB&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2C6C2BDB&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP426: 17/04/2014 22:22:23 - Windows Update
RP427: 22/04/2014 02:47:41 - Windows Update
RP428: 24/04/2014 16:12:21 - Installed STOPzilla
RP430: 24/04/2014 21:28:12 - Removed STOPzilla
RP431: 24/04/2014 22:21:59 - AA11
RP432: 25/04/2014 11:52:56 - Windows Update
RP433: 25/04/2014 18:10:54 - avast! antivirus system restore point
RP434: 26/04/2014 17:31:35 - Removed MyWinLocker Suite
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
AntimalwareEngine
Backup Manager Basic
Blue Coat K9 Web Protection
Broadcom Gigabit NetLink Controller
CCleaner
CyberLink PowerDVD 9
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DevPro
DHTML Editing Component
Dream Day First Home
Dropbox
eBay Worldwide
eReg
ETDWare PS/2-x64 7.0.6.5_WHQL
Google Chrome
Google Update Helper
Heroes of Hellas
ICP 9.0
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Launch Manager
Lexmark Printable Web
Lexmark S300-S400 Series
Logitech SetPoint 6.32
Logitech Unifying Software 2.00
McAfee SiteAdvisor
Merriam Websters Spell Jam
Mesh Runtime
MestReNova LITE 5.2.5-5780
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Media Maker 9
Poker Pop
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype Click to Call
Skype™ 6.14
SUPERAntiSpyware
swMSM
Trusteer Endpoint Protection
Turbo Lister 2
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VC 9.0 Runtime
VLC media player 2.0.8
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
26/04/2014 17:19:31, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
25/04/2014 22:20:30, Error: Service Control Manager [7000]  - The Service Component of VO service failed to start due to the following error:  The system cannot find the file specified.
25/04/2014 22:20:25, Error: Service Control Manager [7000]  - The Protect Monitor service failed to start due to the following error:  The system cannot find the file specified.
25/04/2014 22:20:24, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
25/04/2014 22:20:24, Error: Service Control Manager [7000]  - The lxeaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
25/04/2014 22:20:08, Error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
23/04/2014 21:57:37, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
23/04/2014 21:57:14, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
23/04/2014 21:57:14, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 28 April 2014 - 02:12 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi shebbz,
 
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Ad-Aware Antivirus or Microsoft Security Essentials.
 
--------------

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 28 April 2014 - 05:23 PM

Thanks for getting back to me, Toffee.

 

I will literally do whatever you say, I have uninstalled Ad-Aware Antivirus.

 

I installed AdwCleaner. Below is the log report as requested:

 

# AdwCleaner v3.205 - Report created 28/04/2014 at 23:11:40
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shohaib - SHOHAIB-PC
# Running from : C:\Users\Shohaib\Downloads\AdwCleaner (3).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Folder Found : C:\Program Files (x86)\DealExpresss
Folder Found : C:\Users\Shohaib\AppData\Roaming\SecureSearch
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\ClickConnect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\ClickConnect
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-GB)
 
[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\h6zh3mxr.default\prefs.js ]
 
 
[ File : C:\Users\Shohaib\AppData\Roaming\Mozilla\Firefox\Profiles\4yy95fzu.default-1388864446199\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17027 octets] - [31/03/2014 11:29:45]
AdwCleaner[R1].txt - [1412 octets] - [09/04/2014 16:40:24]
AdwCleaner[R2].txt - [3784 octets] - [23/04/2014 21:50:47]
AdwCleaner[R3].txt - [2271 octets] - [28/04/2014 23:11:40]
AdwCleaner[S0].txt - [15258 octets] - [31/03/2014 11:32:10]
AdwCleaner[S1].txt - [1487 octets] - [09/04/2014 16:50:01]
AdwCleaner[S2].txt - [5657 octets] - [23/04/2014 21:53:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2512 octets] ##########
 
---------------------------------------------------------
 
 
Shall I clean what was found?
 
Kind regards,

 



#4 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 28 April 2014 - 05:24 PM

Oh and how could I forget - thanks for the welcome! :)



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 29 April 2014 - 10:17 AM

Hi shebbz,
 
You are welcome.
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 29 April 2014 - 11:52 AM

Here are the log reports as requested:

 

AdwCleaner Report Log

 

# AdwCleaner v3.205 - Report created 29/04/2014 at 17:22:21
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shohaib - SHOHAIB-PC
# Running from : C:\Users\Shohaib\Desktop\AdwCleaner (3).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\DealExpresss
Folder Deleted : C:\Users\Shohaib\AppData\Roaming\SecureSearch
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\ClickConnect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-GB)
 
[ File : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\h6zh3mxr.default\prefs.js ]
 
 
[ File : C:\Users\Shohaib\AppData\Roaming\Mozilla\Firefox\Profiles\4yy95fzu.default-1388864446199\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [17027 octets] - [31/03/2014 11:29:45]
AdwCleaner[R1].txt - [1412 octets] - [09/04/2014 16:40:24]
AdwCleaner[R2].txt - [3784 octets] - [23/04/2014 21:50:47]
AdwCleaner[R3].txt - [2608 octets] - [28/04/2014 23:11:40]
AdwCleaner[R4].txt - [2666 octets] - [29/04/2014 17:20:00]
AdwCleaner[S0].txt - [15258 octets] - [31/03/2014 11:32:10]
AdwCleaner[S1].txt - [1487 octets] - [09/04/2014 16:50:01]
AdwCleaner[S2].txt - [5657 octets] - [23/04/2014 21:53:27]
AdwCleaner[S3].txt - [2509 octets] - [29/04/2014 17:22:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2569 octets] ##########
 
 
 
--------------------------
 
FRST Report Log
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Shohaib (administrator) on SHOHAIB-PC on 29-04-2014 17:41:02
Running from C:\Users\Shohaib\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxeacoms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Anti-phishing Domain Advisor] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Ad-Aware Browsing Protection] => [X]
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1636536 2013-10-21] (Anvisoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [ueralxng] => [X]
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {b7fb6794-7e77-11e1-a514-b870f4727b64} - E:\laucher.exe
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {d0514dbb-6553-11e2-8862-b870f4727b64} - E:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {f3f999ec-a5ab-11e2-839c-b870f4727b64} - E:\laucher.exe
Startup: C:\Users\Shohaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3156378192-1416581031-2256468767-1003\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSE_WCP
URLSearchHook: HKCU - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {C30364C0-757B-4856-928B-878CBFD8C55B} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.120.234.6 213.120.234.30
 
FireFox:
========
FF ProfilePath: C:\Users\Shohaib\AppData\Roaming\Mozilla\Firefox\Profiles\4yy95fzu.default-1388864446199
FF DefaultSearchEngine: SecureSearch
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Shohaib\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Shohaib\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-09]
FF HKCU\...\Firefox\Extensions: [{e919e40d-669b-4732-9991-dbcf47582d16}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (BBloockUTubeAeDD) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\boknegoooafckkbgkmajmmlgdhkeejge [2014-02-15]
CHR Extension: (Google Search) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Google Wallet) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR Extension: (RoabboSaveor) - C:\ProgramData\gmghiliadfjjmpjhbbokbndicblhbcml [2014-01-01]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Shohaib\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [742584 2013-10-21] (Anvisoft)
S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-04-14] (Trusteer Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S2 vosr; C:\Users\Shohaib\AppData\Roaming\VOPackage\VOsrv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2013-10-15] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2013-10-15] (Anvisoft)
R1 asdws; C:\Windows\System32\DRIVERS\asdws.sys [17232 2013-10-15] ()
S4 bckd; C:\Windows\System32\drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-29] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-04-14] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-04-14] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-04-14] (Trusteer Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 ryoulcao; \??\C:\Windows\system32\drivers\ryoulcao.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-29 17:41 - 2014-04-29 17:42 - 00023415 _____ () C:\Users\Shohaib\Downloads\FRST.txt
2014-04-29 17:40 - 2014-04-29 17:41 - 00000000 ____D () C:\FRST
2014-04-29 17:38 - 2014-04-29 17:39 - 02061824 _____ (Farbar) C:\Users\Shohaib\Downloads\FRST64.exe
2014-04-29 17:26 - 2014-04-29 17:26 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{BD76DE58-842D-47E8-8CF6-B6D07E99488E}
2014-04-29 11:00 - 2014-04-29 11:00 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 23:56 - 2014-04-28 23:58 - 52388801 _____ () C:\Users\Shohaib\Downloads\Papqc dissolution in vivo vitro dr lie.m4a
2014-04-28 23:10 - 2014-04-28 23:11 - 01310621 _____ () C:\Users\Shohaib\Desktop\AdwCleaner (3).exe
2014-04-28 23:05 - 2014-04-28 23:08 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (2).ppt
2014-04-28 23:05 - 2014-04-28 23:05 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (2).pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01808314 _____ () C:\Users\Shohaib\Downloads\Modified release 2014.pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (4).pptx
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieUserList
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieSiteList
2014-04-28 11:55 - 2014-04-28 11:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{465C9D64-405C-4DAC-AD5C-529379767066}
2014-04-28 04:21 - 2014-04-28 04:21 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (1).pptx
2014-04-28 04:21 - 2014-04-28 04:21 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (3).pptx
2014-04-28 04:20 - 2014-04-28 04:21 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (1).ppt
2014-04-28 01:03 - 2014-04-28 01:08 - 41138764 _____ () C:\Users\Shohaib\Downloads\PAPQC granulation.3ga
2014-04-28 01:02 - 2014-04-28 01:02 - 00929616 _____ () C:\Users\Shohaib\Downloads\Granulation Lecture-2014 (1).pptx
2014-04-27 23:17 - 2014-04-27 23:19 - 07006072 _____ () C:\Users\Shohaib\Downloads\PAPQC Tabelting 2.3ga
2014-04-27 23:16 - 2014-04-27 23:21 - 29046857 _____ () C:\Users\Shohaib\Downloads\PAPQC Tableting 1.3ga
2014-04-27 22:50 - 2014-04-27 22:50 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014 (1).pptx
2014-04-27 22:47 - 2014-04-27 22:47 - 11915776 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student.ppt
2014-04-27 22:45 - 2014-04-27 22:46 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014.pptx
2014-04-27 22:40 - 2014-04-27 22:41 - 01554432 _____ () C:\Users\Shohaib\Downloads\05-Drug-Quality_final-08.ppt
2014-04-27 21:46 - 2014-04-27 21:46 - 00276534 _____ () C:\Users\Shohaib\Downloads\PAPQC - Pharmacopia tests-2014.pptx
2014-04-27 21:30 - 2014-04-27 21:30 - 11176230 _____ () C:\Users\Shohaib\Downloads\Voice 032.amr
2014-04-27 21:27 - 2014-04-27 21:27 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014.pptx
2014-04-27 21:27 - 2014-04-27 21:27 - 01051648 _____ () C:\Users\Shohaib\Downloads\PAPQC - Intro_2014.ppt
2014-04-27 21:26 - 2014-04-27 21:27 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (2).pptx
2014-04-27 16:03 - 2014-04-27 16:20 - 00011428 _____ () C:\Users\Shohaib\Documents\ISoc Reimbursements.xlsx
2014-04-27 12:37 - 2014-04-27 12:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F3244A78-A617-4D75-B168-D82B79B6C1CA}
2014-04-27 12:33 - 2014-04-29 17:25 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-27 12:33 - 2014-04-29 17:25 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-27 01:46 - 2014-04-27 01:46 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (1).pptx
2014-04-26 19:00 - 2014-04-26 19:00 - 00028303 _____ () C:\Users\Shohaib\Desktop\dds.txt
2014-04-26 19:00 - 2014-04-26 19:00 - 00009556 _____ () C:\Users\Shohaib\Desktop\attach.txt
2014-04-26 18:56 - 2014-04-26 18:56 - 00688992 ____R (Swearware) C:\Users\Shohaib\Downloads\dds.com
2014-04-26 18:43 - 2014-04-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-26 18:36 - 2014-04-26 18:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Shohaib\Downloads\cbSetup.exe
2014-04-26 16:13 - 2014-04-26 16:46 - 00011858 _____ () C:\Users\Shohaib\Downloads\MIsc.xlsx
2014-04-25 22:24 - 2014-04-25 22:25 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{1E19DE36-8DC4-4B6C-BDC1-7136D5F7B22E}
2014-04-25 22:19 - 2014-04-29 17:24 - 00347422 _____ () C:\Windows\PFRO.log
2014-04-25 22:11 - 2014-04-29 17:24 - 00001457 _____ () C:\Windows\setupact.log
2014-04-25 22:11 - 2014-04-25 22:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 19:15 - 2014-04-25 19:15 - 00034840 _____ () C:\Users\Shohaib\Downloads\Forms to submit.zip
2014-04-25 18:22 - 2014-04-25 21:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 18:22 - 2014-04-25 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 18:21 - 2014-04-25 22:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 18:18 - 2014-04-25 18:21 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Shohaib\Downloads\spybot-2.2.exe
2014-04-24 23:24 - 2014-04-28 22:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics
2014-04-24 22:28 - 2014-04-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-24 22:21 - 2014-04-24 22:21 - 01727624 _____ () C:\Users\Shohaib\Downloads\Adaware_Installer.exe
2014-04-24 22:21 - 2014-04-24 22:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-24 21:37 - 2014-04-24 21:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-24 18:16 - 2014-04-24 19:18 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-04-24 17:50 - 2014-04-24 17:50 - 00000128 _____ () C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2014-04-24 16:18 - 2014-04-24 20:42 - 00006864 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-04-24 16:10 - 2014-04-24 16:10 - 00707664 _____ (iS3, Inc.) C:\Users\Shohaib\Downloads\SZSetup_AID10121_AV.exe
2014-04-24 16:01 - 2014-04-24 16:04 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (2).exe
2014-04-23 21:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-23 21:49 - 2014-04-23 21:49 - 01365865 _____ () C:\Users\Shohaib\Downloads\adwcleaner (2).exe
2014-04-23 16:21 - 2014-04-23 16:21 - 00991504 _____ () C:\Users\Shohaib\Downloads\setup (1).exe
2014-04-22 05:50 - 2014-04-22 05:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AEF28BDC-C19D-4DE0-B632-9B2F587E20D3}
2014-04-22 02:49 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 02:49 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 02:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 02:49 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 02:49 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 02:49 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 02:49 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 02:49 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 02:49 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 02:49 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 02:49 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 02:49 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 02:49 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 02:49 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 02:49 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 02:49 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 02:49 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 02:49 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 02:49 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 02:49 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 02:49 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 02:49 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 02:49 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 02:49 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 02:49 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 02:49 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 02:49 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 02:49 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 02:48 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 02:48 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 02:48 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 02:48 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 02:48 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 02:48 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 02:48 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 02:48 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 02:48 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 02:48 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 02:48 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 02:48 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 02:48 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 02:48 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 02:48 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 02:48 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 02:48 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 02:48 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 02:48 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 02:48 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 00:34 - 2014-04-22 00:35 - 02761216 _____ () C:\Users\Shohaib\Downloads\UH Francis PP(2) CF.ppt
2014-04-21 11:27 - 2014-04-21 11:28 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{E74CC28D-4B83-4BB5-B928-5CD80DAC9157}
2014-04-20 10:10 - 2014-04-20 10:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A930E4FF-53EF-472F-9F34-AE0A1150824E}
2014-04-19 23:59 - 2014-04-19 23:59 - 03240448 _____ () C:\Users\Shohaib\Documents\Nosocomial Infections 2013-14 bb.ppt
2014-04-19 16:37 - 2014-04-19 16:37 - 00026484 _____ () C:\Users\Shohaib\Downloads\fileshare.ro_YGO.xlsx
2014-04-19 04:44 - 2014-04-19 04:47 - 03238912 _____ () C:\Users\Shohaib\Downloads\Nosocomial Infections 2013-14 bb.ppt
2014-04-18 18:37 - 2014-04-18 18:39 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister Backup
2014-04-17 22:14 - 2014-04-17 22:14 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D02FA8BA-5A27-4EF4-A121-7E7686802C0B}
2014-04-13 05:17 - 2014-04-13 05:17 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F4A8FAD2-8188-4B3C-ACB3-79BA896C64C5}
2014-04-10 18:53 - 2014-04-10 18:54 - 00993720 _____ () C:\Users\Shohaib\Downloads\setup.exe
2014-04-10 06:00 - 2014-04-10 06:00 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{3DB66349-4E99-43BB-83F6-61CF737CBDDD}
2014-04-09 17:11 - 2014-04-09 17:11 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{82747838-CC62-4B31-B9A7-D75E9F1919D0}
2014-04-09 16:38 - 2014-04-09 16:39 - 01426178 _____ () C:\Users\Shohaib\Downloads\adwcleaner (1).exe
2014-04-09 15:04 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 15:04 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 15:04 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:04 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 15:04 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 15:04 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 15:04 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 05:55 - 2014-04-08 05:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{428467C8-B570-4DD4-992A-D99511EDDBF8}
2014-04-06 21:41 - 2014-04-06 21:41 - 00000000 ____D () C:\Program Files\ImageConverter Plus
2014-04-06 21:41 - 2013-03-03 11:39 - 00242048 _____ (fCoder Group International) C:\Windows\system32\cnvshell.dll
2014-04-06 21:26 - 2014-04-06 21:28 - 15783896 _____ (fCoder Group, Inc. ) C:\Users\Shohaib\Downloads\converter.exe
2014-04-06 03:55 - 2014-04-06 03:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D3C28BCE-BDC1-4B29-9960-41F7D6384083}
2014-04-05 17:03 - 2014-04-05 17:03 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister
2014-04-05 17:01 - 2014-04-05 17:01 - 00007477 _____ () C:\Users\Shohaib\Downloads\SAT_templates2.zip
2014-04-05 16:36 - 2014-04-05 16:36 - 00000404 _____ () C:\InstallHelper.log
2014-04-05 16:34 - 2014-04-05 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-04-05 16:27 - 2014-04-05 16:29 - 30921168 _____ (eBay Inc. ) C:\Users\Shohaib\Downloads\setupUK (2).exe
2014-04-05 15:41 - 2014-04-05 15:42 - 00037088 _____ () C:\Users\Shohaib\Downloads\ebay-paypal-fees-calculator.xlsx
2014-04-05 10:48 - 2014-04-05 10:48 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{60CA656E-6ED5-4E5B-B3F4-E540FA385B8A}
2014-04-04 05:24 - 2014-04-04 05:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{5600AF65-8298-4428-BF3F-9A645E97455A}
2014-04-03 05:42 - 2014-04-03 05:42 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D7E3844A-5AF2-4C06-9752-910DF761A6BF}
2014-04-01 19:11 - 2014-04-01 19:11 - 00003185 _____ () C:\Users\Shohaib\Downloads\setupUK (1).exe
2014-03-31 11:49 - 2014-03-31 11:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A0492C4F-4CC3-4DE7-96B6-4F49BAB64179}
2014-03-31 11:29 - 2014-04-29 17:22 - 00000000 ____D () C:\AdwCleaner
2014-03-31 11:29 - 2014-03-31 11:29 - 01950720 _____ () C:\Users\Shohaib\Downloads\adwcleaner.exe
2014-03-31 10:37 - 2014-03-31 10:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-31 10:34 - 2014-03-31 10:35 - 18495432 _____ (SUPERAntiSpyware) C:\Users\Shohaib\Downloads\SUPERAntiSpywarePro.exe
2014-03-31 06:48 - 2014-03-31 06:48 - 00000000 _____ () C:\autoexec.bat
2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-31 06:43 - 2014-03-31 11:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-31 06:40 - 2014-03-31 06:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Shohaib\Downloads\SpyHunter-Installer.exe
2014-03-31 06:04 - 2014-03-31 06:04 - 00003156 _____ () C:\Windows\System32\Tasks\{9EB1A4B2-978B-4CDA-8F21-4937B345C99E}
2014-03-31 05:57 - 2014-04-06 21:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 05:54 - 2014-03-31 05:56 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 05:43 - 2014-03-31 11:44 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-03-31 05:19 - 2014-03-31 05:19 - 00073728 _____ () C:\Users\Shohaib\Downloads\Alphabetical list of students with group number and room for Monday afternoon sessions.xls
2014-03-30 23:59 - 2014-03-31 00:01 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (1).exe
2014-03-30 23:58 - 2014-03-30 23:59 - 10089256 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro (1).exe
2014-03-30 23:41 - 2014-03-30 23:41 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{52E6CA5C-0872-4F02-B3F5-7B4971289F2C}
2014-03-30 23:40 - 2014-04-20 23:39 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-03-30 23:39 - 2014-04-20 23:39 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-03-30 22:01 - 2014-04-25 22:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-30 21:57 - 2014-03-30 22:01 - 88551496 _____ (AVAST Software) C:\Users\Shohaib\Downloads\avast_free_antivirus_setup.exe
2014-03-30 21:22 - 2014-03-30 21:22 - 00022016 ____H () C:\Users\Shohaib\Documents\~WRL0002.tmp
2014-03-30 20:35 - 2014-03-30 20:35 - 00000045 _____ () C:\Users\Shohaib\AppData\Roaming\WB.CFG
2014-03-30 19:45 - 2014-03-30 19:45 - 01172776 _____ (AnyProtect.com) C:\Users\Shohaib\AppData\Local\nsf2078.tmp
2014-03-30 17:01 - 2014-03-30 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 10:32 - 2014-03-30 10:32 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AE990A7E-B3E5-4D72-AFAF-05EC651AA4EC}
 
==================== One Month Modified Files and Folders =======
 
2014-04-29 17:42 - 2014-04-29 17:41 - 00023415 _____ () C:\Users\Shohaib\Downloads\FRST.txt
2014-04-29 17:42 - 2014-02-15 02:06 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-29 17:41 - 2014-04-29 17:40 - 00000000 ____D () C:\FRST
2014-04-29 17:41 - 2011-04-14 20:37 - 01177287 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 17:39 - 2014-04-29 17:38 - 02061824 _____ (Farbar) C:\Users\Shohaib\Downloads\FRST64.exe
2014-04-29 17:28 - 2009-07-14 06:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 17:26 - 2014-04-29 17:26 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{BD76DE58-842D-47E8-8CF6-B6D07E99488E}
2014-04-29 17:26 - 2011-08-01 15:12 - 00000000 ___RD () C:\Users\Shohaib\Dropbox
2014-04-29 17:26 - 2011-08-01 15:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\Dropbox
2014-04-29 17:25 - 2014-04-27 12:33 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-29 17:25 - 2014-04-27 12:33 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-29 17:25 - 2011-06-10 17:04 - 00000000 ____D () C:\Users\Shohaib\Tracing
2014-04-29 17:24 - 2014-04-25 22:19 - 00347422 _____ () C:\Windows\PFRO.log
2014-04-29 17:24 - 2014-04-25 22:11 - 00001457 _____ () C:\Windows\setupact.log
2014-04-29 17:24 - 2011-07-02 21:42 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 17:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 17:22 - 2014-03-31 11:29 - 00000000 ____D () C:\AdwCleaner
2014-04-29 17:22 - 2012-07-30 02:58 - 00000000 ____D () C:\Users\Shohaib\Documents\Ebay
2014-04-29 17:00 - 2013-09-07 21:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 16:54 - 2013-02-07 01:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 11:00 - 2014-04-29 11:00 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 11:00 - 2013-09-07 21:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 11:00 - 2013-09-07 21:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:00 - 2011-06-09 17:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 23:58 - 2014-04-28 23:56 - 52388801 _____ () C:\Users\Shohaib\Downloads\Papqc dissolution in vivo vitro dr lie.m4a
2014-04-28 23:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-28 23:11 - 2014-04-28 23:10 - 01310621 _____ () C:\Users\Shohaib\Desktop\AdwCleaner (3).exe
2014-04-28 23:08 - 2014-04-28 23:05 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (2).ppt
2014-04-28 23:05 - 2014-04-28 23:05 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (2).pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01808314 _____ () C:\Users\Shohaib\Downloads\Modified release 2014.pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (4).pptx
2014-04-28 22:40 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 22:40 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 22:31 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieUserList
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieSiteList
2014-04-28 22:27 - 2014-04-24 22:28 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-28 22:24 - 2014-04-24 23:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics
2014-04-28 17:49 - 2014-01-05 20:34 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\DevPro
2014-04-28 11:55 - 2014-04-28 11:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{465C9D64-405C-4DAC-AD5C-529379767066}
2014-04-28 11:52 - 2013-08-22 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-04-28 04:21 - 2014-04-28 04:21 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (1).pptx
2014-04-28 04:21 - 2014-04-28 04:21 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (3).pptx
2014-04-28 04:21 - 2014-04-28 04:20 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (1).ppt
2014-04-28 04:18 - 2013-01-16 00:23 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\vlc
2014-04-28 01:08 - 2014-04-28 01:03 - 41138764 _____ () C:\Users\Shohaib\Downloads\PAPQC granulation.3ga
2014-04-28 01:02 - 2014-04-28 01:02 - 00929616 _____ () C:\Users\Shohaib\Downloads\Granulation Lecture-2014 (1).pptx
2014-04-27 23:21 - 2014-04-27 23:16 - 29046857 _____ () C:\Users\Shohaib\Downloads\PAPQC Tableting 1.3ga
2014-04-27 23:19 - 2014-04-27 23:17 - 07006072 _____ () C:\Users\Shohaib\Downloads\PAPQC Tabelting 2.3ga
2014-04-27 22:50 - 2014-04-27 22:50 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014 (1).pptx
2014-04-27 22:47 - 2014-04-27 22:47 - 11915776 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student.ppt
2014-04-27 22:46 - 2014-04-27 22:45 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014.pptx
2014-04-27 22:41 - 2014-04-27 22:40 - 01554432 _____ () C:\Users\Shohaib\Downloads\05-Drug-Quality_final-08.ppt
2014-04-27 21:46 - 2014-04-27 21:46 - 00276534 _____ () C:\Users\Shohaib\Downloads\PAPQC - Pharmacopia tests-2014.pptx
2014-04-27 21:30 - 2014-04-27 21:30 - 11176230 _____ () C:\Users\Shohaib\Downloads\Voice 032.amr
2014-04-27 21:27 - 2014-04-27 21:27 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014.pptx
2014-04-27 21:27 - 2014-04-27 21:27 - 01051648 _____ () C:\Users\Shohaib\Downloads\PAPQC - Intro_2014.ppt
2014-04-27 21:27 - 2014-04-27 21:26 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (2).pptx
2014-04-27 16:20 - 2014-04-27 16:03 - 00011428 _____ () C:\Users\Shohaib\Documents\ISoc Reimbursements.xlsx
2014-04-27 12:37 - 2014-04-27 12:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F3244A78-A617-4D75-B168-D82B79B6C1CA}
2014-04-27 12:30 - 2011-03-10 18:29 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-04-27 01:46 - 2014-04-27 01:46 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (1).pptx
2014-04-26 19:00 - 2014-04-26 19:00 - 00028303 _____ () C:\Users\Shohaib\Desktop\dds.txt
2014-04-26 19:00 - 2014-04-26 19:00 - 00009556 _____ () C:\Users\Shohaib\Desktop\attach.txt
2014-04-26 18:56 - 2014-04-26 18:56 - 00688992 ____R (Swearware) C:\Users\Shohaib\Downloads\dds.com
2014-04-26 18:56 - 2014-04-26 18:43 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-26 18:40 - 2014-04-26 18:36 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Shohaib\Downloads\cbSetup.exe
2014-04-26 17:36 - 2011-03-10 18:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-26 16:46 - 2014-04-26 16:13 - 00011858 _____ () C:\Users\Shohaib\Downloads\MIsc.xlsx
2014-04-25 22:25 - 2014-04-25 22:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{1E19DE36-8DC4-4B6C-BDC1-7136D5F7B22E}
2014-04-25 22:20 - 2014-04-25 18:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 22:20 - 2014-03-30 22:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-25 22:11 - 2014-04-25 22:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 21:50 - 2014-04-25 18:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 21:50 - 2012-06-02 12:43 - 00001594 _____ () C:\Windows\wininit.ini
2014-04-25 19:15 - 2014-04-25 19:15 - 00034840 _____ () C:\Users\Shohaib\Downloads\Forms to submit.zip
2014-04-25 18:22 - 2014-04-25 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 18:21 - 2014-04-25 18:18 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Shohaib\Downloads\spybot-2.2.exe
2014-04-24 22:21 - 2014-04-24 22:21 - 01727624 _____ () C:\Users\Shohaib\Downloads\Adaware_Installer.exe
2014-04-24 22:21 - 2014-04-24 22:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-24 21:39 - 2014-04-24 21:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-24 20:42 - 2014-04-24 16:18 - 00006864 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-04-24 19:18 - 2014-04-24 18:16 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-04-24 17:50 - 2014-04-24 17:50 - 00000128 _____ () C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2014-04-24 16:10 - 2014-04-24 16:10 - 00707664 _____ (iS3, Inc.) C:\Users\Shohaib\Downloads\SZSetup_AID10121_AV.exe
2014-04-24 16:04 - 2014-04-24 16:01 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (2).exe
2014-04-23 21:49 - 2014-04-23 21:49 - 01365865 _____ () C:\Users\Shohaib\Downloads\adwcleaner (2).exe
2014-04-23 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 16:21 - 2014-04-23 16:21 - 00991504 _____ () C:\Users\Shohaib\Downloads\setup (1).exe
2014-04-22 05:50 - 2014-04-22 05:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AEF28BDC-C19D-4DE0-B632-9B2F587E20D3}
2014-04-22 05:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 00:35 - 2014-04-22 00:34 - 02761216 _____ () C:\Users\Shohaib\Downloads\UH Francis PP(2) CF.ppt
2014-04-21 21:02 - 2011-06-10 00:47 - 00238080 ___SH () C:\Users\Shohaib\Documents\Thumbs.db
2014-04-21 11:28 - 2014-04-21 11:27 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{E74CC28D-4B83-4BB5-B928-5CD80DAC9157}
2014-04-21 11:25 - 2012-09-18 00:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-20 23:39 - 2014-03-30 23:40 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-04-20 23:39 - 2014-03-30 23:39 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-04-20 10:10 - 2014-04-20 10:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A930E4FF-53EF-472F-9F34-AE0A1150824E}
2014-04-19 23:59 - 2014-04-19 23:59 - 03240448 _____ () C:\Users\Shohaib\Documents\Nosocomial Infections 2013-14 bb.ppt
2014-04-19 16:37 - 2014-04-19 16:37 - 00026484 _____ () C:\Users\Shohaib\Downloads\fileshare.ro_YGO.xlsx
2014-04-19 04:47 - 2014-04-19 04:44 - 03238912 _____ () C:\Users\Shohaib\Downloads\Nosocomial Infections 2013-14 bb.ppt
2014-04-18 18:39 - 2014-04-18 18:37 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister Backup
2014-04-17 22:14 - 2014-04-17 22:14 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D02FA8BA-5A27-4EF4-A121-7E7686802C0B}
2014-04-14 00:01 - 2012-04-24 11:55 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-04-13 05:17 - 2014-04-13 05:17 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F4A8FAD2-8188-4B3C-ACB3-79BA896C64C5}
2014-04-10 21:55 - 2011-07-13 15:56 - 00000000 ____D () C:\Users\Shohaib\Documents\Islaam
2014-04-10 18:55 - 2012-03-14 23:39 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-04-10 18:54 - 2014-04-10 18:53 - 00993720 _____ () C:\Users\Shohaib\Downloads\setup.exe
2014-04-10 07:18 - 2011-06-09 16:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 06:15 - 2013-07-28 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 06:09 - 2011-06-09 17:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:00 - 2014-04-10 06:00 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{3DB66349-4E99-43BB-83F6-61CF737CBDDD}
2014-04-09 17:11 - 2014-04-09 17:11 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{82747838-CC62-4B31-B9A7-D75E9F1919D0}
2014-04-09 16:39 - 2014-04-09 16:38 - 01426178 _____ () C:\Users\Shohaib\Downloads\adwcleaner (1).exe
2014-04-08 05:55 - 2014-04-08 05:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{428467C8-B570-4DD4-992A-D99511EDDBF8}
2014-04-06 21:41 - 2014-04-06 21:41 - 00000000 ____D () C:\Program Files\ImageConverter Plus
2014-04-06 21:28 - 2014-04-06 21:26 - 15783896 _____ (fCoder Group, Inc. ) C:\Users\Shohaib\Downloads\converter.exe
2014-04-06 21:25 - 2014-03-31 05:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 03:55 - 2014-04-06 03:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D3C28BCE-BDC1-4B29-9960-41F7D6384083}
2014-04-06 00:06 - 2011-08-21 19:19 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-05 17:03 - 2014-04-05 17:03 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister
2014-04-05 17:01 - 2014-04-05 17:01 - 00007477 _____ () C:\Users\Shohaib\Downloads\SAT_templates2.zip
2014-04-05 16:36 - 2014-04-05 16:36 - 00000404 _____ () C:\InstallHelper.log
2014-04-05 16:34 - 2014-04-05 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-04-05 16:29 - 2014-04-05 16:27 - 30921168 _____ (eBay Inc. ) C:\Users\Shohaib\Downloads\setupUK (2).exe
2014-04-05 15:42 - 2014-04-05 15:41 - 00037088 _____ () C:\Users\Shohaib\Downloads\ebay-paypal-fees-calculator.xlsx
2014-04-05 10:48 - 2014-04-05 10:48 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{60CA656E-6ED5-4E5B-B3F4-E540FA385B8A}
2014-04-04 05:24 - 2014-04-04 05:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{5600AF65-8298-4428-BF3F-9A645E97455A}
2014-04-04 01:32 - 2014-02-15 17:44 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-04 01:31 - 2014-02-15 17:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 01:31 - 2012-03-14 23:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 05:42 - 2014-04-03 05:42 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D7E3844A-5AF2-4C06-9752-910DF761A6BF}
2014-04-01 19:11 - 2014-04-01 19:11 - 00003185 _____ () C:\Users\Shohaib\Downloads\setupUK (1).exe
2014-03-31 21:23 - 2013-02-20 19:54 - 00000000 ____D () C:\Users\Shohaib\Documents\Pharmacy Applications
2014-03-31 19:46 - 2012-12-21 17:07 - 00000000 ____D () C:\Users\Shohaib\Documents\CV
2014-03-31 11:50 - 2014-03-31 11:49 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A0492C4F-4CC3-4DE7-96B6-4F49BAB64179}
2014-03-31 11:48 - 2011-06-17 14:14 - 00000000 ____D () C:\Users\Family
2014-03-31 11:44 - 2014-03-31 05:43 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-03-31 11:29 - 2014-03-31 11:29 - 01950720 _____ () C:\Users\Shohaib\Downloads\adwcleaner.exe
2014-03-31 11:23 - 2014-03-31 06:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-31 10:37 - 2014-03-31 10:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\SUPERAntiSpyware.com
2014-03-31 10:37 - 2014-03-31 10:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-31 10:35 - 2014-03-31 10:34 - 18495432 _____ (SUPERAntiSpyware) C:\Users\Shohaib\Downloads\SUPERAntiSpywarePro.exe
2014-03-31 06:48 - 2014-03-31 06:48 - 00000000 _____ () C:\autoexec.bat
2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-31 06:40 - 2014-03-31 06:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Shohaib\Downloads\SpyHunter-Installer.exe
2014-03-31 06:04 - 2014-03-31 06:04 - 00003156 _____ () C:\Windows\System32\Tasks\{9EB1A4B2-978B-4CDA-8F21-4937B345C99E}
2014-03-31 05:57 - 2013-05-08 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 05:57 - 2011-06-09 15:38 - 00000000 ___RD () C:\Users\Shohaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 05:56 - 2014-03-31 05:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 05:47 - 2014-01-31 02:11 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 05:19 - 2014-03-31 05:19 - 00073728 _____ () C:\Users\Shohaib\Downloads\Alphabetical list of students with group number and room for Monday afternoon sessions.xls
2014-03-31 00:01 - 2014-03-30 23:59 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (1).exe
2014-03-30 23:59 - 2014-03-30 23:58 - 10089256 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro (1).exe
2014-03-30 23:46 - 2011-06-25 21:33 - 00000000 ____D () C:\Users\Family\AppData\Local\Mozilla
2014-03-30 23:41 - 2014-03-30 23:41 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{52E6CA5C-0872-4F02-B3F5-7B4971289F2C}
2014-03-30 23:20 - 2012-04-26 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 22:01 - 2014-03-30 21:57 - 88551496 _____ (AVAST Software) C:\Users\Shohaib\Downloads\avast_free_antivirus_setup.exe
2014-03-30 21:22 - 2014-03-30 21:22 - 00022016 ____H () C:\Users\Shohaib\Documents\~WRL0002.tmp
2014-03-30 20:35 - 2014-03-30 20:35 - 00000045 _____ () C:\Users\Shohaib\AppData\Roaming\WB.CFG
2014-03-30 19:45 - 2014-03-30 19:45 - 01172776 _____ (AnyProtect.com) C:\Users\Shohaib\AppData\Local\nsf2078.tmp
2014-03-30 17:01 - 2014-03-30 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 10:32 - 2014-03-30 10:32 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AE990A7E-B3E5-4D72-AFAF-05EC651AA4EC}
 
Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\kw7dwlwz.dll
C:\Users\Family\AppData\Local\Temp\saUpg64.exe
C:\Users\Shohaib\AppData\Local\Temp\9421120a-a24e-413d-9ceb-44a27ebbb5f2.exe
C:\Users\Shohaib\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shohaib\AppData\Local\Temp\Quarantine.exe
C:\Users\Shohaib\AppData\Local\Temp\YgoUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-29 12:39
 
==================== End Of Log ============================
 
 
--------------------------
 
 
 
Addition Report Log
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Shohaib at 2014-04-29 17:44:47
Running from C:\Users\Shohaib\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.5.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3016 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.3.188 - Blue Coat Systems, Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DevPro (HKLM-x32\...\{67787A65-AEE5-436B-B58C-538FBAE6374C}) (Version: 1.9.8.4 - DevPro, LLC)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
ICP 9.0 (HKLM\...\ICP install2_is1) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.135 - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-GB)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.70 - Trusteer) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.70 - Trusteer)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
22-04-2014 01:47:41 Windows Update
24-04-2014 15:12:21 Installed STOPzilla
24-04-2014 20:28:12 Removed STOPzilla
24-04-2014 21:21:59 AA11
25-04-2014 10:52:56 Windows Update
25-04-2014 17:10:54 avast! antivirus system restore point
26-04-2014 16:31:35 Removed MyWinLocker Suite
28-04-2014 10:51:12 Installed Rapport
28-04-2014 11:01:11 Windows Update
28-04-2014 21:22:25 AA11
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2014-04-24 16:16 - 00000038 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01877D09-ED1F-46D2-9632-529F1DBE970C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0B969AA7-4397-4025-ACED-48046586006F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {22AA817D-C1F9-401D-9B32-AE6419C09010} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2ED9BB6E-9C98-486F-AC4F-70449990A6B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {32768221-BAC6-4287-8357-AEBD67796480} - \MySearchDial No Task File <==== ATTENTION
Task: {5B9A74B5-5C22-49FF-AE3F-7B61C4885329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {68E30051-EF52-4267-812A-DEB4784A7A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-02] (Google Inc.)
Task: {A6A01FE2-CFBD-4C9A-939B-6290544E206C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BA52D07B-F1BF-47F0-BFC8-8897BFFD3713} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BC1C6196-F65D-40E0-B6E6-5CFAD55DEDC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {C615F8CE-A595-4781-949B-ABC517913AF5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E716C7CA-3EE7-4ED9-BC95-12CC63644742} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {E7689353-21D9-4660-A95B-D2BEC84CF41B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E8003A57-414E-4226-BA79-42B91591A325} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {FAE1C84D-C260-4E4C-BB0F-8809EC702946} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-20 12:07 - 2014-02-04 00:16 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-10-15 04:06 - 2013-10-15 04:06 - 00785128 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-10 17:14 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-05 16:57 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 16:57 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 16:57 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 16:57 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 16:57 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 16:57 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: bckwfs => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: mdwmct => "C:\Windows\System32\rundll32.exe" "C:\Users\Shohaib\AppData\Roaming\mdwmct.dll",Parse
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: snomlw => "C:\Windows\System32\rundll32.exe" "C:\Users\Shohaib\AppData\Roaming\snomlw.dll",get_color_type
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/29/2014 05:45:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b4e7
Faulting module name: lxealmpm.DLL, version: 9.2.33.0, time stamp: 0x4b20076a
Exception code: 0x40000015
Fault offset: 0x0000000000077f7e
Faulting process id: 0x5b8
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3
 
Error: (04/29/2014 00:44:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/27/2014 09:05:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchProtection.exe, version: 2.0.5.0, time stamp: 0x51ae2ee9
Faulting module name: SearchProtection.exe, version: 2.0.5.0, time stamp: 0x51ae2ee9
Exception code: 0xc0000005
Fault offset: 0x0003c94b
Faulting process id: 0x12f0
Faulting application start time: 0xSearchProtection.exe0
Faulting application path: SearchProtection.exe1
Faulting module path: SearchProtection.exe2
Report Id: SearchProtection.exe3
 
Error: (04/27/2014 02:33:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2014 03:54:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/25/2014 09:26:39 PM) (Source: Application Hang) (User: )
Description: The program AdAwareDesktop.exe version 11.1.5354.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11d0
 
Start Time: 01cf60a8ec8fcdba
 
Termination Time: 3343
 
Application Path: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDesktop.exe
 
Report Id: bf690521-ccb7-11e3-a7cd-b870f4727b64
 
Error: (04/25/2014 06:34:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchProtection.exe, version: 2.0.5.0, time stamp: 0x51ae2ee9
Faulting module name: SearchProtection.exe, version: 2.0.5.0, time stamp: 0x51ae2ee9
Exception code: 0xc0000005
Fault offset: 0x0003c94b
Faulting process id: 0x694
Faulting application start time: 0xSearchProtection.exe0
Faulting application path: SearchProtection.exe1
Faulting module path: SearchProtection.exe2
Report Id: SearchProtection.exe3
 
Error: (04/25/2014 06:11:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2014 11:53:07 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2014 11:13:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/29/2014 05:46:19 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (04/29/2014 05:46:12 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.104.
The computer with the IP address 192.168.1.108 did not allow the name to be claimed by
this computer.
 
Error: (04/29/2014 05:45:55 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/29/2014 05:44:24 PM) (Source: ipnathlp) (User: )
Description: 
 
Error: (04/29/2014 05:44:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070
 
Error: (04/29/2014 05:44:07 PM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.
 
Error: (04/29/2014 05:42:17 PM) (Source: ipnathlp) (User: )
Description: 192.168.1.105192.168.137.0255.255.255.0
 
Error: (04/29/2014 05:42:12 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1070
 
Error: (04/29/2014 05:42:12 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Service Host service hung on starting.
 
Error: (04/29/2014 05:42:09 PM) (Source: Service Control Manager) (User: )
Description: The Server service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (04/29/2014 05:45:47 PM) (Source: Application Error)(User: )
Description: spoolsv.exe6.1.7601.175144ce7b4e7lxealmpm.DLL9.2.33.04b20076a400000150000000000077f7e5b801cf63c784cbcef3C:\Windows\System32\spoolsv.exeC:\Windows\System32\lxealmpm.DLLb6888067-cfbd-11e3-9053-c0f8da18bef3
 
Error: (04/29/2014 00:44:46 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/27/2014 09:05:01 PM) (Source: Application Error)(User: )
Description: SearchProtection.exe2.0.5.051ae2ee9SearchProtection.exe2.0.5.051ae2ee9c00000050003c94b12f001cf620c9d14c797C:\ProgramData\Search Protection\SearchProtection.exeC:\ProgramData\Search Protection\SearchProtection.exe36adc382-ce47-11e3-9fa5-b870f4727b64
 
Error: (04/27/2014 02:33:45 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/26/2014 03:54:22 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (04/25/2014 09:26:39 PM) (Source: Application Hang)(User: )
Description: AdAwareDesktop.exe11.1.5354.011d001cf60a8ec8fcdba3343C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDesktop.exebf690521-ccb7-11e3-a7cd-b870f4727b64
 
Error: (04/25/2014 06:34:17 PM) (Source: Application Error)(User: )
Description: SearchProtection.exe2.0.5.051ae2ee9SearchProtection.exe2.0.5.051ae2ee9c00000050003c94b69401cf600457e1ac3fC:\ProgramData\Search Protection\SearchProtection.exeC:\ProgramData\Search Protection\SearchProtection.exed2d1b53f-cc9f-11e3-a7cd-b870f4727b64
 
Error: (04/25/2014 06:11:06 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.
 
System Error:
The system cannot find the file specified.
 
Error: (04/25/2014 11:53:07 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.
 
System Error:
The system cannot find the file specified.
 
Error: (04/25/2014 11:13:16 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-03-13 22:13:19.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 22:13:19.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 22:02:42.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 22:02:42.661
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 21:31:26.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 21:31:26.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 19:31:41.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 19:31:41.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 18:22:10.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-03-13 18:22:10.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 90%
Total physical RAM: 2806.71 MB
Available physical RAM: 262.02 MB
Total Pagefile: 5611.59 MB
Available Pagefile: 2696.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:192.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 74340D8B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 30 April 2014 - 10:50 AM

Hi shebbz,

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [Anti-phishing Domain Advisor] => [X]
HKLM\...\Run: [Ad-Aware Browsing Protection] => [X]
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [ueralxng] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3156378192-1416581031-2256468767-1003\User: Group Policy restriction detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
URLSearchHook: HKCU - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {8AB83D99-0A6D-4D10-B88E-52F72F817428} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN12216816733013120&UM=2&SSPV=TB_C3
SearchScopes: HKCU - {C30364C0-757B-4856-928B-878CBFD8C55B} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {F9BA097D-8A1B-4B22-8D40-17836CA7A6E2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=64E674A6-0E46-49EE-96F1-0858DAE75E17&apn_sauid=C6DD7654-D1FD-4A04-8E0B-A5F1661AE42A
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
FF DefaultSearchEngine: SecureSearch
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
FF HKCU\...\Firefox\Extensions: [{e919e40d-669b-4732-9991-dbcf47582d16}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
C:\Program Files (x86)\BlockAndSurf-soft
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S2 vosr; C:\Users\Shohaib\AppData\Roaming\VOPackage\VOsrv.exe [X]
S1 ryoulcao; \??\C:\Windows\system32\drivers\ryoulcao.sys [X]
2014-04-24 17:50 - 2014-04-24 17:50 - 00000128 _____ () C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2014-04-24 16:18 - 2014-04-24 20:42 - 00006864 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-03-31 05:43 - 2014-03-31 11:44 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
C:\Users\Family\AppData\Local\Temp\kw7dwlwz.dll
C:\Users\Shohaib\AppData\Local\Temp\9421120a-a24e-413d-9ceb-44a27ebbb5f2.exe
2014-04-24 23:24 - 2014-04-28 22:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics
2014-04-24 22:28 - 2014-04-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-24 22:21 - 2014-04-24 22:21 - 00000000 ____D () C:\ProgramData\Lavasoft
Task: {0B969AA7-4397-4025-ACED-48046586006F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {32768221-BAC6-4287-8357-AEBD67796480} - \MySearchDial No Task File <==== ATTENTION
Task: {E716C7CA-3EE7-4ED9-BC95-12CC63644742} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {E8003A57-414E-4226-BA79-42B91591A325} - \APSnotifierPP3 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Uninstalling an extension in chrome:


  • Click the Chrome menu on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the recycle bin icon by BBloockUTubeAeDD to completely remove it.
  • A confirmation dialogue appears, click Remove.
  • Repeat for RoabboSaveor.

--------------
 
Please run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop, please copy and paste the contents into your next reply.
 
--------------
 
How is your computer running now? Are there any ads still occurring after these steps?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • New FRST log
  • How your computer is running?

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 30 April 2014 - 11:39 AM

Ah yes, great! My computer now has no ads.

 

However, when I followed the instructions on uninstalling an extension in Google Chrome, BlockUTubeAD was nowhere to be found and I did not see RoabboSaveor so I did not uninstall them from extensions as they were not there.

 

As requested, the logs:

 

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2014
Ran by Shohaib at 2014-04-30 17:08:49 Run:1
Running from C:\Users\Shohaib\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [Anti-phishing Domain Advisor] => [X]
HKLM\...\Run: [Ad-Aware Browsing Protection] => [X]
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [ueralxng] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3156378192-1416581031-2256468767-1003\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {C30364C0-757B-4856-928B-878CBFD8C55B} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
FF DefaultSearchEngine: SecureSearch
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80
FF HKCU\...\Firefox\Extensions: [{e919e40d-669b-4732-9991-dbcf47582d16}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
C:\Program Files (x86)\BlockAndSurf-soft
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ProtectMonitor; C:\monitorsvc.exe [X]
S2 vosr; C:\Users\Shohaib\AppData\Roaming\VOPackage\VOsrv.exe [X]
S1 ryoulcao; \??\C:\Windows\system32\drivers\ryoulcao.sys [X]
2014-04-24 17:50 - 2014-04-24 17:50 - 00000128 _____ () C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2014-04-24 16:18 - 2014-04-24 20:42 - 00006864 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-03-31 05:43 - 2014-03-31 11:44 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
C:\Users\Family\AppData\Local\Temp\kw7dwlwz.dll
C:\Users\Shohaib\AppData\Local\Temp\9421120a-a24e-413d-9ceb-44a27ebbb5f2.exe
2014-04-24 23:24 - 2014-04-28 22:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics
2014-04-24 22:28 - 2014-04-28 22:27 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-04-24 22:21 - 2014-04-24 22:21 - 00000000 ____D () C:\ProgramData\Lavasoft
Task: {0B969AA7-4397-4025-ACED-48046586006F} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {32768221-BAC6-4287-8357-AEBD67796480} - \MySearchDial No Task File <==== ATTENTION
Task: {E716C7CA-3EE7-4ED9-BC95-12CC63644742} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {E8003A57-414E-4226-BA79-42B91591A325} - \APSnotifierPP3 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Anti-phishing Domain Advisor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => Value deleted successfully.
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ueralxng => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3156378192-1416581031-2256468767-1003\User => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8AB83D99-0A6D-4D10-B88E-52F72F817428} => Key deleted successfully.
HKCR\CLSID\{8AB83D99-0A6D-4D10-B88E-52F72F817428} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C30364C0-757B-4856-928B-878CBFD8C55B} => Key deleted successfully.
HKCR\CLSID\{C30364C0-757B-4856-928B-878CBFD8C55B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9BA097D-8A1B-4B22-8D40-17836CA7A6E2} => Key deleted successfully.
HKCR\CLSID\{F9BA097D-8A1B-4B22-8D40-17836CA7A6E2} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{e919e40d-669b-4732-9991-dbcf47582d16} => Value deleted successfully.
"C:\Program Files (x86)\BlockAndSurf-soft" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
ProtectMonitor => Service deleted successfully.
vosr => Service deleted successfully.
ryoulcao => Service deleted successfully.
C:\Windows\SysWOW64\Drivers\kgpfr2.cfg => Moved successfully.
C:\Windows\system32\Drivers\kgpcpy.cfg => Moved successfully.
C:\Program Files (x86)\SuperFastPC => Moved successfully.
C:\Users\Family\AppData\Local\Temp\kw7dwlwz.dll => Moved successfully.
C:\Users\Shohaib\AppData\Local\Temp\9421120a-a24e-413d-9ceb-44a27ebbb5f2.exe => Moved successfully.
C:\Users\Shohaib\AppData\Roaming\LavasoftStatistics => Moved successfully.
C:\Program Files (x86)\Lavasoft => Moved successfully.
C:\ProgramData\Lavasoft => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B969AA7-4397-4025-ACED-48046586006F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B969AA7-4397-4025-ACED-48046586006F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32768221-BAC6-4287-8357-AEBD67796480} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32768221-BAC6-4287-8357-AEBD67796480} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E716C7CA-3EE7-4ED9-BC95-12CC63644742} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E716C7CA-3EE7-4ED9-BC95-12CC63644742} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8003A57-414E-4226-BA79-42B91591A325} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8003A57-414E-4226-BA79-42B91591A325} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
-------------------------------------------------------------------------------------------
 
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Shohaib (administrator) on SHOHAIB-PC on 30-04-2014 17:16:40
Running from C:\Users\Shohaib\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxeacoms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Dropbox, Inc.) C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1636536 2013-10-21] (Anvisoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {b7fb6794-7e77-11e1-a514-b870f4727b64} - E:\laucher.exe
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {d0514dbb-6553-11e2-8862-b870f4727b64} - E:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-3156378192-1416581031-2256468767-1001\...\MountPoints2: {f3f999ec-a5ab-11e2-839c-b870f4727b64} - E:\laucher.exe
Startup: C:\Users\Shohaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shohaib\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSE_WCP
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.120.234.6 213.120.234.30
 
FireFox:
========
FF ProfilePath: C:\Users\Shohaib\AppData\Roaming\Mozilla\Firefox\Profiles\4yy95fzu.default-1388864446199
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Shohaib\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] - C:\Users\Shohaib\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-09]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-04-24&ent=hp&u=EBA37EB08A2F0F6DF36B1B535981FE80"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Google Drive) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Google Search) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Google Wallet) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR Extension: (RoabboSaveor) - C:\ProgramData\gmghiliadfjjmpjhbbokbndicblhbcml [2014-01-01]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Shohaib\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [742584 2013-10-21] (Anvisoft)
S4 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2122000 2012-02-13] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [123384 2014-01-22] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-04-14] (Trusteer Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2013-10-15] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2013-10-15] (Anvisoft)
R1 asdws; C:\Windows\System32\DRIVERS\asdws.sys [17232 2013-10-15] ()
S4 bckd; C:\Windows\System32\drivers\bckd.sys [108304 2012-02-13] (Blue Coat Systems, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-29] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-04-14] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-04-14] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-04-14] (Trusteer Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-30 17:16 - 2014-04-30 17:16 - 00020780 _____ () C:\Users\Shohaib\Desktop\FRST.txt
2014-04-30 17:14 - 2014-04-30 17:14 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-30 17:13 - 2014-04-30 17:13 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-30 17:13 - 2014-04-30 17:13 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{335ED01B-C9A2-4448-B215-A8BE8D6DD185}
2014-04-30 13:09 - 2014-04-30 13:10 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1 (2).3ga
2014-04-30 13:09 - 2014-04-30 13:09 - 01667330 _____ () C:\Users\Shohaib\Downloads\Capsules2014 (1).pptx
2014-04-30 02:48 - 2014-04-30 02:49 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1 (1).3ga
2014-04-30 02:47 - 2014-04-30 02:48 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1.3ga
2014-04-30 02:45 - 2014-04-30 02:46 - 01667330 _____ () C:\Users\Shohaib\Downloads\Capsules2014.pptx
2014-04-30 02:05 - 2014-04-30 02:06 - 41684191 _____ () C:\Users\Shohaib\Downloads\polymorphism 2.3ga
2014-04-30 00:50 - 2014-04-30 00:51 - 29800282 _____ () C:\Users\Shohaib\Downloads\polymorphism part1.3ga
2014-04-30 00:49 - 2014-04-30 00:50 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (3).ppt
2014-04-29 17:44 - 2014-04-29 17:48 - 00042321 _____ () C:\Users\Shohaib\Downloads\Addition.txt
2014-04-29 17:43 - 2014-04-29 17:44 - 00991880 _____ () C:\Users\Shohaib\Downloads\setup (2).exe
2014-04-29 17:41 - 2014-04-29 17:48 - 00063472 _____ () C:\Users\Shohaib\Downloads\FRST.txt
2014-04-29 17:40 - 2014-04-30 17:16 - 00000000 ____D () C:\FRST
2014-04-29 17:38 - 2014-04-29 17:39 - 02061824 _____ (Farbar) C:\Users\Shohaib\Desktop\FRST64.exe
2014-04-29 17:26 - 2014-04-29 17:26 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{BD76DE58-842D-47E8-8CF6-B6D07E99488E}
2014-04-29 11:00 - 2014-04-29 11:00 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-28 23:56 - 2014-04-28 23:58 - 52388801 _____ () C:\Users\Shohaib\Downloads\Papqc dissolution in vivo vitro dr lie.m4a
2014-04-28 23:10 - 2014-04-28 23:11 - 01310621 _____ () C:\Users\Shohaib\Desktop\AdwCleaner (3).exe
2014-04-28 23:05 - 2014-04-28 23:08 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (2).ppt
2014-04-28 23:05 - 2014-04-28 23:05 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (2).pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01808314 _____ () C:\Users\Shohaib\Downloads\Modified release 2014.pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (4).pptx
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieUserList
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieSiteList
2014-04-28 11:55 - 2014-04-28 11:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{465C9D64-405C-4DAC-AD5C-529379767066}
2014-04-28 04:21 - 2014-04-28 04:21 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (1).pptx
2014-04-28 04:21 - 2014-04-28 04:21 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (3).pptx
2014-04-28 04:20 - 2014-04-28 04:21 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (1).ppt
2014-04-28 01:03 - 2014-04-28 01:08 - 41138764 _____ () C:\Users\Shohaib\Downloads\PAPQC granulation.3ga
2014-04-28 01:02 - 2014-04-28 01:02 - 00929616 _____ () C:\Users\Shohaib\Downloads\Granulation Lecture-2014 (1).pptx
2014-04-27 23:17 - 2014-04-27 23:19 - 07006072 _____ () C:\Users\Shohaib\Downloads\PAPQC Tabelting 2.3ga
2014-04-27 23:16 - 2014-04-27 23:21 - 29046857 _____ () C:\Users\Shohaib\Downloads\PAPQC Tableting 1.3ga
2014-04-27 22:50 - 2014-04-27 22:50 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014 (1).pptx
2014-04-27 22:47 - 2014-04-27 22:47 - 11915776 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student.ppt
2014-04-27 22:45 - 2014-04-27 22:46 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014.pptx
2014-04-27 22:40 - 2014-04-27 22:41 - 01554432 _____ () C:\Users\Shohaib\Downloads\05-Drug-Quality_final-08.ppt
2014-04-27 21:46 - 2014-04-27 21:46 - 00276534 _____ () C:\Users\Shohaib\Downloads\PAPQC - Pharmacopia tests-2014.pptx
2014-04-27 21:30 - 2014-04-27 21:30 - 11176230 _____ () C:\Users\Shohaib\Downloads\Voice 032.amr
2014-04-27 21:27 - 2014-04-27 21:27 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014.pptx
2014-04-27 21:27 - 2014-04-27 21:27 - 01051648 _____ () C:\Users\Shohaib\Downloads\PAPQC - Intro_2014.ppt
2014-04-27 21:26 - 2014-04-27 21:27 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (2).pptx
2014-04-27 16:03 - 2014-04-27 16:20 - 00011428 _____ () C:\Users\Shohaib\Documents\ISoc Reimbursements.xlsx
2014-04-27 12:37 - 2014-04-27 12:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F3244A78-A617-4D75-B168-D82B79B6C1CA}
2014-04-27 01:46 - 2014-04-27 01:46 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (1).pptx
2014-04-26 19:00 - 2014-04-26 19:00 - 00028303 _____ () C:\Users\Shohaib\Desktop\dds.txt
2014-04-26 19:00 - 2014-04-26 19:00 - 00009556 _____ () C:\Users\Shohaib\Desktop\attach.txt
2014-04-26 18:56 - 2014-04-26 18:56 - 00688992 ____R (Swearware) C:\Users\Shohaib\Downloads\dds.com
2014-04-26 18:43 - 2014-04-26 18:56 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-26 18:36 - 2014-04-26 18:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Shohaib\Downloads\cbSetup.exe
2014-04-26 16:13 - 2014-04-26 16:46 - 00011858 _____ () C:\Users\Shohaib\Downloads\MIsc.xlsx
2014-04-25 22:24 - 2014-04-25 22:25 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{1E19DE36-8DC4-4B6C-BDC1-7136D5F7B22E}
2014-04-25 22:19 - 2014-04-29 17:24 - 00347422 _____ () C:\Windows\PFRO.log
2014-04-25 22:11 - 2014-04-30 17:11 - 00001681 _____ () C:\Windows\setupact.log
2014-04-25 22:11 - 2014-04-25 22:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 19:15 - 2014-04-25 19:15 - 00034840 _____ () C:\Users\Shohaib\Downloads\Forms to submit.zip
2014-04-25 18:22 - 2014-04-25 21:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 18:22 - 2014-04-25 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 18:21 - 2014-04-25 22:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 18:18 - 2014-04-25 18:21 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Shohaib\Downloads\spybot-2.2.exe
2014-04-24 22:21 - 2014-04-24 22:21 - 01727624 _____ () C:\Users\Shohaib\Downloads\Adaware_Installer.exe
2014-04-24 21:37 - 2014-04-24 21:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-24 18:16 - 2014-04-24 19:18 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-04-24 16:10 - 2014-04-24 16:10 - 00707664 _____ (iS3, Inc.) C:\Users\Shohaib\Downloads\SZSetup_AID10121_AV.exe
2014-04-24 16:01 - 2014-04-24 16:04 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (2).exe
2014-04-23 21:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-23 21:49 - 2014-04-23 21:49 - 01365865 _____ () C:\Users\Shohaib\Downloads\adwcleaner (2).exe
2014-04-23 16:21 - 2014-04-23 16:21 - 00991504 _____ () C:\Users\Shohaib\Downloads\setup (1).exe
2014-04-22 05:50 - 2014-04-22 05:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AEF28BDC-C19D-4DE0-B632-9B2F587E20D3}
2014-04-22 02:49 - 2014-03-06 11:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 02:49 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 02:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 02:49 - 2014-03-06 09:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 02:49 - 2014-03-06 09:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 02:49 - 2014-03-06 09:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 02:49 - 2014-03-06 09:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 02:49 - 2014-03-06 09:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 02:49 - 2014-03-06 09:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 02:49 - 2014-03-06 09:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 02:49 - 2014-03-06 09:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 02:49 - 2014-03-06 09:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 02:49 - 2014-03-06 09:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 02:49 - 2014-03-06 09:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 02:49 - 2014-03-06 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 02:49 - 2014-03-06 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 02:49 - 2014-03-06 08:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 02:49 - 2014-03-06 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 02:49 - 2014-03-06 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 02:49 - 2014-03-06 08:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 02:49 - 2014-03-06 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 02:49 - 2014-03-06 08:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 02:49 - 2014-03-06 08:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 02:49 - 2014-03-06 08:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 02:49 - 2014-03-06 08:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 02:49 - 2014-03-06 08:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 02:49 - 2014-03-06 08:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 02:49 - 2014-03-06 07:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 02:48 - 2014-03-06 10:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 02:48 - 2014-03-06 09:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 02:48 - 2014-03-06 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 02:48 - 2014-03-06 09:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 02:48 - 2014-03-06 09:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 02:48 - 2014-03-06 09:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 02:48 - 2014-03-06 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 02:48 - 2014-03-06 08:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 02:48 - 2014-03-06 08:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 02:48 - 2014-03-06 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 02:48 - 2014-03-06 08:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 02:48 - 2014-03-06 07:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 02:48 - 2014-03-06 07:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 02:48 - 2014-03-06 07:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 02:48 - 2014-03-06 07:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 02:48 - 2014-03-06 06:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 02:48 - 2014-03-06 06:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 02:48 - 2014-03-06 06:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 02:48 - 2014-03-06 06:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 02:48 - 2014-03-06 06:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 00:34 - 2014-04-22 00:35 - 02761216 _____ () C:\Users\Shohaib\Downloads\UH Francis PP(2) CF.ppt
2014-04-21 11:27 - 2014-04-21 11:28 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{E74CC28D-4B83-4BB5-B928-5CD80DAC9157}
2014-04-20 10:10 - 2014-04-20 10:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A930E4FF-53EF-472F-9F34-AE0A1150824E}
2014-04-19 23:59 - 2014-04-19 23:59 - 03240448 _____ () C:\Users\Shohaib\Documents\Nosocomial Infections 2013-14 bb.ppt
2014-04-19 16:37 - 2014-04-19 16:37 - 00026484 _____ () C:\Users\Shohaib\Downloads\fileshare.ro_YGO.xlsx
2014-04-19 04:44 - 2014-04-19 04:47 - 03238912 _____ () C:\Users\Shohaib\Downloads\Nosocomial Infections 2013-14 bb.ppt
2014-04-18 18:37 - 2014-04-18 18:39 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister Backup
2014-04-17 22:14 - 2014-04-17 22:14 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D02FA8BA-5A27-4EF4-A121-7E7686802C0B}
2014-04-13 05:17 - 2014-04-13 05:17 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F4A8FAD2-8188-4B3C-ACB3-79BA896C64C5}
2014-04-10 18:53 - 2014-04-10 18:54 - 00993720 _____ () C:\Users\Shohaib\Downloads\setup.exe
2014-04-10 06:00 - 2014-04-10 06:00 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{3DB66349-4E99-43BB-83F6-61CF737CBDDD}
2014-04-09 17:11 - 2014-04-09 17:11 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{82747838-CC62-4B31-B9A7-D75E9F1919D0}
2014-04-09 16:38 - 2014-04-09 16:39 - 01426178 _____ () C:\Users\Shohaib\Downloads\adwcleaner (1).exe
2014-04-09 15:04 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 15:04 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 15:04 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 15:04 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:04 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 15:04 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 15:04 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 15:04 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 05:55 - 2014-04-08 05:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{428467C8-B570-4DD4-992A-D99511EDDBF8}
2014-04-06 21:41 - 2014-04-06 21:41 - 00000000 ____D () C:\Program Files\ImageConverter Plus
2014-04-06 21:41 - 2013-03-03 11:39 - 00242048 _____ (fCoder Group International) C:\Windows\system32\cnvshell.dll
2014-04-06 21:26 - 2014-04-06 21:28 - 15783896 _____ (fCoder Group, Inc. ) C:\Users\Shohaib\Downloads\converter.exe
2014-04-06 03:55 - 2014-04-06 03:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D3C28BCE-BDC1-4B29-9960-41F7D6384083}
2014-04-05 17:03 - 2014-04-05 17:03 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister
2014-04-05 17:01 - 2014-04-05 17:01 - 00007477 _____ () C:\Users\Shohaib\Downloads\SAT_templates2.zip
2014-04-05 16:36 - 2014-04-05 16:36 - 00000404 _____ () C:\InstallHelper.log
2014-04-05 16:34 - 2014-04-05 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-04-05 16:27 - 2014-04-05 16:29 - 30921168 _____ (eBay Inc. ) C:\Users\Shohaib\Downloads\setupUK (2).exe
2014-04-05 15:41 - 2014-04-05 15:42 - 00037088 _____ () C:\Users\Shohaib\Downloads\ebay-paypal-fees-calculator.xlsx
2014-04-05 10:48 - 2014-04-05 10:48 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{60CA656E-6ED5-4E5B-B3F4-E540FA385B8A}
2014-04-04 05:24 - 2014-04-04 05:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{5600AF65-8298-4428-BF3F-9A645E97455A}
2014-04-03 05:42 - 2014-04-03 05:42 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D7E3844A-5AF2-4C06-9752-910DF761A6BF}
2014-04-01 19:11 - 2014-04-01 19:11 - 00003185 _____ () C:\Users\Shohaib\Downloads\setupUK (1).exe
2014-03-31 11:49 - 2014-03-31 11:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A0492C4F-4CC3-4DE7-96B6-4F49BAB64179}
2014-03-31 11:29 - 2014-04-29 17:22 - 00000000 ____D () C:\AdwCleaner
2014-03-31 11:29 - 2014-03-31 11:29 - 01950720 _____ () C:\Users\Shohaib\Downloads\adwcleaner.exe
2014-03-31 10:37 - 2014-03-31 10:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-31 10:34 - 2014-03-31 10:35 - 18495432 _____ (SUPERAntiSpyware) C:\Users\Shohaib\Downloads\SUPERAntiSpywarePro.exe
2014-03-31 06:48 - 2014-03-31 06:48 - 00000000 _____ () C:\autoexec.bat
2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-31 06:43 - 2014-03-31 11:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-31 06:40 - 2014-03-31 06:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Shohaib\Downloads\SpyHunter-Installer.exe
2014-03-31 06:04 - 2014-03-31 06:04 - 00003156 _____ () C:\Windows\System32\Tasks\{9EB1A4B2-978B-4CDA-8F21-4937B345C99E}
2014-03-31 05:57 - 2014-04-06 21:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 05:54 - 2014-03-31 05:56 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 05:19 - 2014-03-31 05:19 - 00073728 _____ () C:\Users\Shohaib\Downloads\Alphabetical list of students with group number and room for Monday afternoon sessions.xls
 
==================== One Month Modified Files and Folders =======
 
2014-04-30 17:17 - 2014-04-30 17:16 - 00020780 _____ () C:\Users\Shohaib\Desktop\FRST.txt
2014-04-30 17:16 - 2014-04-29 17:40 - 00000000 ____D () C:\FRST
2014-04-30 17:16 - 2013-02-07 01:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-30 17:16 - 2013-02-07 01:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 17:16 - 2011-07-02 21:42 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-30 17:16 - 2011-07-02 21:42 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 17:16 - 2009-07-14 06:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 17:14 - 2014-04-30 17:14 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-30 17:14 - 2011-08-01 15:12 - 00000000 ___RD () C:\Users\Shohaib\Dropbox
2014-04-30 17:14 - 2011-08-01 15:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\Dropbox
2014-04-30 17:13 - 2014-04-30 17:13 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1001
2014-04-30 17:13 - 2014-04-30 17:13 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{335ED01B-C9A2-4448-B215-A8BE8D6DD185}
2014-04-30 17:13 - 2011-04-14 20:37 - 01201084 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 17:12 - 2011-06-10 17:04 - 00000000 ____D () C:\Users\Shohaib\Tracing
2014-04-30 17:11 - 2014-04-25 22:11 - 00001681 _____ () C:\Windows\setupact.log
2014-04-30 17:11 - 2014-02-15 02:06 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-30 17:11 - 2014-01-31 02:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-30 17:11 - 2011-06-10 00:14 - 00000008 __RSH () C:\Users\Shohaib\ntuser.pol
2014-04-30 17:11 - 2011-06-09 15:37 - 00000000 ____D () C:\Users\Shohaib
2014-04-30 17:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 17:08 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-30 17:06 - 2012-07-30 02:58 - 00000000 ____D () C:\Users\Shohaib\Documents\Ebay
2014-04-30 17:00 - 2013-09-07 21:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 15:24 - 2014-01-05 20:34 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\DevPro
2014-04-30 13:10 - 2014-04-30 13:09 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1 (2).3ga
2014-04-30 13:09 - 2014-04-30 13:09 - 01667330 _____ () C:\Users\Shohaib\Downloads\Capsules2014 (1).pptx
2014-04-30 03:42 - 2013-01-16 00:23 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\vlc
2014-04-30 02:49 - 2014-04-30 02:48 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1 (1).3ga
2014-04-30 02:48 - 2014-04-30 02:47 - 23261327 _____ () C:\Users\Shohaib\Downloads\Capsules 1.3ga
2014-04-30 02:46 - 2014-04-30 02:45 - 01667330 _____ () C:\Users\Shohaib\Downloads\Capsules2014.pptx
2014-04-30 02:06 - 2014-04-30 02:05 - 41684191 _____ () C:\Users\Shohaib\Downloads\polymorphism 2.3ga
2014-04-30 00:51 - 2014-04-30 00:50 - 29800282 _____ () C:\Users\Shohaib\Downloads\polymorphism part1.3ga
2014-04-30 00:50 - 2014-04-30 00:49 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (3).ppt
2014-04-29 17:52 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:52 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:48 - 2014-04-29 17:44 - 00042321 _____ () C:\Users\Shohaib\Downloads\Addition.txt
2014-04-29 17:48 - 2014-04-29 17:41 - 00063472 _____ () C:\Users\Shohaib\Downloads\FRST.txt
2014-04-29 17:44 - 2014-04-29 17:43 - 00991880 _____ () C:\Users\Shohaib\Downloads\setup (2).exe
2014-04-29 17:39 - 2014-04-29 17:38 - 02061824 _____ (Farbar) C:\Users\Shohaib\Desktop\FRST64.exe
2014-04-29 17:26 - 2014-04-29 17:26 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{BD76DE58-842D-47E8-8CF6-B6D07E99488E}
2014-04-29 17:24 - 2014-04-25 22:19 - 00347422 _____ () C:\Windows\PFRO.log
2014-04-29 17:22 - 2014-03-31 11:29 - 00000000 ____D () C:\AdwCleaner
2014-04-29 11:00 - 2014-04-29 11:00 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-04-29 11:00 - 2013-09-07 21:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 11:00 - 2013-09-07 21:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 11:00 - 2011-06-09 17:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 23:58 - 2014-04-28 23:56 - 52388801 _____ () C:\Users\Shohaib\Downloads\Papqc dissolution in vivo vitro dr lie.m4a
2014-04-28 23:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-28 23:11 - 2014-04-28 23:10 - 01310621 _____ () C:\Users\Shohaib\Desktop\AdwCleaner (3).exe
2014-04-28 23:08 - 2014-04-28 23:05 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (2).ppt
2014-04-28 23:05 - 2014-04-28 23:05 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (2).pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01808314 _____ () C:\Users\Shohaib\Downloads\Modified release 2014.pptx
2014-04-28 23:05 - 2014-04-28 23:05 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (4).pptx
2014-04-28 22:31 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieUserList
2014-04-28 22:27 - 2014-04-28 22:27 - 00000000 __SHD () C:\Users\Shohaib\AppData\Local\EmieSiteList
2014-04-28 11:55 - 2014-04-28 11:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{465C9D64-405C-4DAC-AD5C-529379767066}
2014-04-28 11:52 - 2013-08-22 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-04-28 04:21 - 2014-04-28 04:21 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014 (1).pptx
2014-04-28 04:21 - 2014-04-28 04:21 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (3).pptx
2014-04-28 04:21 - 2014-04-28 04:20 - 11933184 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student (1).ppt
2014-04-28 01:08 - 2014-04-28 01:03 - 41138764 _____ () C:\Users\Shohaib\Downloads\PAPQC granulation.3ga
2014-04-28 01:02 - 2014-04-28 01:02 - 00929616 _____ () C:\Users\Shohaib\Downloads\Granulation Lecture-2014 (1).pptx
2014-04-27 23:21 - 2014-04-27 23:16 - 29046857 _____ () C:\Users\Shohaib\Downloads\PAPQC Tableting 1.3ga
2014-04-27 23:19 - 2014-04-27 23:17 - 07006072 _____ () C:\Users\Shohaib\Downloads\PAPQC Tabelting 2.3ga
2014-04-27 22:50 - 2014-04-27 22:50 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014 (1).pptx
2014-04-27 22:47 - 2014-04-27 22:47 - 11915776 _____ () C:\Users\Shohaib\Downloads\Solid-State Analysis and Polymorphism_PAPQC_1213_student.ppt
2014-04-27 22:46 - 2014-04-27 22:45 - 01477785 _____ () C:\Users\Shohaib\Downloads\Tabletting_2014.pptx
2014-04-27 22:41 - 2014-04-27 22:40 - 01554432 _____ () C:\Users\Shohaib\Downloads\05-Drug-Quality_final-08.ppt
2014-04-27 21:46 - 2014-04-27 21:46 - 00276534 _____ () C:\Users\Shohaib\Downloads\PAPQC - Pharmacopia tests-2014.pptx
2014-04-27 21:30 - 2014-04-27 21:30 - 11176230 _____ () C:\Users\Shohaib\Downloads\Voice 032.amr
2014-04-27 21:27 - 2014-04-27 21:27 - 02043665 _____ () C:\Users\Shohaib\Downloads\Film Coating-2014.pptx
2014-04-27 21:27 - 2014-04-27 21:27 - 01051648 _____ () C:\Users\Shohaib\Downloads\PAPQC - Intro_2014.ppt
2014-04-27 21:27 - 2014-04-27 21:26 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (2).pptx
2014-04-27 16:20 - 2014-04-27 16:03 - 00011428 _____ () C:\Users\Shohaib\Documents\ISoc Reimbursements.xlsx
2014-04-27 12:37 - 2014-04-27 12:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F3244A78-A617-4D75-B168-D82B79B6C1CA}
2014-04-27 12:30 - 2011-03-10 18:29 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-04-27 01:46 - 2014-04-27 01:46 - 01635919 _____ () C:\Users\Shohaib\Downloads\Dissolution and In vitro in vivo correlation_2014 (1).pptx
2014-04-26 19:00 - 2014-04-26 19:00 - 00028303 _____ () C:\Users\Shohaib\Desktop\dds.txt
2014-04-26 19:00 - 2014-04-26 19:00 - 00009556 _____ () C:\Users\Shohaib\Desktop\attach.txt
2014-04-26 18:56 - 2014-04-26 18:56 - 00688992 ____R (Swearware) C:\Users\Shohaib\Downloads\dds.com
2014-04-26 18:56 - 2014-04-26 18:43 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-04-26 18:40 - 2014-04-26 18:36 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Shohaib\Downloads\cbSetup.exe
2014-04-26 17:36 - 2011-03-10 18:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-26 16:46 - 2014-04-26 16:13 - 00011858 _____ () C:\Users\Shohaib\Downloads\MIsc.xlsx
2014-04-25 22:25 - 2014-04-25 22:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{1E19DE36-8DC4-4B6C-BDC1-7136D5F7B22E}
2014-04-25 22:20 - 2014-04-25 18:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-25 22:20 - 2014-03-30 22:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-25 22:11 - 2014-04-25 22:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 21:50 - 2014-04-25 18:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-25 21:50 - 2012-06-02 12:43 - 00001594 _____ () C:\Windows\wininit.ini
2014-04-25 19:15 - 2014-04-25 19:15 - 00034840 _____ () C:\Users\Shohaib\Downloads\Forms to submit.zip
2014-04-25 18:22 - 2014-04-25 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-25 18:21 - 2014-04-25 18:18 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Shohaib\Downloads\spybot-2.2.exe
2014-04-24 22:21 - 2014-04-24 22:21 - 01727624 _____ () C:\Users\Shohaib\Downloads\Adaware_Installer.exe
2014-04-24 21:39 - 2014-04-24 21:37 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-24 19:18 - 2014-04-24 18:16 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-04-24 16:10 - 2014-04-24 16:10 - 00707664 _____ (iS3, Inc.) C:\Users\Shohaib\Downloads\SZSetup_AID10121_AV.exe
2014-04-24 16:04 - 2014-04-24 16:01 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (2).exe
2014-04-23 21:49 - 2014-04-23 21:49 - 01365865 _____ () C:\Users\Shohaib\Downloads\adwcleaner (2).exe
2014-04-23 18:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 16:21 - 2014-04-23 16:21 - 00991504 _____ () C:\Users\Shohaib\Downloads\setup (1).exe
2014-04-22 05:50 - 2014-04-22 05:50 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{AEF28BDC-C19D-4DE0-B632-9B2F587E20D3}
2014-04-22 05:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 00:35 - 2014-04-22 00:34 - 02761216 _____ () C:\Users\Shohaib\Downloads\UH Francis PP(2) CF.ppt
2014-04-21 21:02 - 2011-06-10 00:47 - 00238080 ___SH () C:\Users\Shohaib\Documents\Thumbs.db
2014-04-21 11:28 - 2014-04-21 11:27 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{E74CC28D-4B83-4BB5-B928-5CD80DAC9157}
2014-04-21 11:25 - 2012-09-18 00:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-20 23:39 - 2014-03-30 23:40 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-04-20 23:39 - 2014-03-30 23:39 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3156378192-1416581031-2256468767-1003
2014-04-20 10:10 - 2014-04-20 10:10 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A930E4FF-53EF-472F-9F34-AE0A1150824E}
2014-04-19 23:59 - 2014-04-19 23:59 - 03240448 _____ () C:\Users\Shohaib\Documents\Nosocomial Infections 2013-14 bb.ppt
2014-04-19 16:37 - 2014-04-19 16:37 - 00026484 _____ () C:\Users\Shohaib\Downloads\fileshare.ro_YGO.xlsx
2014-04-19 04:47 - 2014-04-19 04:44 - 03238912 _____ () C:\Users\Shohaib\Downloads\Nosocomial Infections 2013-14 bb.ppt
2014-04-18 18:39 - 2014-04-18 18:37 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister Backup
2014-04-17 22:14 - 2014-04-17 22:14 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D02FA8BA-5A27-4EF4-A121-7E7686802C0B}
2014-04-14 00:01 - 2012-04-24 11:55 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-04-13 05:17 - 2014-04-13 05:17 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{F4A8FAD2-8188-4B3C-ACB3-79BA896C64C5}
2014-04-10 21:55 - 2011-07-13 15:56 - 00000000 ____D () C:\Users\Shohaib\Documents\Islaam
2014-04-10 18:55 - 2012-03-14 23:39 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-04-10 18:54 - 2014-04-10 18:53 - 00993720 _____ () C:\Users\Shohaib\Downloads\setup.exe
2014-04-10 07:18 - 2011-06-09 16:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 06:15 - 2013-07-28 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 06:09 - 2011-06-09 17:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:00 - 2014-04-10 06:00 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{3DB66349-4E99-43BB-83F6-61CF737CBDDD}
2014-04-09 17:11 - 2014-04-09 17:11 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{82747838-CC62-4B31-B9A7-D75E9F1919D0}
2014-04-09 16:39 - 2014-04-09 16:38 - 01426178 _____ () C:\Users\Shohaib\Downloads\adwcleaner (1).exe
2014-04-08 05:55 - 2014-04-08 05:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{428467C8-B570-4DD4-992A-D99511EDDBF8}
2014-04-06 21:41 - 2014-04-06 21:41 - 00000000 ____D () C:\Program Files\ImageConverter Plus
2014-04-06 21:28 - 2014-04-06 21:26 - 15783896 _____ (fCoder Group, Inc. ) C:\Users\Shohaib\Downloads\converter.exe
2014-04-06 21:25 - 2014-03-31 05:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 03:55 - 2014-04-06 03:55 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D3C28BCE-BDC1-4B29-9960-41F7D6384083}
2014-04-06 00:06 - 2011-08-21 19:19 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-05 17:03 - 2014-04-05 17:03 - 00000000 ____D () C:\Users\Shohaib\Documents\Turbo Lister
2014-04-05 17:01 - 2014-04-05 17:01 - 00007477 _____ () C:\Users\Shohaib\Downloads\SAT_templates2.zip
2014-04-05 16:36 - 2014-04-05 16:36 - 00000404 _____ () C:\InstallHelper.log
2014-04-05 16:34 - 2014-04-05 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\eBay
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\eBay
2014-04-05 16:29 - 2014-04-05 16:27 - 30921168 _____ (eBay Inc. ) C:\Users\Shohaib\Downloads\setupUK (2).exe
2014-04-05 15:42 - 2014-04-05 15:41 - 00037088 _____ () C:\Users\Shohaib\Downloads\ebay-paypal-fees-calculator.xlsx
2014-04-05 10:48 - 2014-04-05 10:48 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{60CA656E-6ED5-4E5B-B3F4-E540FA385B8A}
2014-04-04 05:24 - 2014-04-04 05:24 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{5600AF65-8298-4428-BF3F-9A645E97455A}
2014-04-04 01:32 - 2014-02-15 17:44 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-04 01:31 - 2014-02-15 17:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-04 01:31 - 2012-03-14 23:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 05:42 - 2014-04-03 05:42 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{D7E3844A-5AF2-4C06-9752-910DF761A6BF}
2014-04-01 19:11 - 2014-04-01 19:11 - 00003185 _____ () C:\Users\Shohaib\Downloads\setupUK (1).exe
2014-03-31 21:23 - 2013-02-20 19:54 - 00000000 ____D () C:\Users\Shohaib\Documents\Pharmacy Applications
2014-03-31 19:46 - 2012-12-21 17:07 - 00000000 ____D () C:\Users\Shohaib\Documents\CV
2014-03-31 11:50 - 2014-03-31 11:49 - 00000000 ____D () C:\Users\Shohaib\AppData\Local\{A0492C4F-4CC3-4DE7-96B6-4F49BAB64179}
2014-03-31 11:48 - 2011-06-17 14:14 - 00000000 ____D () C:\Users\Family
2014-03-31 11:29 - 2014-03-31 11:29 - 01950720 _____ () C:\Users\Shohaib\Downloads\adwcleaner.exe
2014-03-31 11:23 - 2014-03-31 06:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-31 10:37 - 2014-03-31 10:37 - 00000000 ____D () C:\Users\Shohaib\AppData\Roaming\SUPERAntiSpyware.com
2014-03-31 10:37 - 2014-03-31 10:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-31 10:35 - 2014-03-31 10:34 - 18495432 _____ (SUPERAntiSpyware) C:\Users\Shohaib\Downloads\SUPERAntiSpywarePro.exe
2014-03-31 06:48 - 2014-03-31 06:48 - 00000000 _____ () C:\autoexec.bat
2014-03-31 06:46 - 2014-03-31 06:46 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-31 06:40 - 2014-03-31 06:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Shohaib\Downloads\SpyHunter-Installer.exe
2014-03-31 06:04 - 2014-03-31 06:04 - 00003156 _____ () C:\Windows\System32\Tasks\{9EB1A4B2-978B-4CDA-8F21-4937B345C99E}
2014-03-31 05:57 - 2013-05-08 20:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 05:57 - 2011-06-09 15:38 - 00000000 ___RD () C:\Users\Shohaib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-31 05:56 - 2014-03-31 05:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Shohaib\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-03-31 05:19 - 2014-03-31 05:19 - 00073728 _____ () C:\Users\Shohaib\Downloads\Alphabetical list of students with group number and room for Monday afternoon sessions.xls
2014-03-31 00:01 - 2014-03-30 23:59 - 10971424 _____ (SurfRight B.V.) C:\Users\Shohaib\Downloads\HitmanPro_x64 (1).exe
 
Some content of TEMP:
====================
C:\Users\Family\AppData\Local\Temp\saUpg64.exe
C:\Users\Shohaib\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shohaib\AppData\Local\Temp\Quarantine.exe
C:\Users\Shohaib\AppData\Local\Temp\YgoUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-29 12:39
 
==================== End Of Log ============================
 
 

Thanks a lot!

 

How do i prevent this from happening in the future, and what made this all happen?

 

Kind regards,



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 30 April 2014 - 12:31 PM

Hi shebbz,
 
I will provide you with some tips at the end which should answer your question, but you likely downloaded an installer which also installed other programs/adware without you realising there was an option to uncheck the software. This is a good post if you want to learn more about these types of software and how the are installed.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Shohaib\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-27]
C:\ProgramData\gmghiliadfjjmpjhbbokbndicblhbcml
C:\Users\Shohaib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmghiliadfjjmpjhbbokbndicblhbcml
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
As this scan generally takes a long time, it is best run over night:

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Malwarebytes log
  • ESET log

xXToffeeXx~


Edited by xXToffeeXx, 02 May 2014 - 10:56 AM.
Mistake in fix

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 02 May 2014 - 12:31 PM

Hmm, I have a problem installing Malwarebytes AntiMalware on my computer, when the loading bar appears for installing, it says in a warning box:

 

'Internal error: expression error 'Runtime Error (at 57:177):

 

External exception: E06D7363.'

 

The rest of it installs but this box appeared like 4-5 times.

 

When I launch Malwarebytes, it stops working and a box comes up saying either close it or check for a solution online, when I check for a solution, the next time I open it it still doesn't work.

 

How do we get around this problem?

 

Thanks.



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 03 May 2014 - 10:47 AM

Hi shebbz,

 

Please follow the steps here for a clean install of Malwarebytes. This should hopefully fix the problem, then try to reinstall the program.

 

xXToffeeXx~


Edited by xXToffeeXx, 03 May 2014 - 10:48 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 05 May 2014 - 07:55 PM

Sorry, I've been away at Uni for some time. Will get back to you ASAP.



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 06 May 2014 - 10:54 AM

Hi shebbz,

 

No worries, thank you for telling me.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:39 AM

Posted 10 May 2014 - 08:20 AM

Hi shebbz,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 shebbz

shebbz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 10 May 2014 - 06:02 PM

Hi,

 

Again I apologize for the delay and appreciate your patience! Please excuse me as I have just finished my University exams this week so will do the ESET scan this week (I've done the other two but did not have the time to perform the ESET scan so will do it tonight).

 

Again, thanks for your patience.

 

Kind regards,

 

Shohaib.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users