Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wanting to check if my pc is infected after downloading some untrusted files


  • This topic is locked This topic is locked
18 replies to this topic

#1 samguy

samguy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 08 December 2014 - 08:32 PM

Hello,
 
Thanks in advance for helping me find whether my pc is infected or not.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.67.2
Run by Kashif ali shaikh at 17:44:06 on 2014-12-08
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\IMSLoader.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\SENuke.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\SenukeRecovery.exe
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream (1)\AccountStream\AccountStreamHotmail.exe
C:\Windows\explorer.exe
C:\Users\Kashif ali shaikh\AppData\Local\Kontent Machine 3\KontentMachine3.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uProxyServer = 107.172.14.79:80
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files (x86)\Netscape Accelerator\PBHelper.dll
BHO: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files (x86)\Netscape Accelerator\components\NOWImaging.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - 
TB: TextAloud Toolbar: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
uRun: [Google Update] "C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SEnukeX] "C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\senuke.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download current page with FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx_all.htm
IE: Download using FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8}\34963736F61313035323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8}\34963736F61313035323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4D254AFF-2490-4D25-B908-4DF7BBCBABA2} : DHCPNameServer = 180.178.128.100 203.130.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 192.185.51.204 phylix.com
Hosts: 192.185.51.204 www.phylix.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\
FF - prefs.js: browser.search.defaulturl - hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R? appliand;Applian Network Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DsiWMIService;Dritek WMI Service
R? ePowerSvc;Acer ePower Service
R? GamesAppService;GamesAppService
R? GREGService;GREGService
R? hwmassfilter;HUAWEI Mass Storage Filter Driver
R? hwusbdev;Huawei DataCard USB PNP Device
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? Live Updater Service;Live Updater Service
R? MBAMSwissArmy;MBAMSwissArmy
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA
R? NOBU;Norton Online Backup
R? NTI IScheduleSvc;NTI IScheduleSvc
R? ose64;Office 64 Source Engine
R? Parallels Networking Service;Parallels Networking Service
R? Parallels Virtualization Service;Parallels Virtualization Service
R? Printer Control;Printer Control
R? prl_dsk;Parallels Loopback Driver
R? prl_mount_svc;Parallels Mount Service
R? PRLVNIC;Parallels Virtual NIC Adapter
R? Prot6Flt;Prot6Flt
R? ptun0901;TAP Adapter V9 for Private Tunnel
R? pwdrvio;pwdrvio
R? pwdspio;pwdspio
R? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
R? Revoflt;Revoflt
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? taphss6;Anchorfree HSS VPN Adapter
R? tapSF0901;Spotflux Virtual Network Device Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? UNS;Intel® Management & Security Application User Notification Service
R? USBAAPL64;Apple Mobile USB Driver
R? VF0400Afx;VF0400 Audio FX
R? VF0400Vfx;VF0400 Video FX
R? VF0400Vid;Live! Cam Notebook Pro (VF0400)
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? appliandMP;appliandMP
S? c2cautoupdatesvc;Skype Click to Call Updater
S? c2cpnrsvc;Skype Click to Call PNR Service
S? FwcAgent;Firewall Client Agent
S? HECIx64;Intel® Management Engine Interface
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? Parallels USB Device Manager;Parallels USB Device Manager
S? Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor
S? prl_net;Parallels Networking Driver
S? SSPORT;SSPORT
S? TeamViewer8;TeamViewer 8
S? Update service;Update service
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
ShellExec: TestingAnywhere.Net.exe: edit=C:\Program Files (x86)\Testing Anywhere 7.5\Client\TATestEditor.exe "%L" /edit
ShellExec: TestingAnywhere.Net.exe: open=C:\Program Files (x86)\Testing Anywhere 7.5\Client\TAPlayer.exe "/f%L/scmd/e"
.
=============== Created Last 30 ================
.
2014-12-08 10:21:45 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\Kontent Machine 3
2014-12-06 21:52:45 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0401000.01C
2014-12-06 21:52:45 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2014-12-06 21:52:45 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2014-12-06 00:16:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE167B0B-4CC1-42ED-A3F3-1AED386F6435}\offreg.dll
2014-12-05 21:53:19 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE167B0B-4CC1-42ED-A3F3-1AED386F6435}\mpengine.dll
2014-12-05 12:27:52 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-12-05 12:27:07 -------- d-----w- C:\ProgramData\F-Secure
2014-12-05 12:12:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-12-05 12:11:52 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-12-05 12:11:49 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-12-03 08:22:34 -------- d-----w- C:\flooder
2014-11-25 20:57:37 -------- d-----w- C:\ProgramData\giftitapp
2014-11-25 20:57:19 -------- d-----w- C:\ProgramData\getit4cheaper
2014-11-24 23:09:34 -------- d-----w- C:\Program Files\TAP-Windows
2014-11-24 23:01:37 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\IPVanish
2014-11-24 23:01:10 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\IPVanish.com
2014-11-24 23:00:42 -------- d-----w- C:\Program Files (x86)\IPVanish
2014-11-24 22:49:04 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\Kryptotel_fz_llc
2014-11-24 22:48:14 -------- d-----w- C:\Program Files (x86)\VpnOneClick
2014-11-23 22:35:31 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Roaming\ZNC
2014-11-23 22:35:31 -------- d-----w- C:\Program Files\ZNC
2014-11-23 22:05:46 -------- d-----w- C:\ProgramData\ZNC
2014-11-18 21:15:34 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 21:15:34 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 21:15:33 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 21:15:33 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-17 20:57:04 -------- d-sh--w- C:\Users\Kashif ali shaikh\AppData\Local\EmieBrowserModeList
2014-11-13 10:59:30 -------- d-----w- C:\ProgramData\SPC
2014-11-13 10:59:30 -------- d-----w- C:\Program Files (x86)\Didsoft
2014-11-12 02:10:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-12 02:08:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 02:08:36 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M  ====================
.
2014-12-05 11:54:18 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-04 02:52:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 02:52:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-21 13:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 13:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 13:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-04 08:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-19 08:41:56 273920 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-10-19 08:41:56 273920 ----a-w- C:\Windows\SysWow64\libssl32.dll
2014-10-19 08:41:42 1179136 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-06 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-10-06 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 18:24:57.25 ===============

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.67.2
Run by Kashif ali shaikh at 17:44:06 on 2014-12-08
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\IMSLoader.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\SENuke.exe
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\SenukeRecovery.exe
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream (1)\AccountStream\AccountStreamHotmail.exe
C:\Windows\explorer.exe
C:\Users\Kashif ali shaikh\AppData\Local\Kontent Machine 3\KontentMachine3.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
mStart Page = hxxp://www.google.com
uProxyServer = 107.172.14.79:80
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files (x86)\Netscape Accelerator\PBHelper.dll
BHO: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files (x86)\Netscape Accelerator\components\NOWImaging.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - 
TB: TextAloud Toolbar: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - 
uRun: [Google Update] "C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SEnukeX] "C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\senuke.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download current page with FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx_all.htm
IE: Download using FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8}\34963736F61313035323 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{31764F04-4BBE-4409-B005-253F818351E8}\34963736F61313035323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4D254AFF-2490-4D25-B908-4DF7BBCBABA2} : DHCPNameServer = 180.178.128.100 203.130.2.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 192.185.51.204 phylix.com
Hosts: 192.185.51.204 www.phylix.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\
FF - prefs.js: browser.search.defaulturl - hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
FF - plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R? appliand;Applian Network Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DsiWMIService;Dritek WMI Service
R? ePowerSvc;Acer ePower Service
R? GamesAppService;GamesAppService
R? GREGService;GREGService
R? hwmassfilter;HUAWEI Mass Storage Filter Driver
R? hwusbdev;Huawei DataCard USB PNP Device
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? Live Updater Service;Live Updater Service
R? MBAMSwissArmy;MBAMSwissArmy
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA
R? NOBU;Norton Online Backup
R? NTI IScheduleSvc;NTI IScheduleSvc
R? ose64;Office 64 Source Engine
R? Parallels Networking Service;Parallels Networking Service
R? Parallels Virtualization Service;Parallels Virtualization Service
R? Printer Control;Printer Control
R? prl_dsk;Parallels Loopback Driver
R? prl_mount_svc;Parallels Mount Service
R? PRLVNIC;Parallels Virtual NIC Adapter
R? Prot6Flt;Prot6Flt
R? ptun0901;TAP Adapter V9 for Private Tunnel
R? pwdrvio;pwdrvio
R? pwdspio;pwdspio
R? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
R? Revoflt;Revoflt
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? taphss6;Anchorfree HSS VPN Adapter
R? tapSF0901;Spotflux Virtual Network Device Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? UNS;Intel® Management & Security Application User Notification Service
R? USBAAPL64;Apple Mobile USB Driver
R? VF0400Afx;VF0400 Audio FX
R? VF0400Vfx;VF0400 Video FX
R? VF0400Vid;Live! Cam Notebook Pro (VF0400)
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? appliandMP;appliandMP
S? c2cautoupdatesvc;Skype Click to Call Updater
S? c2cpnrsvc;Skype Click to Call PNR Service
S? FwcAgent;Firewall Client Agent
S? HECIx64;Intel® Management Engine Interface
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? Parallels USB Device Manager;Parallels USB Device Manager
S? Parallels Virtualization Hypervisor;Parallels Virtualization Hypervisor
S? prl_net;Parallels Networking Driver
S? SSPORT;SSPORT
S? TeamViewer8;TeamViewer 8
S? Update service;Update service
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
ShellExec: TestingAnywhere.Net.exe: edit=C:\Program Files (x86)\Testing Anywhere 7.5\Client\TATestEditor.exe "%L" /edit
ShellExec: TestingAnywhere.Net.exe: open=C:\Program Files (x86)\Testing Anywhere 7.5\Client\TAPlayer.exe "/f%L/scmd/e"
.
=============== Created Last 30 ================
.
2014-12-08 10:21:45 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\Kontent Machine 3
2014-12-06 21:52:45 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0401000.01C
2014-12-06 21:52:45 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2014-12-06 21:52:45 -------- d-----w- C:\Program Files (x86)\Norton Security Scan
2014-12-06 00:16:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE167B0B-4CC1-42ED-A3F3-1AED386F6435}\offreg.dll
2014-12-05 21:53:19 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE167B0B-4CC1-42ED-A3F3-1AED386F6435}\mpengine.dll
2014-12-05 12:27:52 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-12-05 12:27:07 -------- d-----w- C:\ProgramData\F-Secure
2014-12-05 12:12:05 -------- d-----w- C:\Program Files (x86)\ESET
2014-12-05 12:11:52 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-12-05 12:11:49 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-12-03 08:22:34 -------- d-----w- C:\flooder
2014-11-25 20:57:37 -------- d-----w- C:\ProgramData\giftitapp
2014-11-25 20:57:19 -------- d-----w- C:\ProgramData\getit4cheaper
2014-11-24 23:09:34 -------- d-----w- C:\Program Files\TAP-Windows
2014-11-24 23:01:37 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\IPVanish
2014-11-24 23:01:10 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\IPVanish.com
2014-11-24 23:00:42 -------- d-----w- C:\Program Files (x86)\IPVanish
2014-11-24 22:49:04 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Local\Kryptotel_fz_llc
2014-11-24 22:48:14 -------- d-----w- C:\Program Files (x86)\VpnOneClick
2014-11-23 22:35:31 -------- d-----w- C:\Users\Kashif ali shaikh\AppData\Roaming\ZNC
2014-11-23 22:35:31 -------- d-----w- C:\Program Files\ZNC
2014-11-23 22:05:46 -------- d-----w- C:\ProgramData\ZNC
2014-11-18 21:15:34 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 21:15:34 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 21:15:33 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 21:15:33 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-17 20:57:04 -------- d-sh--w- C:\Users\Kashif ali shaikh\AppData\Local\EmieBrowserModeList
2014-11-13 10:59:30 -------- d-----w- C:\ProgramData\SPC
2014-11-13 10:59:30 -------- d-----w- C:\Program Files (x86)\Didsoft
2014-11-12 02:10:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-11-12 02:08:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 02:08:36 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
==================== Find3M  ====================
.
2014-12-05 11:54:18 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-04 02:52:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 02:52:18 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-21 13:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 13:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 13:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-11-04 08:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-19 08:41:56 273920 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-10-19 08:41:56 273920 ----a-w- C:\Windows\SysWow64\libssl32.dll
2014-10-19 08:41:42 1179136 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-06 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-10-06 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 18:24:57.25 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 04/01/2012 6:03:02 AM
System Uptime: 08/12/2014 1:58:07 AM (17 hours ago)
.
Motherboard: Acer |  | Aspire 5742Z
Processor: Intel® Pentium® CPU        P6200  @ 2.13GHz | CPU | 917/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 348 GiB total, 36.408 GiB free.
D: is CDROM ()
K: is FIXED (NTFS) - 102 GiB total, 9.338 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Parallels Virtual NIC 0
Device ID: ROOT\NET\0000
Manufacturer: Parallels Software International Inc.
Name: Parallels Virtual NIC 0
PNP Device ID: ROOT\NET\0000
Service: PRLVNIC
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Parallels Virtual NIC 1
Device ID: ROOT\NET\0001
Manufacturer: Parallels Software International Inc.
Name: Parallels Virtual NIC 1
PNP Device ID: ROOT\NET\0001
Service: PRLVNIC
.
==== System Restore Points ===================
.
RP368: 05/12/2014 6:26:39 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
1st Mass Mailer
7-Zip 9.20
A1 Website Download
ACDSee Photo Manager 12
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acute Email IDs Production Engine
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Creative Cloud
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader X (10.1.3) MUI
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 4
Article Kevo
Article Marketing Robot
Article Spinner 3.0.2.0
Article Submitter Plus
µTorrent
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
Backup Manager Basic
Bejeweled 2 Deluxe
Big Fish Games: Game Manager
Bing Ads Editor
Bitnami WordPress Module
Bonjour
Broadband
Broadcom Gigabit NetLink Controller
Build-a-lot 4 - Power Source
Bulk Mailer
Camtasia Studio 8
Captcha Sniper
Channel Master
Chronicles of Albian
Chuzzle Deluxe
CometBird 11.0 (x86 en-US)
Complément Messenger
Cradle of Rome 2
Creative Live! Cam Notebook Pro Driver (1.01.02.00)
Crimson Editor SVN286M
CutePDF Writer 2.8
CyberLink PowerDVD 9
D3DX10
Darksiders II
DCoder Image Source (remove only)
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB2899521) 64-Bit Edition
Disney Princess - My Fairytale Adventure
DivX Setup
DMG Extractor
Dora's World Adventure
Dropbox
Easy WiFi Radar 1.0.3
eBay Worldwide
Email Verifier
ESET Online Scanner v3
FATE: The Cursed King
FFMPEG Core Files (remove only)
Final Drive: Nitro
Forum Proxy Leecher 1.11
Galerie de photos Windows Live
getit4cheaper
Giana Sisters - Twisted Dreams
giftitapp
GOM Player
Google AdWords Editor
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Governor of Poker 2 Premium Edition
GSA Email Spider v5.30
Havij 1.15 Free
HMA! Pro VPN 2.8.6.0
iCloud
Identity Card
ImageMagick 6.7.0-0 Q16 (2011-06-01)
Infix PDF Editor version 5.2.3.0
InstantArticleWizard
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Ipswitch WS_FTP Pro
IPVanish
IPVanish VPN
iTunes
Java 7 Update 67
Java Auto Updater
Java™ 6 Update 37
Jewel Match 3
Junk Mail filter update
K-Lite Mega Codec Pack 10.8.0
Karachi Racers
Kobo
Kontent Machine 3 version 3.0
Launch Manager
LinuxLive USB Creator
Live Email Verifier
Magic Article Rewriter version 2.03
Magic Submitter version 3.65
Malwarebytes Anti-Malware version 2.0.4.1028
Market Samurai
Maxthon Cloud Browser
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft AdCenter Desktop Prerequisites
Microsoft Application Error Reporting
Microsoft Firewall Client
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 7.7
MiniTool Partition Wizard Server Edition 7.7
mIRC
Moyea FLV Editor Lite version: 1.1.1.846
Moyea FLV Editor Pro Version: 3.1.14.0
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery Legends - Beauty and the Beast version 11.09.23.100
Mystery Legends: Beauty and the Beast
Mystery of Mortlake Mansion
NaturalReaderFree
Need for Speed Underground 2
newsXpresso
NextUp-ScanSoft Jill US English Voice
Norton Online Backup
Norton PartitionMagic
Norton PartitionMagic 8.0
Norton Security Scan
Notepad++
Null-modem emulator (com0com)
Octoshape Streaming Services
OfflineMaps
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenVPN 2.3.5-I001 
Opera 12.12
Paltalk Messenger  11.4
Panda Internet Security 2012
Parallels runtime modules
Parallels Workstation
ParetoLogic Data Recovery
PartitionMagic
PDF Editor 3
PDFCreator
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Popcorn Time
PowerISO
PowerQuest PartitionMagic 8.0
PTCL Smart TV
Quick Article Submitter
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Replay Media Catcher 4 (4.4.3)
Revo Uninstaller Pro 3.0.5
Screaming Frog SEO Spider
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 64-Bit Edition
SendBlaster 2
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
SFV Checker
Shared C Run-time for x64
Skype Click to Call
Skype Web Plugin
Skype™ 6.21
Socks Proxy Checker 1.14
Submitter
Super Email Harvester
Synaptics Pointing Device Driver
TAP-Windows 9.9.2
TeamViewer 8
TextAloud 3.0
THE HOUSE OF THE DEAD 3
TheBestSpinner
TheBestSpinner3
Torchlight
Ubuntu
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2889935) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
Update Installer for WildTangent Games App
Update or Uninstall SENukeX
VC80CRTRedist - 8.0.50727.6195
Video Watermark Pro
Virtual Villagers 5 - New Believers
VpnOneClick
WampServer 2.4
Welcome Center
Wicked Article Creator 3.1.0.0
Wicked Article Creator 3.6.0.0
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
WinHTTrack Website Copier 3.46-1
WinPcap 4.1.2
WinRAR 4.10 beta 5 (64-bit)
WinZip 16.5
WM Recorder
Wondershare DVD Creator(Build 2.6.4)
Wondershare Video Editor(Build 3.0.0)
WordFlood (remove only)
XAMPP
Yahoo! Messenger
YTD Video Downloader 4.6
Zoom Player (remove only)
Zuma's Revenge
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
08/12/2014 3:35:28 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
08/12/2014 12:33:09 AM, Error: Service Control Manager [7000]  - The PortableVBoxUSBMon service failed to start due to the following error:  The system cannot find the path specified.
08/12/2014 12:33:09 AM, Error: Service Control Manager [7000]  - The PortableVBoxDRV service failed to start due to the following error:  The system cannot find the path specified.
08/12/2014 12:32:39 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/12/2014 1:43:12 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
06/12/2014 9:14:39 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
05/12/2014 5:13:53 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Skype Click to Call Updater service to connect.
05/12/2014 5:13:53 PM, Error: Service Control Manager [7000]  - The Skype Click to Call Updater service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
05/12/2014 5:12:59 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
05/12/2014 2:39:27 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 
 


Hi my logs are too long so it is causing the site to time out on submission of this post so i have attached them in a.zip file.
 
Thanks for the help :)


Seems like the attachment did not go through on a previous post so here we go again
Posts merged and duplicate topics deleted ~Budapest

Attached Files


Edited by Budapest, 08 December 2014 - 08:59 PM.


BC AdBot (Login to Remove)

 


#2 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 12 December 2014 - 06:40 AM

No one has replied yet :(



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 13 December 2014 - 08:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559112 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 17 December 2014 - 09:28 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi samguy,

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 21 December 2014 - 03:40 PM

Hi samguy,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 22 December 2014 - 07:12 PM

Hi Toffee sorry for a late reply, really had been so busy and thanks for offering your assistance to me, really appreciated.
 
I was trying to paste the logs here, but I am getting an error mentioned below:
 
 

An error occurred


You do not have permission for that action.

 
So for this reason instead of pasting the logs in this reply, I instead attached them into this reply, hope it will be ok for you.
 
Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Kashif ali shaikh (administrator) on KASHIFM on 22-12-2014 16:54:30
Running from C:\Users\Kashif ali shaikh\Desktop
Loaded Profile: Kashif ali shaikh (Available profiles: Kashif ali shaikh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft ® Corporation) C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Run: [Google Update] => C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Run: [SEnukeX] => C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\senuke.exe [8566784 2014-12-12] (Mpyre Software)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\Users\Kashif ali shaikh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-656797800-3947181869-3880520273-1000] => 172.245.133.214:80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
URLSearchHook: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> DefaultScope {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PBlockHelper Class -> {4115122B-85FF-4DD3-9515-F075BEDE5EB5} -> C:\Program Files (x86)\Netscape Accelerator\PBHelper.dll (SlipStream Data Inc.)
BHO-x32: WsftpBrowserHelper Class -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: NOW!Imaging -> {9AA2F14F-E956-44B8-8694-A5B615CDF341} -> C:\Program Files (x86)\Netscape Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Hotspot Shield Toolbar -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TextAloud Toolbar - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll (NextUp.com)
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcWsp.dll [197440] (Microsoft ® Corporation)
Winsock: Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcWsp64.dll [338240] (Microsoft ® Corporation)
Winsock: Catalog5-x64 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine,S: EasyLife
FF DefaultSearchUrl: hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=
FF SearchEngineOrder.1: EasyLife
FF SearchEngineOrder.1,S: EasyLife
FF SelectedSearchEngine,S: EasyLife
FF NetworkProxy: "ftp", "116.236.216.116"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "116.236.216.116"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "116.236.216.116"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "116.236.216.116"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @talk.google.com/O1DPlugin -> C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-656797800-3947181869-3880520273-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kashif ali shaikh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Kashif ali shaikh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kashif ali shaikh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kashif ali shaikh\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\EasyLife.xml
FF SearchPlugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\one-news-page.xml
FF SearchPlugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\yahoo_ff.xml
FF Extension: SeoQuake - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-11-02]
FF Extension: Yahoo! Toolbar - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-11-01]
FF Extension: DownloadHelper - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-02]
FF Extension: Hotspot Shield  - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2014-08-07]
FF Extension: Autofill Forms - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\autofillForms@blueimp.net.xpi [2013-08-08]
FF Extension: AutoProxy - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\autoproxy@autoproxy.org.xpi [2013-08-08]
FF Extension: CMS Backend Opener - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\cmsbackendopener@andreas-ratke.de.xpi [2013-01-07]
FF Extension: colorPicker - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\colorPicker@colorPicker.xpi [2013-08-08]
FF Extension: Email Extractor - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\emailExtractor@penzil.com.xpi [2013-08-08]
FF Extension: Find and Replace for FireFox - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\findandreplace@notreal.org.xpi [2012-03-31]
FF Extension: Firebug - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-19]
FF Extension: FirePath - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\FireXPath@pierre.tholence.com.xpi [2014-04-19]
FF Extension: FoxReplace - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\fox@replace.fx.xpi [2012-11-20]
FF Extension: One Click Proxy - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2013-08-08]
FF Extension: WordPress Version Check - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\jid1-0YpIaBa97heABw@jetpack.xpi [2013-08-08]
FF Extension: Drupal Version Check - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\jid1-yEnzVwBa8UIgUg@jetpack.xpi [2013-08-08]
FF Extension: PageRank for Firefox - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\pagerank@any-tech.ws.xpi [2013-09-14]
FF Extension: SkipScreen - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\SkipScreen@SkipScreen.xpi [2012-03-14]
FF Extension: Text to Voice - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\text2voice@vik.josh.xpi [2013-08-08]
FF Extension: Wappalyzer - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\wappalyzer@crunchlabz.com.xpi [2014-04-19]
FF Extension: xpath finder - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\xpath_finder@xpath_finder.com.xpi [2013-09-27]
FF Extension: Readability - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2012-07-25]
FF Extension: Simple Keywords - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{99E15374-C956-11E1-AAB8-29E16088709B}.xpi [2013-08-08]
FF Extension: Advanced Frame Designer with Gradients - C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{EBB4146C-2FE4-11E2-9D76-8AD06188709B}.xpi [2013-08-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-08-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ba57eab-93a9-4b0f-90d4-414773f8ef5c}] - C:\Program Files (x86)\TextAloud\TAForFirefox
FF Extension: TextAloud 3 Toolbar - C:\Program Files (x86)\TextAloud\TAForFirefox [2013-08-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR Profile: C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-05-05]
CHR Extension: (xPath Analyzer) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfcnmcmpfhkmhoapcplnafnecpofkci [2014-04-20]
CHR Extension: (CSS and XPath checker) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoinfihhckpkkcpholfhmkeplbhddipe [2014-04-20]
CHR Extension: (Kudani FeedGrabber) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf [2014-04-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (wallabag) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepdcjnnkglfjehplaogpoonpffbdcdj [2014-04-29]
CHR Extension: (Saavn Remote) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeopamoiocdoobicaaagmgkdaofjbkc [2014-04-22]
CHR Extension: (iCloud Bookmarks) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-06-06]
CHR Extension: (XPather) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabekepgockchhemajjahpchlnkadiac [2014-04-20]
CHR Extension: (XPath Helper) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2014-04-20]
CHR Extension: (OSpy) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmnenggolkkboikoaebdiepkgfhhgnc [2014-04-20]
CHR Extension: (RealDownloader) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-20]
CHR Extension: (Xpath Finder) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaobnmmgonppmablhldddpfmgpklbfh [2014-04-20]
CHR Extension: (Color Picker) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcmgligingjhdnhdhgepemlckgcgmgaj [2014-03-12]
CHR Extension: (XPath) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbghbpofdlcecfbpjgmffnkieenjkboi [2014-04-20]
CHR Extension: (Skype Click to Call) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-20]
CHR Extension: (Google Wallet) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-08-20]
CHR Extension: (generate Xpath) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonoedhghnjmnhnceofpkppdicphhfhf [2014-04-20]
CHR Extension: (Image Color Picker) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocamglfcdanjnilooepglpjfmjabcgii [2014-03-12]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-03-12]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-12-05]
CHR Extension: (PR Checker) - C:\Users\Kashif ali shaikh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pneoplpmnpjoioldpodoljacigkahohc [2013-12-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FwcAgent; C:\Program Files (x86)\Microsoft Firewall Client 2004\FwcAgent.exe [128832 2006-12-09] (Microsoft ® Corporation)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-25] (Acer Incorporated) [File not signed]
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
S4 Parallels Networking Service; C:\Program Files (x86)\Parallels\Parallels Workstation\Application\prl_naptd.exe [2796296 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
S4 Parallels Virtualization Service; C:\Program Files (x86)\Parallels\Parallels Workstation\Application\prl_disp_service.exe [16713992 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [79360 2011-11-11] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [File not signed]
S4 prl_mount_svc; C:\Program Files (x86)\Parallels\Parallels Workstation\Application\prl_mount_svc.exe [521480 2011-11-24] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [22016 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [10923520 2013-06-23] () [File not signed]
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 com0com; C:\Windows\System32\DRIVERS\com0com.sys [76800 2011-01-24] (Vyacheslav Frolov)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwmassfilter; C:\Windows\System32\DRIVERS\ewmassfilter.sys [10240 2009-06-26] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-05] (Malwarebytes Corporation)
S3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu_x64.sys [154112 2010-07-05] (MediaTek Inc.) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [32512 2005-08-02] (CACE Technologies) [File not signed]
R2 Parallels USB Device Manager; C:\Windows\SysWOW64\drivers\prl_usb_mng64.sys [20744 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
R2 Parallels Virtualization Hypervisor; C:\Windows\SysWOW64\drivers\prl_hypervisor_64.sys [259848 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
S3 PRLVNIC; C:\Windows\System32\DRIVERS\prl_vnic.sys [15112 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
S3 prl_dsk; C:\Program Files (x86)\Parallels\Parallels Workstation\Drivers\prl_dsk.sys [66312 2011-11-24] (Windows ® Codename Longhorn DDK provider)
R2 prl_net; C:\Windows\System32\DRIVERS\prl_net.sys [32520 2011-11-24] (Parallels Holdings, Ltd. and its affiliates.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-29] (The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
S3 VF0400Afx; C:\Windows\System32\Drivers\V0400Afx.sys [214240 2007-06-11] (Creative Technology Ltd.)
S3 VF0400Vfx; C:\Windows\System32\DRIVERS\V0400VFx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S3 VF0400Vid; C:\Windows\System32\DRIVERS\V0400Vid.sys [204736 2007-06-07] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
S2 VBoxDRV; \??\G:\VirtualBox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [X]
S2 VBoxUSBMon; \??\G:\VirtualBox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 16:54 - 2014-12-22 16:56 - 00039908 _____ () C:\Users\Kashif ali shaikh\Desktop\FRST.txt
2014-12-22 16:51 - 2014-12-22 16:54 - 00000000 ____D () C:\FRST
2014-12-22 16:46 - 2014-12-22 16:46 - 02122240 _____ (Farbar) C:\Users\Kashif ali shaikh\Desktop\FRST64.exe
2014-12-22 04:56 - 2014-12-22 04:56 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\Wicked_Article_Creator
2014-12-22 04:32 - 2014-12-22 04:32 - 00000000 ____D () C:\Users\Kashif ali shaikh\Desktop\test
2014-12-22 04:20 - 2014-12-22 16:46 - 00320512 _____ () C:\Users\Kashif ali shaikh\Documents\volcano 2.msam
2014-12-22 04:20 - 2014-12-22 04:20 - 00019456 _____ () C:\Users\Kashif ali shaikh\Documents\volcano.msam
2014-12-22 02:27 - 2014-12-22 02:27 - 00001936 _____ () C:\Users\Kashif ali shaikh\Desktop\dart-ball.txt
2014-12-21 01:11 - 2014-12-21 01:12 - 00698016 _____ () C:\Windows\Minidump\122114-30123-01.dmp
2014-12-20 18:58 - 2014-12-20 18:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-20 18:58 - 2014-12-20 18:58 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-19 17:49 - 2014-12-19 22:23 - 00032768 _____ () C:\Users\Kashif ali shaikh\Documents\pencil refills 2.msam
2014-12-19 17:48 - 2014-12-19 17:49 - 00019456 _____ () C:\Users\Kashif ali shaikh\Documents\pencil refills.msam
2014-12-19 03:32 - 2014-12-19 03:32 - 00011489 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-19.txt
2014-12-19 02:31 - 2014-12-19 02:31 - 00001584 _____ () C:\Users\Kashif ali shaikh\Desktop\test analysis.csv
2014-12-19 00:11 - 2014-12-19 17:48 - 00331776 _____ () C:\Users\Kashif ali shaikh\Documents\test.msam
2014-12-18 17:42 - 2014-12-19 00:11 - 00100352 _____ () C:\Users\Kashif ali shaikh\Documents\hairlosss-dec-18-further-investigation-nfs.msam
2014-12-18 16:50 - 2014-12-20 18:44 - 00002057 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-18(3).txt
2014-12-18 04:34 - 2014-12-18 04:34 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\com.longtailpro.LongTailPro
2014-12-18 04:31 - 2014-12-18 04:31 - 00007605 _____ () C:\Users\Kashif ali shaikh\AppData\Local\Resmon.ResmonCfg
2014-12-18 03:59 - 2014-12-18 03:59 - 00013651 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-18(2).txt
2014-12-18 03:27 - 2014-12-18 03:59 - 00006746 _____ () C:\Users\Kashif ali shaikh\Desktop\hairloss full research verification unf analysis.csv
2014-12-18 03:12 - 2014-12-18 16:51 - 00454656 _____ () C:\Users\Kashif ali shaikh\Documents\hairloss full research verification unf.msam
2014-12-18 00:28 - 2014-12-18 00:28 - 00009798 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-18(1).txt
2014-12-17 17:34 - 2014-12-17 17:34 - 00021424 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-18.txt
2014-12-17 15:38 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 15:38 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 05:33 - 2014-12-18 03:11 - 00647168 _____ () C:\Users\Kashif ali shaikh\Documents\regrow your hair.msam
2014-12-17 02:16 - 2014-12-17 02:16 - 00002064 _____ () C:\Users\Kashif ali shaikh\Desktop\SEnukeXCr.lnk
2014-12-16 02:40 - 2014-12-16 02:40 - 00013360 _____ () C:\Users\Kashif ali shaikh\Desktop\SocksList_2014-12-16(2).txt
2014-12-15 05:34 - 2014-12-15 05:34 - 17711760 _____ (Adobe Systems Inc.) C:\Users\Kashif ali shaikh\Downloads\AdobeAIRInstaller(1).exe
2014-12-14 21:54 - 2014-12-14 21:54 - 00000000 ____D () C:\Users\Kashif ali shaikh\Desktop\ultimatenichefinder
2014-12-14 17:51 - 2014-12-14 17:51 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Niche Finder
2014-12-13 21:25 - 2014-12-22 16:50 - 00003362 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-656797800-3947181869-3880520273-1000
2014-12-13 21:25 - 2014-12-22 16:50 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-656797800-3947181869-3880520273-1000
2014-12-13 16:49 - 2014-12-13 16:49 - 04225904 _____ () C:\Users\Kashif ali shaikh\Desktop\mIRC 7.38 Final + Crack.rar
2014-12-12 18:21 - 2014-12-12 23:38 - 00002264 _____ () C:\Users\Kashif ali shaikh\Desktop\New Text Document.txt
2014-12-12 18:02 - 2014-12-12 18:02 - 00002054 _____ () C:\Users\Kashif ali shaikh\Desktop\answer2.txt
2014-12-12 16:18 - 2014-12-12 16:18 - 05509505 _____ () C:\Users\Kashif ali shaikh\Downloads\SetupTheBestSpinner3.511.exe
2014-12-12 15:07 - 2014-12-12 16:16 - 00001679 _____ () C:\Users\Kashif ali shaikh\Desktop\answer.txt
2014-12-11 07:48 - 2014-12-17 16:14 - 00000000 ____D () C:\Windows\rescache
2014-12-11 00:14 - 2014-12-11 00:14 - 00001215 _____ () C:\Users\Kashif ali shaikh\Desktop\support-ticket.txt
2014-12-10 17:22 - 2014-12-10 17:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:04 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:04 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:04 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:04 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:04 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:04 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:04 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:04 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:04 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:04 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 02:00 - 2014-12-10 02:00 - 00001255 _____ () C:\Users\Kashif ali shaikh\Desktop\SENukeX - Shortcut.lnk
2014-12-10 01:59 - 2014-12-22 16:50 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-10 00:22 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 00:22 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 00:22 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 00:22 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 00:22 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 00:22 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 00:22 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 00:22 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 00:22 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 00:22 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 00:22 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 00:22 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 00:22 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 00:22 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 00:22 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 00:22 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 00:22 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 00:22 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 00:22 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 00:22 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 00:22 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 00:22 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 00:22 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 00:22 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 00:22 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 00:22 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 00:22 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 00:22 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 00:22 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 00:22 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 00:22 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 00:22 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 00:22 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 00:22 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 00:22 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 00:22 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 00:22 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 00:22 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 00:22 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 00:22 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 00:22 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 00:22 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 00:22 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 00:22 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 00:22 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 00:22 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 00:22 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 00:22 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 00:22 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 00:22 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 00:22 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 00:22 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 00:22 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 00:22 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 00:22 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 00:22 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 00:22 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 00:22 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 00:22 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 00:22 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 00:22 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 00:22 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 00:22 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 00:22 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 00:22 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 00:21 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 00:21 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 00:21 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 00:21 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 00:21 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 00:21 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 00:21 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 00:21 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 00:21 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 00:21 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 00:21 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 00:21 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 00:21 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 00:21 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 02:03 - 2014-12-09 02:07 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\AccountsDominator
2014-12-09 02:03 - 2014-12-09 02:03 - 00000000 ____D () C:\Facedominator
2014-12-09 01:29 - 2014-12-09 01:29 - 00001434 _____ () C:\Users\Kashif ali shaikh\Desktop\AccountStream (1) - Shortcut.lnk
2014-12-09 01:29 - 2014-12-09 01:29 - 00001230 _____ () C:\Users\Kashif ali shaikh\Desktop\site cst working - Shortcut.lnk
2014-12-09 01:28 - 2014-12-09 01:28 - 00001154 _____ () C:\Users\Kashif ali shaikh\Desktop\all my search keywords - Shortcut.lnk
2014-12-09 01:24 - 2014-12-09 01:25 - 00000000 ____D () C:\Users\Kashif ali shaikh\Desktop\Desktop dec 9 2014
2014-12-08 20:51 - 2014-12-17 18:58 - 00000863 _____ () C:\Users\Kashif ali shaikh\Desktop\proxies.txt
2014-12-08 03:21 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\Kontent Machine 3
2014-12-08 03:21 - 2014-12-08 03:21 - 00001231 _____ () C:\Users\Public\Desktop\Kontent Machine 3.lnk
2014-12-08 03:21 - 2014-12-08 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kontent Machine 3
2014-12-06 17:45 - 2014-12-06 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-12-05 05:37 - 2014-12-05 05:38 - 00779704 _____ (Symantec) C:\Users\Kashif ali shaikh\Downloads\Setup (1).exe
2014-12-05 05:27 - 2014-12-05 05:27 - 00000000 ____D () C:\ProgramData\F-Secure
2014-12-05 05:26 - 2014-12-05 05:27 - 00779704 _____ (Symantec) C:\Users\Kashif ali shaikh\Downloads\Setup.exe
2014-12-05 05:26 - 2014-12-05 05:26 - 05176232 _____ (F-Secure Corporation) C:\Users\Kashif ali shaikh\Downloads\F-SecureOnlineScanner.exe
2014-12-05 05:10 - 2014-12-05 05:11 - 08423856 _____ (McAfee, Inc.) C:\Users\Kashif ali shaikh\Downloads\SecurityScan_Release.exe
2014-12-05 05:10 - 2014-12-05 05:11 - 02347384 _____ (ESET) C:\Users\Kashif ali shaikh\Downloads\esetsmartinstaller_enu.exe
2014-12-03 01:22 - 2014-12-03 01:22 - 00000000 ____D () C:\flooder
2014-11-25 13:57 - 2014-12-05 17:01 - 00000000 ____D () C:\ProgramData\getit4cheaper
2014-11-25 13:57 - 2014-11-25 13:57 - 00000000 ____D () C:\ProgramData\giftitapp
2014-11-24 16:09 - 2014-11-24 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-11-24 16:09 - 2014-11-24 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-11-24 16:09 - 2014-11-24 16:09 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-11-24 16:01 - 2014-11-24 16:07 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\IPVanish
2014-11-24 16:01 - 2014-11-24 16:01 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\IPVanish.com
2014-11-24 16:00 - 2014-11-24 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2014-11-24 16:00 - 2014-11-24 16:00 - 00000000 ____D () C:\Program Files (x86)\IPVanish
2014-11-24 15:49 - 2014-11-24 15:49 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\Kryptotel_fz_llc
2014-11-24 15:48 - 2014-11-24 15:48 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VpnOneClick.lnk
2014-11-24 15:48 - 2014-11-24 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VpnOneClick
2014-11-24 15:48 - 2014-11-24 15:48 - 00000000 ____D () C:\Program Files (x86)\VpnOneClick
2014-11-23 15:35 - 2014-11-23 15:43 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\ZNC
2014-11-23 15:05 - 2014-12-08 18:16 - 00000000 ____D () C:\ProgramData\ZNC
2014-11-22 16:52 - 2014-11-22 16:52 - 00000170 _____ () C:\console.log
2014-11-22 16:51 - 2014-11-22 16:51 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 16:54 - 2011-10-16 14:07 - 01317507 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 16:54 - 2009-07-13 22:13 - 00789774 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 16:51 - 2014-05-08 15:04 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\SENukeX
2014-12-22 16:51 - 2012-01-03 16:14 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\Skype
2014-12-22 16:49 - 2014-11-10 11:31 - 00000518 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-12-22 16:49 - 2013-01-14 06:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 16:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 16:49 - 2009-07-13 21:51 - 00138424 _____ () C:\Windows\setupact.log
2014-12-22 16:37 - 2013-01-14 06:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 16:37 - 2012-04-22 14:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 16:37 - 2012-01-03 18:47 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000UA.job
2014-12-22 15:56 - 2012-01-03 18:47 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000Core.job
2014-12-22 06:05 - 2012-03-10 14:42 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\mIRC
2014-12-22 04:41 - 2013-09-29 05:28 - 00000000 ____D () C:\Wicked Article Creator
2014-12-22 02:11 - 2013-11-19 05:13 - 00000236 _____ () C:\Users\Kashif ali shaikh\AppData\Roaming\RO39-2M3Q
2014-12-22 02:00 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 02:00 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 01:57 - 2012-04-14 02:20 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\CrashDumps
2014-12-22 01:57 - 2012-03-21 16:21 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3FCC3351-C41E-4009-8EF2-740FC67D5385}
2014-12-22 01:57 - 2012-01-03 18:46 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\Deployment
2014-12-22 01:29 - 2014-11-10 11:31 - 00000466 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-12-21 18:00 - 2014-11-10 11:31 - 00000492 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-12-21 01:11 - 2012-04-18 03:00 - 510508340 _____ () C:\Windows\MEMORY.DMP
2014-12-21 01:11 - 2012-04-18 03:00 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 18:59 - 2014-04-18 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-20 18:58 - 2014-08-12 05:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-20 18:58 - 2014-08-12 05:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-20 18:58 - 2012-10-21 22:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-20 17:45 - 2011-09-08 21:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-20 17:45 - 2011-09-08 21:02 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 17:41 - 2012-05-06 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 04:36 - 2013-11-19 05:25 - 00000120 _____ () C:\Users\Kashif ali shaikh\AppData\Roaming\GWMC-I92M
2014-12-17 19:45 - 2013-08-17 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-17 02:57 - 2014-05-08 15:48 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\AccountStreamHotmail
2014-12-16 00:37 - 2012-01-22 01:15 - 00000600 _____ () C:\Users\Kashif ali shaikh\AppData\Local\PUTTY.RND
2014-12-13 16:52 - 2012-03-10 14:42 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-12-10 17:22 - 2014-05-06 12:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 17:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:17 - 2013-08-31 02:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:07 - 2012-06-07 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:07 - 2012-01-03 16:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 01:58 - 2010-11-20 20:47 - 00955974 _____ () C:\Windows\PFRO.log
2014-12-09 01:29 - 2014-11-04 18:35 - 00000000 ____D () C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014
2014-12-09 01:26 - 2012-03-20 15:16 - 00000000 ____D () C:\ProgramData\Norton
2014-12-08 18:14 - 2013-08-22 06:11 - 00000000 ____D () C:\Users\Kashif ali shaikh\Documents\Kontent Machine
2014-12-05 06:45 - 2014-06-25 15:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 05:28 - 2011-09-08 21:16 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-05 05:13 - 2012-04-15 15:22 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\QuickScan
2014-12-05 04:54 - 2014-06-25 15:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 04:54 - 2014-06-25 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 23:42 - 2013-08-31 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forum Proxy Leecher
2014-12-03 19:52 - 2012-04-22 14:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-03 19:52 - 2012-04-22 14:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-03 19:52 - 2011-09-08 21:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 13:39 - 2012-11-22 16:47 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-12-02 12:00 - 2012-08-15 16:43 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-11-29 18:45 - 2012-01-03 19:55 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-29 18:44 - 2011-10-16 14:50 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-11-28 16:41 - 2012-01-04 18:12 - 00000000 ____D () C:\Users\Kashif ali shaikh\Desktop\all data here
2014-11-27 23:15 - 2012-11-20 02:46 - 00000000 ____D () C:\Users\Kashif ali shaikh\Documents\Outlook Files
2014-11-27 23:12 - 2014-06-06 19:15 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Local\C31AD95D-36AD-4BF0-BA49-477341B2B17C.aplzod
2014-11-27 23:12 - 2012-01-03 19:56 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\TeamViewer
2014-11-26 19:22 - 2014-11-13 03:59 - 00000000 ____D () C:\ProgramData\SPC
2014-11-26 19:22 - 2014-11-13 03:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socks Proxy Checker
2014-11-25 13:57 - 2014-11-03 00:14 - 00000000 ____D () C:\ProgramData\b9cd9fceed6a7dd4
2014-11-24 16:09 - 2014-09-18 08:49 - 00000000 ____D () C:\Program Files\OpenVPN
2014-11-24 16:00 - 2012-06-06 17:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-24 14:04 - 2010-11-20 20:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 16:51 - 2012-07-07 19:30 - 00000000 ____D () C:\Users\Kashif ali shaikh\AppData\Roaming\Paltalk
2014-11-22 16:51 - 2012-07-07 19:30 - 00000000 ____D () C:\Program Files (x86)\Paltalk Messenger
 
Files to move or delete:
====================
C:\ProgramData\MSRecovery.exe
 
 
Some content of TEMP:
====================
C:\Users\Kashif ali shaikh\AppData\Local\Temp\HssInstaller.exe
C:\Users\Kashif ali shaikh\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Kashif ali shaikh\AppData\Local\Temp\mirc738.exe
C:\Users\Kashif ali shaikh\AppData\Local\Temp\ResetDevice.exe
C:\Users\Kashif ali shaikh\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-17 16:06
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Kashif ali shaikh at 2014-12-22 16:57:04
Running from C:\Users\Kashif ali shaikh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.0 - )
1st Mass Mailer (HKLM-x32\...\1st Mass Mailer_is1) (Version:  - IM Soft, Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
A1 Website Download (HKLM-x32\...\A21C8DB81A474239909E6CB8B8DFC590_is1) (Version: 3.0.3 - Microsys)
ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.72 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3009 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3500 - Acer)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Acute Email IDs Production Engine (HKLM-x32\...\{CB72E17B-1BCA-441F-A8A0-64C6FDF09425}) (Version: 10.3.5 - SAGAWEBS.COM)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.0.181 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_7328fdfcb73660ec8b11d5a3d5c6232) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{AC5253C5-E282-4017-9740-DDA6ECF5C203}) (Version: 4.0.0.374 - ArcSoft)
Article Kevo (HKLM-x32\...\{B2E0F0A4-AA21-4BA0-B050-0EE6BF367869}) (Version: 1.7.1 - Juicy Backlinks)
Article Marketing Robot (HKLM-x32\...\{31645123-137A-4A4F-A0E5-65594DEAA469}) (Version: 2.0.031 - Article Marketing Robot)
Article Spinner 3.0.2.0 (HKLM-x32\...\{60103DBD-B2E6-4C64-A409-36C856029364}_is1) (Version: 3.0.2.0 - Fastlink2)
Article Submitter Plus (HKLM-x32\...\{4CFD30FE-1190-4D92-9896-AB1C2A8A80DD}) (Version: 1.0.0 - CartyStudios Corporation)
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager Basic (x32 Version: 2.0.0.72 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Bing Ads Editor (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\{7e0ab96c-bd0c-43f0-b5f3-52442aab2964}) (Version: 9.0.11599.0 - )
Bing Ads Editor (x32 Version: 9.0.11599.0 - Microsoft Corporation) Hidden
Bitnami WordPress Module (HKLM-x32\...\Bitnami WordPress Module 3.9-0) (Version: 3.9-0 - Bitnami)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadband (HKLM-x32\...\Broadband) (Version: 16.001.06.00.172 - Huawei Technologies Co.,Ltd)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bulk Mailer (HKLM-x32\...\Bulk Mailer) (Version:  - Live Software Inc)
Bulk Mailer (x32 Version: 8.2 - Live Software Inc) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2EB28256-1D66-49F1-AF66-691BF9A27C79}) (Version: 8.0.2.918 - TechSmith Corporation)
Captcha Sniper (HKLM-x32\...\Captcha Sniper_is1) (Version:  - )
Channel Master (HKLM-x32\...\Channel Master) (Version: 1.20.03 - SharpC Solutions Group)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Creative Live! Cam Notebook Pro Driver (1.01.02.00) (HKLM\...\Creative VF0400) (Version:  - )
Crimson Editor SVN286M (HKLM-x32\...\Crimson Editor SVN286M) (Version: SVN286M - Emerald Editor Community)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksiders II (HKLM-x32\...\Darksiders II_is1) (Version:  - )
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Disney Princess - My Fairytale Adventure (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DMG Extractor (HKLM-x32\...\DMGExtractor) (Version: 1.1.1.1 - Reincubate Ltd)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Easy WiFi Radar 1.0.3 (HKLM-x32\...\Easy WiFi Radar) (Version: 1.0.3 - Makayama Interactive)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Email Verifier (HKLM-x32\...\Email Verifier) (Version:  - Live Software Inc)
Email Verifier (x32 Version: 6.2 - Live Software Inc) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Forum Proxy Leecher 1.11 (HKLM-x32\...\Forum Proxy Leecher_is1) (Version:  - My-Proxy Software)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
getit4cheaper (HKLM-x32\...\{2EA2914E-5241-4DFC-341B-727B2080AFE9}) (Version:  - "")
Giana Sisters - Twisted Dreams (HKLM-x32\...\Giana Sisters - Twisted Dreams) (Version: 1.0 - Black Forest Games)
giftitapp (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - giftitapp) <==== ATTENTION
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.25.5015 - Gretech Corporation)
Google AdWords Editor (HKLM-x32\...\{CE3B2130-AD88-403F-9919-2ACCA733A625}) (Version: 10.1.0 - Google)
Google Chrome (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GSA Email Spider v5.30 (HKLM-x32\...\GSA Email Spider_is1) (Version: 5.30 - GSA Software)
Havij 1.15 Free (HKLM-x32\...\Havij_is1) (Version:  - ITSecTeam)
HMA! Pro VPN 2.8.6.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.6.0 - Privax Ltd)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImageMagick 6.7.0-0 Q16 (2011-06-01) (HKLM-x32\...\ImageMagick 6.7.0 Q16_is1) (Version: 6.7.0 - ImageMagick Studio LLC)
Infix PDF Editor version 5.2.3.0 (HKLM-x32\...\D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1) (Version: 5.2.3.0 - Iceni Technology)
InstantArticleWizard (HKLM-x32\...\InstantArticleWizard) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Ipswitch WS_FTP Pro (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9 - )
IPVanish (x32 Version: 2.0.18.2 - IPVanish.com) Hidden
IPVanish VPN (HKLM-x32\...\{d568101d-8c1b-4467-bf7a-9a7f62310878}) (Version: 2.0.18.2 - IPVanish.com)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karachi Racers (HKLM-x32\...\Karachi Racers) (Version:  - )
K-Lite Mega Codec Pack 10.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 1.9 - Kobo Inc.)
Kontent Machine 3 version 3.0 (HKLM-x32\...\{6BA715DB-609E-4497-BA12-6E9C104A19EB}_is1) (Version: 3.0 - Kontent Machine)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Live Email Verifier (HKLM-x32\...\Live Email Verifier) (Version: 3.0 - Live Software Inc)
Live Email Verifier (x32 Version: 3.0 - Live Software Inc) Hidden
Magic Article Rewriter version 2.03 (HKLM-x32\...\{f0d45106-1297-491c-841b-b684762d37ac}_is1) (Version: 2.03 - Alexandr Krulik)
Magic Submitter version 3.65 (HKLM-x32\...\{9629C88B-66A7-4EB3-84E4-D2847F683DDA}_is1) (Version: 3.65 - Alexandr Krulik)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.25 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.25 - Alliance Software Pty Ltd) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.0.2000 - Maxthon International Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AdCenter Desktop Prerequisites (HKLM-x32\...\{ad84be6d-14d5-49f4-8495-7703a51bbd6f}) (Version: 8.6.10611.0 - )
Microsoft Firewall Client (HKLM-x32\...\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}) (Version: 4.0.3442 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{f45b48a7-f616-4211-b927-17cab6a96613}) (Version: 8.0.58298 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.7 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Partition Wizard Server Edition 7.7 (HKLM-x32\...\{D0ED76C5-265B-4817-ACD2-7F2BC7E296C3}_is1) (Version:  - MiniTool Solution Ltd.)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Moyea FLV Editor Lite version: 1.1.1.846 (HKLM-x32\...\{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1) (Version:  - )
Moyea FLV Editor Pro Version: 3.1.14.0 (HKLM-x32\...\{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1) (Version:  - )
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery Legends - Beauty and the Beast version 11.09.23.100 (HKLM-x32\...\{CD5976D0-CAF3-47E7-AA11-522A83CE9EB4}_is1) (Version: 11.09.23.100 - GameHouse)
Mystery Legends: Beauty and the Beast (HKLM-x32\...\BFG-Mystery Legends - Beauty and the Beast) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NaturalReaderFree (HKLM-x32\...\{C5E7BF75-007E-44AD-8962-627ED44CB63B}) (Version: 11.9 - NaturalSoft)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NextUp-ScanSoft Jill US English Voice (HKLM-x32\...\{66478117-E9DF-4130-BA80-D9405D0BE91C}) (Version: 4.0.0 - NextUp.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Norton PartitionMagic (x32 Version: 8.05.000 - Symantec) Hidden
Norton PartitionMagic 8.0 (HKLM-x32\...\InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}) (Version: 8.05.000 - Symantec)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
Null-modem emulator (com0com) (HKLM-x32\...\com0com) (Version: 2.2.2.0 - Vyacheslav Frolov)
Octoshape Streaming Services (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
OfflineMaps (HKLM-x32\...\{6058F436-7022-4063-9FE5-9615FC1FD3A7}) (Version: 1.2.0 - Hungry for Knowledge)
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenVPN 2.3.5-I001  (HKLM\...\OpenVPN) (Version: 2.3.5-I001 - )
Opera 12.12 (HKLM-x32\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16415 - AVM Software Inc.)
Panda Internet Security 2012 (x32 Version: 17.01.00 - Panda Security) Hidden
Parallels runtime modules (x32 Version: 1.00.0000 - Parallels) Hidden
Parallels Workstation (x32 Version: 6.0.13950 - Parallels) Hidden
ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.1.0 - ParetoLogic, Inc.)
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.3 - Power Software Ltd)
PowerQuest PartitionMagic 8.0 (HKLM-x32\...\InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}) (Version: 8.00.000 - PowerQuest)
PTCL Smart TV (HKLM-x32\...\{CAF46003-CBC8-4039-9851-C65D9CA5EB4D}) (Version: 1.76 - PBX Telecom)
Quick Article Submitter (HKLM-x32\...\Quick Article Submitter) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Media Catcher 4 (4.4.3) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.4.3 - Applian Technologies)
Revo Uninstaller Pro 3.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.5 - VS Revo Group, Ltd.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 0.01 - Screaming Frog)
SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SFV Checker (HKLM-x32\...\{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Socks Proxy Checker 1.14 (HKLM-x32\...\Socks Proxy Checker_is1) (Version:  - http://www.didsoft.com)
Submitter (HKLM-x32\...\Submitter) (Version: 4.00.48 - Sick Marketing)
Super Email Harvester (HKLM-x32\...\Super Email Harvester_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
THE HOUSE OF THE DEAD 3 (HKLM-x32\...\{B418F434-15CD-4B68-A022-CFE0DB92A6F9}) (Version: 1.00.000 - SEGA)
TheBestSpinner (HKLM-x32\...\TheBestSpinner) (Version:  - )
TheBestSpinner3 (HKLM-x32\...\TheBestSpinner3) (Version:  - )
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev265 - Ubuntu)
Ultimate Niche Finder (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\8e814d4c6b7a501e) (Version: 2.0.2.37 - Ultimate Niche Finder)
Unity Web Player (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update or Uninstall SENukeX (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Watermark Pro (HKU\S-1-5-21-656797800-3947181869-3880520273-1000\...\VideoWatermarkPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VpnOneClick (HKLM-x32\...\{A3F2F845-54AF-48C7-9690-16EBD458065B}) (Version: 2.6.2 - Kryptotel fz llc)
WampServer 2.4 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Wicked Article Creator 3.1.0.0 (HKLM-x32\...\Wicked Article Creator 3.1.0.0) (Version: 3.1.0.0 - WAC Systems)
Wicked Article Creator 3.6.0.0 (HKLM-x32\...\Wicked Article Creator 3.6.0.0) (Version: 3.6.0.0 - WAC Systems)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.46-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
WinZip 16.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}) (Version: 16.5.10096 - WinZip Computing, S.L. )
WM Recorder (HKLM-x32\...\WM Recorder14.11.4) (Version: 14.11.4 - AllAlex, Inc)
Wondershare DVD Creator(Build 2.6.4) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare)
Wondershare Video Editor(Build 3.0.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare)
WordFlood (remove only) (HKLM-x32\...\WordFlood) (Version:  - )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YTD Video Downloader 4.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.6 - GreenTree Applications SRL) <==== ATTENTION
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{e34e5285-5dda-498a-86b8-e5995d7eab3d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
13-12-2014 03:00:17 Windows Update
16-12-2014 18:12:42 Windows Update
18-12-2014 03:00:45 Windows Update
20-12-2014 18:56:30 Installed Java 7 Update 71
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-12-05 06:41 - 2014-12-08 01:45 - 00000413 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
192.185.51.204 phylix.com
192.185.51.204 www.phylix.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {23D3A026-2EC5-47BA-8D3F-E0A00F8F98BE} - System32\Tasks\{6C786835-94C2-4CFB-A237-D50F006C9CAA} => pcalua.exe -a "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver\devsetup32.exe" -d "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver"
Task: {2ABDA058-54C4-4B24-B164-06B93BBD95CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {305AB561-24E8-4CDE-A9BC-922801532975} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {318E832C-A3DF-438E-8869-4253B5521898} - System32\Tasks\{1512F6EB-61F1-46C5-BE6F-CAC6F8984079} => pcalua.exe -a "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver\driversetup.exe" -d "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver"
Task: {31E40A77-76F7-44AF-BA39-A2DDA07AF792} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-656797800-3947181869-3880520273-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3668E654-285C-4CF3-BEDB-BE015EBFA1C4} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {37646B4B-188C-42F2-BDBC-AC7B0B026638} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-04-03] (Adobe Systems Incorporated)
Task: {40FE6037-B777-446D-A1EA-651F1CC2ED9F} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-18] ()
Task: {4643EA90-AB7A-411B-AF7B-22C9FE8B95D4} - System32\Tasks\{426B8ED1-BB90-42FE-A012-8AF7E7D750A2} => Iexplore.exe http://ui.skype.com/ui/0/5.8.0.156.367/en/abandoninstall?page=tsMain
Task: {511ECD1C-4133-4DB5-A4CB-71F9256FD470} - System32\Tasks\{ABB1ED80-D788-4AA5-A2A3-C14CA8F1C82C} => c:\program files (x86)\maxthon\bin\maxthon.exe [2012-12-10] (Maxthon International ltd.)
Task: {52EA3AE2-E362-44CD-9221-38023CDC726B} - System32\Tasks\{2DB3A76A-A2FA-4ADF-A5CF-1DBD0900E013} => pcalua.exe -a E:\DATACARD_SETUP.EXE -d E:\
Task: {55949D57-95A8-4C2C-AA6C-4689E8212566} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000Core => C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {55BF5A60-9763-4230-B0D0-569D0725ECC7} - System32\Tasks\AdobeAAMUpdater-1.0-KASHIFM-Kashif ali shaikh => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {6E9812B1-06C4-482A-AFA4-04664A6A5A3F} - System32\Tasks\{ADDC749A-EE30-403E-8E75-C05A712DE5C8} => pcalua.exe -a "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver\DevSetup.exe" -d "C:\Users\Kashif ali shaikh\Desktop\WIN-EVO_PCMCI\WIN-EVO_PCMCI\Driver"
Task: {80D31833-8755-4316-B8C6-506A11446A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.)
Task: {82BF0CBC-952F-43D2-8795-D0A958CED4EC} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-18] ()
Task: {9EA510E6-FD76-43B5-B077-59B3D82454FD} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {A2FB825C-FEDE-487E-BD25-8059806B386E} - System32\Tasks\{BC8FF06D-4D3F-412A-8D64-DF4F04B98A11} => pcalua.exe -a C:\XX-CLIENT\xx-client_v1.11\virtual_ports\install_virtual_ports.exe -d C:\XX-CLIENT\xx-client_v1.11\virtual_ports
Task: {AB32B5EA-6538-4CD5-9E48-0D6B5E11D49D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C998A689-E1EC-469E-BA3F-1830D28CFCF2} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {C9FF6F0A-3642-4BF2-BAFC-3F8C3157BAA9} - System32\Tasks\{EDBCE2E6-E8F8-4AB1-9D34-22016C766C6D} => pcalua.exe -a "C:\Program Files (x86)\Broadband EvDO\uninst.exe"
Task: {CB62E209-CEEE-4F1F-BECB-84F776B1DBD0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-656797800-3947181869-3880520273-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {CC58CCB6-0DB8-4958-8155-548B82C68955} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000UA => C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {D16C915A-0806-4E8A-B7D0-18441B9BAB4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {EC363947-015F-46BC-A74C-BC7101E302F8} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000Core.job => C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-656797800-3947181869-3880520273-1000UA.job => C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-31 16:47 - 2012-03-11 13:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2009-08-03 04:48 - 2009-08-03 04:48 - 00027648 _____ () C:\Windows\System32\sso1ml6.dll
2013-06-11 22:58 - 2013-06-11 22:58 - 03316080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-06 22:38 - 2011-12-15 12:38 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-04 08:33 - 2011-12-28 12:55 - 02296656 _____ () C:\Program Files (x86)\TextAloud\TAContextMenu64.dll
2012-06-18 08:24 - 2012-06-18 08:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-28 18:47 - 2014-07-03 08:25 - 38713856 _____ () C:\Program Files (x86)\Paltalk Messenger\libcef.dll
2013-09-12 14:21 - 2014-11-06 14:25 - 02220544 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
2011-09-08 21:03 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-20 19:08 - 2014-10-20 19:08 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2011-09-08 20:23 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\CrackTracker_setup.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\fwsuct.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\GoogleEarthPluginSetup.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\httrack-3.46.1.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\npp.6.2.3.Installer.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\Opera_1211_int_Setup.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\QuickTimeInstaller.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\SCX-4600_PrintD.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\Sublime Text 2.0.1 Setup.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\SurfOffline_Standard.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Downloads\Testing-Anywhere-Setup750.exe:BDU
AlternateDataStreams: C:\Users\Kashif ali shaikh\Documents\clickbank-offer-paidsurveys-for-sendblaster2.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: Parallels Networking Service => 2
MSCONFIG\Services: Parallels Virtualization Service => 2
MSCONFIG\Services: Printer Control => 2
MSCONFIG\Services: prl_mount_svc => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Firewall Client Management.lnk => C:\Windows\pss\Microsoft Firewall Client Management.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kashif ali shaikh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: googletalk => C:\Users\Kashif ali shaikh\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\Kashif ali shaikh\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: PrintDisp => C:\Windows\system32\PrintDisp.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickArticleSubmitter => C:\PROGRA~2\QUICKA~1\AutoSubmission.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SEnukeX => "C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\senuke.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TAForOE Loader => "C:\Program Files (x86)\TextAloud\TAForOELoader.exe" /background
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: V0400Mon.exe => C:\Windows\V0400Mon.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-656797800-3947181869-3880520273-500 - Administrator - Disabled)
Guest (S-1-5-21-656797800-3947181869-3880520273-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-656797800-3947181869-3880520273-1002 - Limited - Enabled)
Kashif ali shaikh (S-1-5-21-656797800-3947181869-3880520273-1000 - Administrator - Enabled) => C:\Users\Kashif ali shaikh
 
==================== Faulty Device Manager Devices =============
 
Name: Parallels Virtual NIC 0
Description: Parallels Virtual NIC 0
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Parallels Software International Inc.
Service: PRLVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Parallels Virtual NIC 1
Description: Parallels Virtual NIC 1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Parallels Software International Inc.
Service: PRLVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2014 04:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 01:57:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ultimate Niche Finder.exe, version: 1.0.0.0, time stamp: 0x548c7a9e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x051f4f0c
Faulting process id: 0x694
Faulting application start time: 0xUltimate Niche Finder.exe0
Faulting application path: Ultimate Niche Finder.exe1
Faulting module path: Ultimate Niche Finder.exe2
Report Id: Ultimate Niche Finder.exe3
 
Error: (12/22/2014 01:57:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ultimate Niche Finder.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage)
   at Keywords.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Keywords.App.Main()
 
Error: (12/22/2014 01:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 01:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LongTailPro.exe, version: 0.0.0.0, time stamp: 0x54236ee1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x4614
Faulting application start time: 0xLongTailPro.exe0
Faulting application path: LongTailPro.exe1
Faulting module path: LongTailPro.exe2
Report Id: LongTailPro.exe3
 
Error: (12/21/2014 01:12:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 06:49:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 05:42:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 02:49:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TheBestSpinner.exe, version: 3.0.0.0, time stamp: 0x525ef469
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xc0020001
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xTheBestSpinner.exe0
Faulting application path: TheBestSpinner.exe1
Faulting module path: TheBestSpinner.exe2
Report Id: TheBestSpinner.exe3
 
Error: (12/20/2014 06:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LongTailPro.exe, version: 0.0.0.0, time stamp: 0x54236ee1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x4e4
Faulting application start time: 0xLongTailPro.exe0
Faulting application path: LongTailPro.exe1
Faulting module path: LongTailPro.exe2
Report Id: LongTailPro.exe3
 
 
System errors:
=============
Error: (12/22/2014 04:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PortableVBoxUSBMon service failed to start due to the following error: 
%%3
 
Error: (12/22/2014 04:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PortableVBoxDRV service failed to start due to the following error: 
%%3
 
Error: (12/22/2014 04:49:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/22/2014 04:48:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (12/22/2014 03:56:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/22/2014 01:50:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PortableVBoxUSBMon service failed to start due to the following error: 
%%3
 
Error: (12/22/2014 01:50:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PortableVBoxDRV service failed to start due to the following error: 
%%3
 
Error: (12/22/2014 01:50:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/21/2014 09:53:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/21/2014 01:12:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PortableVBoxUSBMon service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (12/22/2014 04:50:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 01:57:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Ultimate Niche Finder.exe1.0.0.0548c7a9eunknown0.0.0.000000000c0000005051f4f0c69401d01dc52ef3f19bC:\Users\Kashif ali shaikh\AppData\Local\Apps\2.0\QPBX8L15.XQ5\VYVVVT3H.C2Z\ulti..tion_56c6219a1d453fe0_0002.0000_5186c3c736feb10f\Ultimate Niche Finder.exeunknown95723616-89b8-11e4-87ab-b870f4ffa6b1
 
Error: (12/22/2014 01:57:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ultimate Niche Finder.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.MessageBox(System.Runtime.InteropServices.HandleRef, System.String, System.String, Int32)
   at System.Windows.MessageBox.ShowCore(IntPtr, System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage, System.Windows.MessageBoxResult, System.Windows.MessageBoxOptions)
   at System.Windows.MessageBox.Show(System.String, System.String, System.Windows.MessageBoxButton, System.Windows.MessageBoxImage)
   at Keywords.App.Application_Startup(System.Object, System.Windows.StartupEventArgs)
   at System.Windows.Application.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Keywords.App.Main()
 
Error: (12/22/2014 01:51:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/22/2014 01:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LongTailPro.exe0.0.0.054236ee1unknown0.0.0.000000000c000000500000000461401d01d830f000e16C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro\LongTailPro\LongTailPro.exeunknowncd8213ad-89b1-11e4-9e37-b870f4ffa6b1
 
Error: (12/21/2014 01:12:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 06:49:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 05:42:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/20/2014 02:49:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TheBestSpinner.exe3.0.0.0525ef469KERNELBASE.dll6.1.7601.184095315a05ac0020001000000000000940d
 
Error: (12/20/2014 06:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: LongTailPro.exe0.0.0.054236ee1unknown0.0.0.000000000c0000005000000004e401d01c551a7f68e8C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro\LongTailPro\LongTailPro.exeunknown03cde556-884a-11e4-8141-b870f4ffa6b1
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-31 02:01:20.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-31 02:01:20.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 51%
Total physical RAM: 3766.71 MB
Available physical RAM: 1837.14 MB
Total Pagefile: 7531.59 MB
Available Pagefile: 5577.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:348.22 GB) (Free:34.32 GB) NTFS
Drive k: (Data stuff) (Fixed) (Total:102.44 GB) (Free:9.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4A74B501)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102.4 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 23 December 2014 - 04:04 PM.
Posted logs for ease~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 24 December 2014 - 08:38 AM

Hi samguy,
 
Did you set these proxies?:
172.245.133.214:80
116.236.216.116:8080
 
Do you use EasyLife and Yahoo?
 
Did you set this Hosts entry?:
192.185.51.204 phylix.com
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
URLSearchHook: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> DefaultScope {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Hotspot Shield Toolbar -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File
Toolbar: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Winsock: Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
CMD: netsh winsock reset
C:\ProgramData\MSRecovery.exe
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Answers to questions
  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 24 December 2014 - 05:38 PM

Hi Toffee,

 

Yes i did set 

I am not sure about these proxies if i did set them, but i do usually use some private proxies for some softwares.
172.245.133.214:80
116.236.216.116:8080

 
Do you use EasyLife and Yahoo? I do use yahoo messenger if thats what you are  referring  to but i am not sure about Easylife is it a  Firefox  plugin?
 
Did you set this Hosts entry?: Yes i did set this entry into the hosts file manualy myself.
192.185.51.204 phylix.com

 

Once again Thanks for your help highly appreciated. 

 

 

 

Here is the fixlog.txt

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014

Ran by Kashif ali shaikh at 2014-12-24 15:36:51 Run:1

Running from C:\Users\Kashif ali shaikh\Desktop

Loaded Profile: Kashif ali shaikh (Available profiles: Kashif ali shaikh)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File

URLSearchHook: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> DefaultScope {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {3D5AAE7A-2C24-4528-937C-89AEA76F3337} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

SearchScopes: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: Hotspot Shield Toolbar -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} -> C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File

Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Users\Kashif ali shaikh\AppData\LocalLow\Hotspot_Shield\prxtbHots.dll No File

Toolbar: HKU\S-1-5-21-656797800-3947181869-3880520273-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File

Winsock: Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

CMD: netsh winsock reset

C:\ProgramData\MSRecovery.exe

CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kashif ali shaikh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

AlternateDataStreams: C:\ProgramData\Temp:2AD33723

*****************

 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}" => Key deleted successfully.

HKU\S-1-5-21-656797800-3947181869-3880520273-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D5AAE7A-2C24-4528-937C-89AEA76F3337}" => Key deleted successfully.

HKCR\CLSID\{3D5AAE7A-2C24-4528-937C-89AEA76F3337} => Key not found. 

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.

HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key not found. 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value deleted successfully.

HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key not found. 

HKU\S-1-5-21-656797800-3947181869-3880520273-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value deleted successfully.

HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => Key not found. 

Winsock: Catalog5 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5-x64 entry 000000000002\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

 

=========  netsh winsock reset =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

C:\ProgramData\MSRecovery.exe => Moved successfully.

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

"HKU\S-1-5-21-656797800-3947181869-3880520273-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.

C:\ProgramData\Temp => ":2AD33723" ADS removed successfully.

 

==== End of Fixlog 15:36:55 ====


Edited by samguy, 24 December 2014 - 05:45 PM.


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 25 December 2014 - 02:42 PM

Hi samguy,
 
Thank you for the answers to the questions.
 

I do use yahoo messenger if thats what you are  referring  to but i am not sure about Easylife is it a  Firefox  plugin?

EasyLife is a search engine and website (but also has a searchplugin) which is considered as potentially unwanted (i.e. it was probably added when you installed a program).
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine,S: EasyLife
FF DefaultSearchUrl: hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=
FF SearchEngineOrder.1: EasyLife
FF SearchEngineOrder.1,S: EasyLife
FF SelectedSearchEngine,S: EasyLife
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
FF - prefs.js: browser.search.defaulturl - hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=
FF SearchPlugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\EasyLife.xml
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • FSS.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 25 December 2014 - 05:07 PM

Hello Toffee,

 

Here are the logs:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014

Ran by Kashif ali shaikh at 2014-12-25 15:02:24 Run:2

Running from C:\Users\Kashif ali shaikh\Desktop

Loaded Profile: Kashif ali shaikh (Available profiles: Kashif ali shaikh)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

FF DefaultSearchEngine: Yahoo!

FF DefaultSearchEngine,S: EasyLife

FF DefaultSearchUrl: hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=

FF SearchEngineOrder.1: EasyLife

FF SearchEngineOrder.1,S: EasyLife

FF SelectedSearchEngine,S: EasyLife

CHR DefaultSearchKeyword: Default -> yahoo.com search

CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms}

CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

FF - prefs.js: browser.search.defaulturl - hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q=

FF SearchPlugin: C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\EasyLife.xml

*****************

 

Firefox DefaultSearchEngine deleted successfully.

Firefox DefaultSearchEngine,S deleted successfully.

Firefox DefaultSearchUrl deleted successfully.

Firefox SearchEngineOrder.1 deleted successfully.

Firefox SearchEngineOrder.1,S deleted successfully.

Firefox SelectedSearchEngine,S deleted successfully.

Chrome DefaultSearchKeyword deleted successfully.

Chrome DefaultSearchURL deleted successfully.

Chrome DefaultSuggestURL deleted successfully.

FF - prefs.js: browser.search.defaulturl - hxxp://searchy.easylifeapp.com/?pid=377&src=ff2&r=2013/08/25&hid=692436134&lg=EN&cc=CA&l=1&q= => Error: No automatic fix found for this entry.

C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\searchplugins\EasyLife.xml => Moved successfully.

 

==== End of Fixlog 15:02:24 ====

 

 

 

Farbar Service Scanner Version: 21-07-2014

Ran by Kashif ali shaikh (administrator) on 25-12-2014 at 15:03:49

Running from "C:\Users\Kashif ali shaikh\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

 

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

Thanks a lot and have a nice day



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 27 December 2014 - 01:53 PM

Hi samguy,
 
We need to run a registry script:

  • First, make a system restore point using these instructions
  • Click the Windows Start Orb in the bottom-left
  • In the search box, type notepad, then click on Notepad to open it
  • Copy and paste the following text into the notepad document:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""
  • Click on File, then Save As...
  • Click on your Desktop as the save location, then in the file name box type: fix.reg
  • Click save and close the notepad document
  • Double-click the file fix.reg on your desktop
    note: if prompted by User Account Control, select Yes or Allow so the fix can continue
  • A message will appear about adding information into the registry, click Yes when prompted
  • A prompt should appear that the information was added successfully
    note: if not, please note the error message and post it in your next reply
  • Right-click on fix.reg and click Delete, then click Yes to confirm.

--------------
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 29 December 2014 - 03:51 PM

Hello,
 
How are your Toffee, Found some real threats, once again thanks for the help.
 
Emsisoft log
And
Eset Log
 
Again the site is not letting me paste the logs so I have attached them instead.
 
Thanks
 
K:\x spinner\X-Spinner\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Wicked Article Creator\wacscraper.exe Quarantined Trojan.Generic.12316266 (B)
C:\Wicked Article Creator\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Wicked Article Creator\Any Site Scraper.exe Quarantined Trojan.Generic.12318927 (B)
C:\Users\Kashif ali shaikh\Downloads\Rank+Leap+Pro.rar Quarantined Gen:Variant.Kazy.383433 (B)
C:\Users\Kashif ali shaikh\Downloads\cc0k0.Revo.Uninstaller.Pro.3.0.5.Final.Multilanguage.3264Bit..SceneDL.rar Quarantined Gen:Trojan.Heur.FU.euW@aytgAkf (B)
C:\Users\Kashif ali shaikh\Downloads\AccountStream.rar Quarantined Gen:Variant.Kazy.383433 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\SuperHAC\SuperHAC\IMSLoader.exe Quarantined Trojan.GenericKD.1566489 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\TraffikBuster\TraffikBuster\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Video Spin Blaster\Video Spin Blaster\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\UBot+4\UBot 4\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\TweetDemon\TweetDemon\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\TA4\TA4\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\spinnerchiefIIIrelease\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\spinnerchief2\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\SEDemon\SEDemon\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox\ScrapeBox\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox\ScrapeBox\Addons\sBportscanner.sB Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox.rar Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox-.44\ScrapeBox-.44\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox-.44\ScrapeBox-.44\Addons\sBdofollowtest.sB Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox-.44.rar Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox 1.16.0-IMS\ScrapeBox 1.16.0\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox 1.16.0-IMS\ScrapeBox 1.16.0\Addons\sBdofollowtest.sB Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\ScrapeBox 1.16.0-IMS\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\scrapBox dec 2 2014\ScrapeBox\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\scrapBox dec 2 2014\ScrapeBox\Addons\sBportscanner.sB Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\scrapBox dec 2 2014\ScrapeBox.rar Quarantined Gen:Variant.Graftor.ElzoB.20425 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\RapidContentWizard\RapidContentWizard\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Proxy+GoBlin\Proxy GoBlin\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Mass+Video+Blaster\Mass Video Blaster\Mass Video Blaster.exe Quarantined Gen:Variant.Kazy.307502 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Mass+Video+Blaster\Mass Video Blaster\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Mass+Video+Blaster.rar Quarantined Gen:Variant.Kazy.307502 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Mass Video Blaster Pro-old\Mass Video Blaster Pro\MassVideoBlasterPro.exe Quarantined Gen:Variant.Kazy.310999 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Mass Video Blaster Pro-old\Mass Video Blaster Pro\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Market+Samurai\Market Samurai\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro\LongTailPro\LongTailPro.exe Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro\LongTailPro\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro.rar Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro-old\LongTailPro\LongTailPro.exe Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\LongTailPro-old\LongTailPro\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kudani\Kudani 0.1.10\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine\kontentmachine.exe Quarantined Gen:Variant.Kazy.406300 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine\Kontent Machine new\kontentmachine.exe Quarantined Gen:Variant.Kazy.406300 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine\Kontent Machine new\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine\Kontent Machine 2.rar Quarantined Gen:Variant.Kazy.406300 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine 2\Kontent Machine 2\kontentmachine.exe Quarantined Gen:Variant.Kazy.406300 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Kontent Machine 2.rar Quarantined Gen:Variant.Kazy.406300 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\KMv3\KMv3\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\KMv3 (1)\Kontent Machine 3\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Juicy Titles\Juicy Titles\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\InstantArticleWizard\InstantArticleWizard\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\HyBridSpinner\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Get Article Pro\Get Article Pro\Update.exe Quarantined Trojan.Generic.8186244 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Get Article Pro\Get Article Pro\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Get Article Pro.rar Quarantined Trojan.Generic.8186244 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Digi Traffic Generator\Digi Traffic Generator\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\CurationSoft\CurationSoft\CurationSoft.exe Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\CurationSoft-1.rar Quarantined Gen:Variant.Kazy.392862 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\captchasniper4.03\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\captchasniper4.03\CSLoader.exe Quarantined Gen:Trojan.Heur.GM.0002436100 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\captcha sniper 4.5\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\captcha sniper 4.5\captcha new\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article+SuBmitter+Plus\Article SuBmitter Plus\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article+SuBmitter+Plus\Article SuBmitter Plus\data\ErrorStatus\Signup\articles4hire.com.html Quarantined Trojan.IFrame.ABO (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article+SuBmitter+Plus.rar Quarantined Trojan.IFrame.ABO (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article+Scrape+Chief\Article Scrape Chief\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article+Rewriter+Wizard\Article Rewriter Wizard\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\article rewrite assistant\ArticlesRewriteAssistant\ArticlesRewriteAssistant.exe Quarantined Gen:Variant.Kazy.509248 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\article rewrite assistant\Article+Rewrite+Assistant\ArticlesRewriteAssistant\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\article rewrite assistant\Article+Rewrite+Assistant\ArticlesRewriteAssistant\ArticlesRewriteAssistant.exe Quarantined Gen:Variant.Kazy.509248 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\article rewrite assistant\Article+Rewrite+Assistant.rar Quarantined Gen:Variant.Kazy.509248 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article Marketing RoBot\AMR\AMR\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Article Marketing RoBot\AMR.rar Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Amazon Niche Finder\Amazon Niche Finder\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AKV\AKV\Article Kevo.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AKV.rar Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream\AccountStream\AccountStreamYahoo.exe Quarantined Gen:Variant.Kazy.383433 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream\AccountStream\AccountStreamHotmail.exe Quarantined Gen:Variant.Kazy.521776 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream.rar Quarantined Gen:Variant.Kazy.383433 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountStream (1).rar Quarantined Gen:Variant.Kazy.383433 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\Accounts Dominator 64\AccountsDominator 64\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountCreatorChief\AccountCreatorChief\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountCreatorChief\AccountCreatorChief\AccountCreatorChief.exe Quarantined Gen:Variant.Strictor.26736 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\site cst working\AccountCreatorChief.rar Quarantined Gen:Variant.Strictor.26736 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\SENuke Inferno\SenukeX PRO2.4.14\Senuke+XCR\Senuke XCR\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\Market+Samurai.rar Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\CurationSoft\CurationSoft\CurationSoft.exe Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\DESKTOP NOV 2014\site soft\CurationSoft.rar Quarantined Gen:Variant.Kazy.392739 (B)
C:\Users\Kashif ali shaikh\Desktop\Desktop dec 9 2014\proxies\wacsetup.exe Quarantined Trojan.Generic.12318927 (B)
C:\Users\Kashif ali shaikh\Desktop\all data here\softwares\softwares\WeBCrack40.zip Quarantined Win95.CIH.Rest.Gen (B)
C:\Users\Kashif ali shaikh\Desktop\all data here\softwares\softwares1\Crack-Searching.exe Quarantined Trojan.GenericKD.2006249 (B)
C:\Users\Kashif ali shaikh\AppData\Roaming\Article SuBmitter Plus\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX-old-crack\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Users\Kashif ali shaikh\AppData\Local\SENukeX-may-8-14-old\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Program Files (x86)\SuBmit Suite\Article Spinner\IMSLoader.exe Quarantined Trojan.GenericKD.1369544 (B)
C:\Program Files (x86)\Koe\Magic Article Rewriter\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Program Files (x86)\Juicy Backlinks\Article Kevo\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Program Files (x86)\Juicy Backlinks\Article Kevo\Article Kevo.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Program Files (x86)\Article Marketing RoBot\IMSLoader.exe Quarantined Gen:Variant.Kazy.511156 (B)
C:\Program Files (x86)\Alexandr Krulik\Magic SuBmitter\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
C:\Program Files (x86)\Alexandr Krulik-old\Magic SuBmitter\IMSLoader.exe Quarantined Gen:Variant.Kazy.373230 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESCORT.DLL Quarantined Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Quarantined Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantined Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\CONDUIT Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SPROTECTOR Quarantined Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisaBleRegistryTools (A)
C:\Users\Kashif ali shaikh\AppData\Roaming\Mozilla\Firefox\Profiles\m3f04930.default\Extensions\{635aBd67-4fe9-1B23-4f01-e679fa7484c1} Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS Quarantined Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 Quarantined Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Quarantined Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{6536801B-F50C-449B-9476-093DFD3789E3} Quarantined Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BETTERSURF Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\SOFTONIC Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-656797800-3947181869-3880520273-1000\SOFTWARE\LOLLIPOP Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BBYLNTLBR.BBYLNTLBRHLPR.1 Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BBYLNTLBR.BBYLNTLBRHLPR Quarantined Application.AdReg (A)
C:\Program Files (x86)\BaBylon Quarantined Application.AppInstall (A)
C:\Users\Kashif ali shaikh\AppData\Local\lollipop Quarantined Application.AppInstall (A)
C:\Users\Kashif ali shaikh\AppData\Local\BlekkotB Quarantined Application.AppInstall (A)
C:\Users\Kashif ali shaikh\AppData\Local\apn Quarantined Application.AppInstall (A)
C:\ProgramData\ytd video downloader Quarantined Application.AppInstall (A)
C:\ProgramData\trymedia Quarantined Application.AppInstall (A)
C:\ProgramData\starapp Quarantined Application.AppInstall (A)
C:\Users\Kashif ali shaikh\AppData\Roaming\pdfforge Quarantined Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader Quarantined Application.AdStart (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Quarantined Application.AdGenie (A)
 
Quarantined 142

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1LFNUO.js HTML/Iframe.B.Gen virus
C:\Users\Kashif ali shaikh\AppData\Roaming\Maxthon3\Temp\WeBkit\FSProfile\File System\002\t\00\00000000 a variant of Win32/Adware.MultiPlug.DZ application cleaned By deleting - quarantined
C:\Users\Kashif ali shaikh\AppData\Roaming\Maxthon3\Temp\WeBkit\FSProfile\File System\003\t\00\00000001 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\AppData\Roaming\Maxthon3\Temp\WeBkit\FSProfile\File System\003\t\00\00000002 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\FreeVideoToFlashConverter.exe Win32/ToolBar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\FreeYouTuBeUploader (1).exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\FreeYouTuBeUploader.exe Win32/ToolBar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\HSS-3.42-install-hss-561-conduit.exe Win32/ToolBar.Conduit potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\pal_install_r1303.exe a variant of Win32/Bundled.ToolBar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\NCH\NCH DeBut Video Capture Professional v 1.64\Setup\deButsetup.exe a variant of Win32/ToolBar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\php4ts.dll\FixMyRegistry.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
C:\Users\Kashif ali shaikh\Downloads\php_yaz.dll\FixMyRegistry.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
C:\wamp\www\wp\wp-content\plugins\WPRoBot4\IMSoldiers.php PHP/OBfuscated.E potentially unwanted application deleted - quarantined
C:\Windows\assemBly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__B03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll a variant of Win32/ToolBar.Linkury.G potentially unwanted application deleted - quarantined
C:\Windows\assemBly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/ToolBar.Linkury.G potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\impCA1LFNUO.js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\Temp\ytdToolBar.exe a variant of Win32/ToolBar.Widgi.B potentially unwanted application deleted - quarantined

Attached Files


Edited by xXToffeeXx, 30 December 2014 - 03:16 PM.
Posted logs for ease~


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 30 December 2014 - 03:17 PM

Hi samguy,
 
How is your computer running?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 samguy

samguy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 31 December 2014 - 01:46 AM

Hey Toffee,

 

Saw some great improvements in my computer, Its running much better and faster, load time has dramatically decreased :) Thanks a lot for the help.

 

Wish you very very happy new year and best of luck for your future.

 

Thanks


Edited by samguy, 31 December 2014 - 01:47 AM.


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:53 PM

Posted 31 December 2014 - 04:52 PM

Hi samguy,
 
I'm glad to hear everything is working really well.
 
A couple of quick things before you go:
 
I don't see an Antivirus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast! (offers Google Chrome or Google Docs), Antivir (automatically installs the Ask Toolbar) and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
 
--------------
 
Your version of Adobe Flash is out of date.

Please follow these steps to remove older version Adobe Flash components and update:

  • Download the latest version of Adobe Flash and save it to your desktop.
  • Note: If you use Google Chrome or Firefox then there is no need to download Adobe Flash, if you also use Internet Explorer then use that browser to download Flash.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Flash in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Flash uninstaller.
  • Reboot your computer once Adobe Flash is removed.
  • Then from your desktop double-click on the Adobe Flash installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as Google Chrome and Google Toolbar); just uncheck the box before continuing unless you want these programs.

--------------

Your version of Adobe Reader is out of date.
 
Please follow these steps to remove older version Adobe Reader components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Reader uninstaller.
  • Reboot your computer once Adobe Reader is removed.
  • Then from your desktop double-click on the Adobe Reader installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as the McAfee Security Plan Plus); just uncheck the box before continuing unless you want it.
  • Adobe Reader is updated frequently. If you want to be automatically notified of future updates, or automatically have them installed then make sure to check the option in the installer

--------------

Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
  • Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users