Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All .jpg(image) files renamed & re-typed as .b567 file type


  • This topic is locked This topic is locked
11 replies to this topic

#1 nazia

nazia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 24 November 2016 - 01:28 PM

Hi Moderators
All my images files have been encrypted/inaccessible.
Am assuming only .jpg/.jpeg files are renamed (with weird names) and also type is changed to ".b567" file type.
 
1) I've downloaded & run your tool "Farbar recovery Scan Tool", it has generated two log files
I've pasted FRST.txt & attached Addition.txt
 
2) I'm suspecting that this exe file(malware) has triggered all this mess
C:\Users\Nazia\Downloads\Install_Flash_0.9.2.1.exe
I've deleted this exe file now
 
3) I've also deleted everything from the %temp% folder
 
Please help me get all  my image files back de-crypted.
 
 
Thanks in advance!!
 
Thanks
Nazia
 
_______________________________________________________________________________________
Below is FRST.txt log 
-----------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Nazia (administrator) on NAZIA-PC (24-11-2016 03:01:00)
Running from C:\Users\Nazia\Downloads
Loaded Profiles: Nazia (Available Profiles: Nazia)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
(GameHouse) C:\Program Files\GameHouse Games\aminstantservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(SupportSoft, Inc.) C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Apache Software Foundation) C:\Program Files\Atlassian\JIRA\bin\tomcat6.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(MyWebSearch.com) C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SupportSoft, Inc.) C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(SupportSoft, Inc.) C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-15] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-21] (IDT, Inc.)
HKLM\...\Run: [HPCam_Menu] => c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [567864 2009-08-25] ()
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-07-02] (DigitalPersona, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-21] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-30] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-24] (Hewlett-Packard)
HKLM\...\Run: [netxpert] => C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe [206120 2009-12-22] (SupportSoft, Inc.)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] => C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE [28783 2010-09-04] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [32849 2010-09-04] (MyWebSearch.com)
HKLM\...\Run: [Anti-phishing Domain Advisor] => C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-21] (Hewlett-Packard Company)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-14] (Google Inc.)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-30] (Hewlett-Packard)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [googletalk] => C:\Users\Nazia\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [MyWebSearch Email Plugin] => C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [32849 2010-09-04] (MyWebSearch.com)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [GoogleChromeAutoLaunch_FDF8DD9FEEE6B76244388C4590D0CDAE] => C:\Program Files\Google\Chrome\Application\chrome.exe [921192 2016-11-09] (Google Inc.)
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [uTorrent] => C:\Users\Nazia\AppData\Local\Temp\utt84.tmp.exe [1329744 2014-08-30] (BitTorrent Inc.) <===== ATTENTION
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-06-04] (Microsoft Corporation)
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-03-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2010-03-14]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\..\Interfaces\{11442234-2BF2-4B1B-B031-C65C84DBF13D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13F665E9-1583-4670-8073-328D91A478BF}: [DhcpNameServer] 125.22.47.125 125.22.47.100
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/26
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113924&tt=2912_8&babsrc=HP_ss&mntrId=e436f914000000000000c417fe0bcafc
HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
URLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: HKLM - Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 - Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
URLSearchHook: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33EC25D4-49DC-4163-9728-F846585E6972} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm095YYIN&ptb=CGTNiuBEf6pNisCLB.aTYg&ind=2010090402&ptnrS=GRxdm095YYIN&si=44106&n=77cf8ba2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113924&tt=2912_8&babsrc=SP_ss&mntrId=e436f914000000000000c417fe0bcafc
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=113924&tt=2912_8&babsrc=SP_ss&mntrId=e436f914000000000000c417fe0bcafc
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {33EC25D4-49DC-4163-9728-F846585E6972} URL = hxxp://www.bing.com/search?FORM=DCF2DF&PC=DCF2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=165B581DDB1E7E58D9DD404FCF87851A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm095YYIN&ptb=CGTNiuBEf6pNisCLB.aTYg&ind=2010090402&ptnrS=GRxdm095YYIN&si=44106&n=77cf8ba2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.in/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPC_en
SearchScopes: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2010-09-04] (MyWebSearch.com)
BHO: mwsBar BHO -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} -> C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-09-04] (MyWebSearch.com)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-28] (Adobe Systems Incorporated)
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14] (Babylon BHO)
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18] (Conduit Ltd.)
BHO: DigitalPersona Personal Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-07-02] (DigitalPersona, Inc.)
BHO: Softonic-Eng7 Toolbar -> {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -> C:\Program Files\Softonic-Eng7\tbSof0.dll [2010-10-18] (Conduit Ltd.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26] (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL [2010-02-04] (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-10] (Oracle Corporation)
BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\tbZyng.dll [2010-02-22] (Conduit Ltd.)
BHO: blekko search bar -> {8769adce-dba5-48e9-afb5-67b12cdf2e61} -> C:\Program Files\blekkotb_031\blekkotb_019X.dll [2012-05-19] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-01] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-10] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26] (Symantec Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll [2010-02-22] (Conduit Ltd.)
Toolbar: HKLM - Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll [2010-10-18] (Conduit Ltd.)
Toolbar: HKLM - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-09-04] (MyWebSearch.com)
Toolbar: HKLM - blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll [2012-05-19] ()
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14] (Babylon Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll [2010-02-22] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> Softonic-Eng7 Toolbar - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof0.dll [2010-10-18] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-5/myWebFaceInitialSetup1.0.1.3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: itpw5rrt.default
FF ProfilePath: C:\Users\Nazia\AppData\Roaming\Mozilla\Firefox\Profiles\itpw5rrt.default [2016-10-18]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn
FF Extension: (Norton IPS) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn [2010-04-27] [not signed]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-03-09] [not signed]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn [2010-04-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-04-29] [not signed]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin
FF Extension: (My Web Search) - C:\Program Files\MyWebSearch\bar\1.bin [2010-09-04] [not signed]
FF HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2009-07-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-11] (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin -> C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll [2010-09-04] (MyWebSearch.com)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-25] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin HKU\S-1-5-21-1120201601-1948613142-3013039472-1000: SkypePlugin -> C:\Users\Nazia\AppData\Local\SkypePlugin\7.23.0.54\npGatewayNpapi.dll [2016-08-11] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll => No File
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Angry Birds) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-11]
CHR Extension: (uTorrentBar) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-06-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2786678&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Skype Calling) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-28]
CHR Extension: (Gmail Offline) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-01-24]
CHR Extension: (Postman) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-11-13]
CHR Extension: (Smartr Inbox for Gmail) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli [2013-04-12]
CHR Extension: (Splitter) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gepgancokockkbgiminkibimdfnklmka [2012-09-15]
CHR Extension: (The Times of India) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkifncilkifgngmpmnmokphicplifhnn [2012-09-10]
CHR Extension: (Isoball 3) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-01-24]
CHR Extension: (Color Piano!) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2015-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Nazia\AppData\Local\Temp\ccex.crx [2011-11-28]
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Nazia\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMInstantService; C:\Program Files\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-07-02] (DigitalPersona, Inc.) [File not signed]
S3 GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [246520 2010-06-19] (WildTangent, Inc.)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-16] (Hewlett-Packard) [File not signed]
R2 JIRA220712222543; C:\Program Files\Atlassian\JIRA\bin\tomcat6.exe [74240 2012-05-06] (Apache Software Foundation) [File not signed]
R2 LDrvSvc; c:\program files\ostotosoft\drivertalent\LDrvSvc.dll [172200 2016-07-28] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-21] (Hewlett-Packard Company) [File not signed]
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8918 2012-02-12] () [File not signed]
R2 MyWebSearchService; C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE [28762 2010-09-04] (MyWebSearch.com) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [126392 2010-02-26] (Symantec Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [49152 2011-08-27] () [File not signed]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [69632 2011-08-27] (Oracle Corporation) [File not signed]
S2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [115773440 2011-08-27] (Oracle Corporation) [File not signed]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [12800 2011-08-27] (Oracle Corporation) [File not signed]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [512000 2011-08-27] (Oracle Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 sprtsvc_netxpert; C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe [206120 2009-12-22] (SupportSoft, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe [221266 2009-10-21] (IDT, Inc.)
R2 tgsrvc_netxpert; C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe [185640 2009-12-22] (SupportSoft, Inc.)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-13] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe [115856 2016-04-26] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [537136 2010-04-29] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys [501888 2010-02-26] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2009-08-29] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSvix86.sys [343088 2009-10-29] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\NAVENG.SYS [84912 2010-04-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\NAVEX15.SYS [1324720 2010-04-01] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS [325680 2010-02-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS [43696 2010-02-27] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1106000.020\SYMDS.SYS [328752 2009-08-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1106000.020\SYMEFA.SYS [172592 2010-02-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-03-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS [116784 2010-02-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS [340016 2010-02-04] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-24 03:01 - 2016-11-24 03:01 - 00034925 _____ C:\Users\Nazia\Downloads\FRST.txt
2016-11-24 03:00 - 2016-11-24 03:01 - 00000000 ____D C:\FRST
2016-11-24 02:50 - 2016-11-24 02:51 - 01761280 _____ (Farbar) C:\Users\Nazia\Downloads\FRST.exe
2016-11-24 02:46 - 2016-11-24 02:46 - 00000000 ____D C:\Users\Nazia\restored
2016-11-24 02:46 - 2016-11-24 02:46 - 00000000 ____D C:\Users\Nazia\New folder
2016-11-14 19:41 - 2016-11-14 19:41 - 00000000 ____D C:\Users\Nazia\Downloads\PERSONAL
2016-11-14 18:08 - 2016-11-14 19:20 - 3772702155 _____ C:\Users\Nazia\Downloads\PERSONAL.zip
2016-11-13 05:30 - 2016-11-13 05:30 - 86080888 _____ C:\Users\Nazia\Downloads\tqYPP4F4za.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 33805899 _____ C:\Users\Nazia\Desktop\SyAd_fbdG-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 327340585 _____ C:\Users\Nazia\Downloads\C8sKPX7Uuz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 27742342 _____ C:\Users\Nazia\Downloads\Svmm7KBwqS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 25339474 _____ C:\Users\Nazia\Downloads\Z34Z6ooa1b.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 25339474 _____ C:\Users\Nazia\Downloads\V8cVcINYYH.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 25339466 _____ C:\Users\Nazia\Downloads\ToxbMkE_38.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 25339452 _____ C:\Users\Nazia\Downloads\X-O2MKigo3.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 222393615 _____ C:\Users\Nazia\Downloads\HtfcA_EXfa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 185488385 _____ C:\Users\Nazia\Downloads\lnFoZZGh1J.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 143284536 _____ C:\Users\Nazia\Downloads\ibG3rtIS4a.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 14301061 _____ C:\Users\Nazia\Downloads\tZ_F1aBmZ-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 11501065 _____ C:\Users\Nazia\Downloads\nlVLjAA6jw.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 11227614 _____ C:\Users\Nazia\Documents\k7ncyT8OMF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 10141545 _____ C:\Users\Nazia\Downloads\V2uiLHWEVN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 08170136 _____ C:\Users\Nazia\Downloads\aTDDaHirv7.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 07574704 _____ C:\Users\Nazia\Downloads\YtxW0kprTZ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 06699879 _____ C:\Users\Nazia\Downloads\2Qjts3UvSs.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 06452962 _____ C:\Users\Nazia\Downloads\VDCdpGtaG0.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05877017 _____ C:\Users\Nazia\Downloads\PACgtrUHYS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05776768 _____ C:\Users\Nazia\Downloads\dDYUfxj-W7.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05632037 _____ C:\Users\Nazia\Downloads\X4DTlk73Ix.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05545226 _____ C:\Users\Nazia\Downloads\1nhfXWkQQz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05521346 _____ C:\Users\Nazia\Downloads\J_rysX9nbO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05459304 _____ C:\Users\Nazia\Downloads\7MNqXRORll.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05411348 _____ C:\Users\Nazia\Downloads\sBSLWee0ms.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05400560 _____ C:\Users\Nazia\Downloads\3BEdBLA9I1.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05118288 _____ C:\Users\Nazia\Downloads\ANByKe4Pui.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05091142 _____ C:\Users\Nazia\Downloads\1W_eTixEJY.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05057606 _____ C:\Users\Nazia\Downloads\LWc2DYpq8m.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05006668 _____ C:\Users\Nazia\Downloads\K3ym9J4VyP.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 05003104 _____ C:\Users\Nazia\Downloads\m4akrIgOmg.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 04988746 _____ C:\Users\Nazia\Downloads\m_ooxgdfrV.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 04984891 _____ C:\Users\Nazia\Downloads\oKI-Dz4nBP.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 04687618 _____ C:\Users\Nazia\Downloads\QXAvN-srtr.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 04687610 _____ C:\Users\Nazia\Downloads\bIj9MmJCQ-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 04301690 _____ C:\Users\Nazia\Downloads\d04damOGes.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03749511 _____ C:\Users\Nazia\Downloads\th4RaPyyVx.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03749503 _____ C:\Users\Nazia\Downloads\CI52pf5LfX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03747324 _____ C:\Users\Nazia\Downloads\46u75GGbhT.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03657555 _____ C:\Users\Nazia\Downloads\jedthSzZbI.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03412679 _____ C:\Users\Nazia\Downloads\mzUwy4i068.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03234920 _____ C:\Users\Nazia\Downloads\2IdDv40lES.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03056140 _____ C:\Users\Nazia\Downloads\t8t792hEgz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 03056140 _____ C:\Users\Nazia\Documents\1sqBqHAykb.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02853398 _____ C:\Users\Nazia\Downloads\psRnywT2dN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02769664 _____ C:\Users\Nazia\Downloads\3H3qKJ7ibI.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02631158 _____ C:\Users\Nazia\Downloads\7yoBst50m4.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02461513 _____ C:\Users\Nazia\W_UGn9yT2O.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02333853 _____ C:\Users\Nazia\vPXELfcXOS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 02145477 _____ C:\Users\Nazia\Downloads\PqvIjv3WBp.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01734985 _____ C:\Users\Nazia\Downloads\Q232tCv7zF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01702778 _____ C:\Users\Nazia\Downloads\JvmgcfVTbz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01503542 _____ C:\Users\Nazia\Downloads\iIxr7ZO32Y.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01406388 _____ C:\Users\Nazia\Downloads\2maklZjXKM.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01374208 _____ C:\Users\Nazia\Downloads\bhqYnJgjBA.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01328176 _____ C:\Users\Nazia\Downloads\iyV8Tr4qEU.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01328168 _____ C:\Users\Nazia\Downloads\RMeKX2TGZl.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01304483 _____ C:\Users\Nazia\Downloads\h41oTCGqmO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01066591 _____ C:\Users\Nazia\Downloads\UmlpCTUYC-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 01046102 _____ C:\Users\Nazia\Downloads\veDunPjbiy.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00999354 _____ C:\Users\Nazia\Downloads\mIhip2xy8T.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00949917 _____ C:\Users\Nazia\Downloads\iMYtP18il-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00939965 _____ C:\Users\Nazia\Downloads\Wc_We5MImQ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00919834 _____ C:\Users\Nazia\Downloads\ZBExf7rMv6.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00910538 _____ C:\Users\Nazia\Downloads\0ltRQvD7c-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00863399 _____ C:\Users\Nazia\Downloads\7s8HYEkBys.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00863369 _____ C:\Users\Nazia\Downloads\ghSww97N5G.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00847336 _____ C:\Users\Nazia\Downloads\01DlajvLn_.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00788192 _____ C:\Users\Nazia\Downloads\LWi2AlrS9R.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00744818 _____ C:\Users\Nazia\Downloads\KB7XmzJDIH.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00744816 _____ C:\Users\Nazia\Downloads\42Jh8N9GJT.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00716021 _____ C:\Users\Nazia\Desktop\QLYphoiAOI.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00703510 _____ C:\Users\Nazia\Downloads\kHTVNVWwaX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00703510 _____ C:\Users\Nazia\Downloads\JEO4_VDdJk.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00703510 _____ C:\Users\Nazia\Downloads\EA6jqPl-JF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00703502 _____ C:\Users\Nazia\Downloads\C0Y3qE3P5F.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00700389 _____ C:\Users\Nazia\Documents\kw_v2w3jAf.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00699668 _____ C:\Users\Nazia\Downloads\bYIYKSX7Rs.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00618246 _____ C:\Users\Nazia\Downloads\wtdeF9-Ogz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00617970 _____ C:\Users\Nazia\Downloads\tuGhf_838T.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00601793 _____ C:\Users\Nazia\Downloads\9bDBwv55CF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00533124 _____ C:\Users\Nazia\Downloads\Nz8mZaKTEn.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00512460 _____ C:\Users\Nazia\Downloads\OaHaDluQcZ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00502616 _____ C:\Users\Nazia\Downloads\SpNJJQTMR9.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00483576 _____ C:\Users\Nazia\Downloads\6nYRpTeOTV.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00401967 _____ C:\Users\Nazia\Downloads\edE9VcGiUt.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00393523 _____ C:\Users\Nazia\Downloads\Tfq6Ci0L0V.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00380975 _____ C:\Users\Nazia\Desktop\8SXg3Y9gR8.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00380921 _____ C:\Users\Nazia\Downloads\Af9pTk6uVU.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00372802 _____ C:\Users\Nazia\Downloads\0TiKbp-MJm.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00370744 _____ C:\Users\Nazia\Downloads\TxLSEPaHeP.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00337495 _____ C:\Users\Nazia\Downloads\RmGjkDkT_b.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00321881 _____ C:\Users\Nazia\Downloads\abqxzU8v-z.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00320392 _____ C:\Users\Nazia\Downloads\xPipWXwAuY.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00315384 _____ C:\Users\Nazia\Downloads\WzE6lCibxs.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00304867 _____ C:\Users\Nazia\Downloads\zq2XoSrnqq.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00281074 _____ C:\Users\Nazia\Downloads\g-O7Z1OinY.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00280998 _____ C:\Users\Nazia\Desktop\Fs7V9ANWzE.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00273487 _____ C:\Users\Nazia\Downloads\VX8MRj4Ynu.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00267377 _____ C:\Users\Nazia\Downloads\MkHObszDTZ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00265138 _____ C:\Users\Nazia\Documents\n9EL-6EjPX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00265126 _____ C:\Users\Nazia\Downloads\jwfNg9gkXW.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00262614 _____ C:\Users\Nazia\Desktop\6nNC7JG1j7.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00262592 _____ C:\Users\Nazia\Downloads\pV2ljY3-lo.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00251014 _____ C:\Users\Nazia\Downloads\BEE9HMpGbX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00243777 _____ C:\Users\Nazia\Downloads\-iXV6pFVK9.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00238635 _____ C:\Users\Nazia\Downloads\akhoTbcCAJ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00228369 _____ C:\Users\Nazia\Downloads\fmBnjr_wNc.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00223185 _____ C:\Users\Nazia\Downloads\hoxIs4Ys-j.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00211542 _____ C:\Users\Nazia\Downloads\0ohs21sLvp.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00200776 _____ C:\Users\Nazia\Downloads\F4Mxog0oir.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00197511 _____ C:\Users\Nazia\Downloads\SsE5tNu4Bl.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00197511 _____ C:\Users\Nazia\Downloads\MbQlZ_oZ9v.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00197511 _____ C:\Users\Nazia\Downloads\fONYejPFgY.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00197503 _____ C:\Users\Nazia\Downloads\4LhMVPShzC.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00193250 _____ C:\Users\Nazia\Downloads\1FRWQZ1TDX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00186821 _____ C:\Users\Nazia\Downloads\XPwTbhLdkM.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00182244 _____ C:\Users\Nazia\Downloads\ErERZ2wqJv.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00147894 _____ C:\Users\Nazia\Downloads\3t4ySEuCBA.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00123312 _____ C:\Users\Nazia\Downloads\h9GQoIjCGU.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00123304 _____ C:\Users\Nazia\Downloads\9DGA2-nC2u.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00118687 _____ C:\Users\Nazia\Downloads\h4Lg7yQvSM.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00118679 _____ C:\Users\Nazia\Downloads\G_-6Ug5nMe.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00118156 _____ C:\Users\Nazia\Downloads\r96Lt3iyy-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00109225 _____ C:\Users\Nazia\Desktop\zaeGO819IW.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00108975 _____ C:\Users\Nazia\Downloads\kB-NK-3ouz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00107456 _____ C:\Users\Nazia\Downloads\sNX1Am3rPy.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00103898 _____ C:\Users\Nazia\Documents\c68fIVjgFG.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00097718 _____ C:\Users\Nazia\Downloads\mbj9xHsNtA.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00097702 _____ C:\Users\Nazia\Downloads\96XxLpHEA9.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00097057 _____ C:\Users\Nazia\Downloads\ODa_HU5_mO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00097057 _____ C:\Users\Nazia\Documents\Ozp5vzP095.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00094295 _____ C:\Users\Nazia\Downloads\JcwYPdJtol.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00092799 _____ C:\Users\Nazia\Desktop\SlIb7Wjj67.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00090791 _____ C:\Users\Nazia\Downloads\tgbAkcLqiY.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00083143 _____ C:\Users\Nazia\Downloads\nTMq0LUhSx.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00078256 _____ C:\Users\Nazia\Downloads\NKy4QvVJWS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077248 _____ C:\Users\Nazia\Downloads\X9LbxssmRZ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077248 _____ C:\Users\Nazia\Downloads\pL1M-J0QUR.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077248 _____ C:\Users\Nazia\Downloads\L6dg8ceEgv.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077248 _____ C:\Users\Nazia\Downloads\aorPWYosud.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077240 _____ C:\Users\Nazia\Downloads\q4gL37GQSG.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00077240 _____ C:\Users\Nazia\Desktop\1yiyjR_TEc.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00073056 _____ C:\Users\Nazia\Downloads\TEwRyOmHKv.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00068643 _____ C:\Users\Nazia\Downloads\Bs1Zk-TwI5.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00067712 _____ C:\Users\Nazia\README.hta
2016-11-13 05:30 - 2016-11-13 05:30 - 00067712 _____ C:\Users\Nazia\Downloads\README.hta
2016-11-13 05:30 - 2016-11-13 05:30 - 00067712 _____ C:\Users\Nazia\Documents\README.hta
2016-11-13 05:30 - 2016-11-13 05:30 - 00067712 _____ C:\Users\Nazia\Desktop\README.hta
2016-11-13 05:30 - 2016-11-13 05:30 - 00067712 _____ C:\README.hta
2016-11-13 05:30 - 2016-11-13 05:30 - 00067292 _____ C:\Users\Nazia\Downloads\JHRtA12WgP.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00063041 _____ C:\Users\Nazia\Desktop\Ip8owUnUHF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00061922 _____ C:\Users\Nazia\Downloads\XwfO1vQK4u.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00061548 _____ C:\Users\Nazia\1a3APGx4Hs.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00059810 _____ C:\Users\Nazia\Documents\qV0J3gVSe7.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00059448 _____ C:\Users\Nazia\Downloads\UDgQllwg6L.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00059448 _____ C:\Users\Nazia\Downloads\rHLqB6lCvA.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00059448 _____ C:\Users\Nazia\Downloads\jA9X1nRip-.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00059440 _____ C:\Users\Nazia\Downloads\oHqV7UkNDa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00058799 _____ C:\Users\Nazia\Desktop\eluv98QQVx.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00058534 _____ C:\Users\Nazia\Desktop\mVWL9OIGnz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00054454 _____ C:\Users\Nazia\Downloads\DIDgMynor4.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00054294 _____ C:\Users\Nazia\Downloads\j9ePIwXDJd.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00052174 _____ C:\Users\Nazia\Downloads\qQQPwjMRr3.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00050612 _____ C:\Users\Nazia\Downloads\T1bPyL_D1i.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00050108 _____ C:\Users\Nazia\Downloads\UzX81vQi_4.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00047030 _____ C:\Users\Nazia\Downloads\yRS4DRjXZB.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00046026 _____ C:\Users\Nazia\Downloads\HLfNhlOqzn.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00046018 _____ C:\Users\Nazia\Downloads\jYmaK99j1z.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00044854 _____ C:\Users\Nazia\Downloads\c1ZoelWeUX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00043551 _____ C:\Users\Nazia\Downloads\RU55jBUdK3.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00042988 _____ C:\Users\Nazia\Downloads\cOVOqel-hU.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00038850 _____ C:\Users\Nazia\Downloads\1r3UU2cELa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00038314 _____ C:\Users\Nazia\Downloads\-_bw-uwB6w.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00037834 _____ C:\Users\Nazia\Downloads\kmBp1dJTEA.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00037822 _____ C:\Users\Nazia\Downloads\7G01Qnbcip.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00036884 _____ C:\Users\Nazia\Downloads\WKLAPmFoVc.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00036276 _____ C:\Users\Nazia\Downloads\tU9gFMYBcN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00035256 _____ C:\Users\Nazia\Downloads\bhNWoLSX1u.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00034676 _____ C:\Users\Nazia\Downloads\UBek-xpp6s.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00034295 _____ C:\Users\Nazia\Downloads\HBfk3ov25Z.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00034230 _____ C:\Users\Nazia\Downloads\9gTTIfYrY6.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00034228 _____ C:\Users\Nazia\wbODzCQEmN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00034222 _____ C:\Users\Nazia\Downloads\Rcnyt9XEeZ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00033742 _____ C:\Users\Nazia\hUezexst7L.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00033712 _____ C:\Users\Nazia\Downloads\OUvwm5Sh_H.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00033217 _____ C:\Users\Nazia\Desktop\g5ZC79jmT2.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00033216 _____ C:\Users\Nazia\Downloads\4pPbOzUtsa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00033206 _____ C:\Users\Nazia\J3owvLNqaK.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00031702 _____ C:\Users\Nazia\Downloads\b49DfXi1vo.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00031252 _____ C:\Users\Nazia\Downloads\_6K2QtfRmN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00031252 _____ C:\Users\Nazia\Desktop\RVhwe82AkM.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00030662 _____ C:\Users\Nazia\Downloads\ZqYWmKrO0T.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00030238 _____ C:\Users\Nazia\Downloads\tb8liXOB6r.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00029693 _____ C:\Users\Nazia\Desktop\6YSZw-JU21.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00028106 _____ C:\Users\Nazia\Downloads\m3qG4o2yPN.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00028098 _____ C:\Users\Nazia\uCa520a5kk.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00028098 _____ C:\Users\Nazia\Downloads\fk88p1jFo3.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00027054 _____ C:\Users\Nazia\UutBJLVUbS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00026584 _____ C:\Users\Nazia\Downloads\aqG4Ktciw4.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00026564 _____ C:\Users\Nazia\Downloads\Wt-IlN3m8C.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00026090 _____ C:\Users\Nazia\Downloads\0RtJw2upfg.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00025560 _____ C:\Users\Nazia\Downloads\W7bMhnNv7e.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00025370 _____ C:\Users\Nazia\Downloads\vFITS7PgCa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00025110 _____ C:\Users\Nazia\Desktop\b8P-HbKFmX.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00023464 _____ C:\Users\Nazia\Downloads\up4DJTFYSs.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00021432 _____ C:\Users\Nazia\qBy7u9C-bO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018370 _____ C:\Users\Nazia\Documents\k9f2wBrIAH.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\W9OLHVM2Ad.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\r2Uw_ggulr.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\oPyuFlXmdo.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\d9e5Z5x4aI.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\D4VXTtCiSw.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\5lA54Lxm_M.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00018160 _____ C:\24WD8Y46tS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00017380 _____ C:\Users\Nazia\Downloads\9zsZvp6WgF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00017274 _____ C:\Users\Nazia\Desktop\RZMA7F5B-P.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00017047 _____ C:\Users\Nazia\Downloads\25hfuWj4Fd.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00016070 _____ C:\Users\Nazia\Downloads\2ZR9n0MddC.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00015423 _____ C:\Users\Nazia\Downloads\rWcaQjazwo.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00014280 _____ C:\Users\Nazia\YFL_lmIfO6.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00014057 _____ C:\Users\Nazia\Downloads\nF0dqLYXq2.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00013706 _____ C:\Users\Nazia\Downloads\pi3tjbAw_2.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00013126 _____ C:\Users\Nazia\Downloads\-e1h2qELkv.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00012550 _____ C:\Users\Nazia\Documents\isRmAhmw-h.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00011627 _____ C:\Users\Nazia\Downloads\StQ-zdUaYF.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00011556 _____ C:\Users\Nazia\Desktop\2Sxgrh6X8I.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00011054 _____ C:\Users\Nazia\Desktop\odkEOI0Fyt.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00011052 _____ C:\Users\Nazia\Desktop\zvWnVZiF3p.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00010831 _____ C:\Users\Nazia\Downloads\WFEV2mz8hp.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00010560 _____ C:\JA0GsIcaAD.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00010484 _____ C:\Users\Nazia\Downloads\bXPbYo0YAr.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00009997 _____ C:\Users\Nazia\Desktop\24T7RnO3o8.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00009985 _____ C:\Users\Nazia\Desktop\tuOhWVoe4J.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00009502 _____ C:\Users\Nazia\Desktop\k7y60xa4NB.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00009143 _____ C:\Users\Nazia\Desktop\z9uiy_SY9T.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00008272 _____ C:\Users\Nazia\Desktop\b_bsnAzy-Q.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00007690 _____ C:\Users\Nazia\Desktop\tV-5kBfh65.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00007079 _____ C:\Users\Nazia\Downloads\Jc-U3aqVbS.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006695 _____ C:\Users\Nazia\Downloads\w3WRupCgyz.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006692 _____ C:\Users\Nazia\Downloads\3yVmd6jnmm.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006691 _____ C:\Users\Nazia\Downloads\ZdSz5NGu_i.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006691 _____ C:\Users\Nazia\Downloads\oEUWPl9om3.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006674 _____ C:\Users\Nazia\Downloads\hbwzesh3cO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006672 _____ C:\Users\Nazia\Downloads\QuI5s4cst7.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006663 _____ C:\Users\Nazia\Downloads\qrpj_6rewl.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006662 _____ C:\Users\Nazia\Downloads\A4-4l01Alx.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006661 _____ C:\Users\Nazia\Downloads\JBhRmbTjfM.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006661 _____ C:\Users\Nazia\Downloads\AJPiiWNEat.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006659 _____ C:\Users\Nazia\Downloads\ecNGWeW59r.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006655 _____ C:\Users\Nazia\Downloads\_2HQkqfZDa.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006653 _____ C:\Users\Nazia\Downloads\u1H_0wqdMl.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006647 _____ C:\Users\Nazia\Downloads\YRocmjpbtQ.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006637 _____ C:\Users\Nazia\Downloads\631srOvYwR.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00006288 _____ C:\Users\Nazia\Downloads\za5T369xwO.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00005644 _____ C:\Users\Nazia\Downloads\bpRq3nVJPb.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00004642 _____ C:\Users\Nazia\Downloads\J1OH2qUPvl.b567
2016-11-13 05:30 - 2016-11-13 05:30 - 00003464 _____ C:\TXXriR1-MZ.b567
2016-11-13 02:24 - 2016-11-13 02:24 - 00573630 _____ C:\Users\Nazia\Downloads\Install_Flash_0.9.2.1.exe
2016-11-05 00:47 - 2016-11-13 02:39 - 00000000 ____D C:\Users\Nazia\Desktop\pratyu
2016-11-04 13:39 - 2016-11-04 13:39 - 00002019 _____ C:\Users\Nazia\Desktop\islamic photos.lnk
2016-11-04 02:36 - 2016-11-04 02:36 - 00002257 _____ C:\Users\Nazia\Desktop\sheela - Shortcut.lnk
2016-11-04 02:36 - 2016-11-04 02:36 - 00001816 _____ C:\Users\Nazia\Desktop\SCJP- sheela - Shortcut.lnk
2016-11-04 02:36 - 2016-11-04 02:36 - 00001807 _____ C:\Users\Nazia\Desktop\SCJP - Shortcut (2).lnk
2016-11-04 02:35 - 2016-11-04 02:35 - 00002237 _____ C:\Users\Nazia\Desktop\SCJP - Shortcut.lnk
2016-10-31 22:00 - 2016-11-13 03:09 - 00000000 ____D C:\Users\Nazia\Desktop\Islam
2016-10-29 16:44 - 2016-10-29 16:44 - 01347853 _____ C:\Users\Nazia\Desktop\quran-in-modern-english.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-24 02:46 - 2010-03-08 20:37 - 00000000 ____D C:\Users\Nazia
2016-11-24 02:33 - 2012-10-20 20:53 - 00000000 ____D C:\Users\Nazia\AppData\Roaming\Skype
2016-11-24 02:33 - 2010-03-14 14:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-23 22:22 - 2010-03-14 14:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-23 00:04 - 2010-03-08 20:43 - 00000454 _____ C:\ProgramData\HPWALog.txt
2016-11-22 12:47 - 2009-07-14 10:04 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 12:47 - 2009-07-14 10:04 - 00023024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 12:46 - 2009-09-07 04:32 - 00391954 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 12:46 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2016-11-22 12:38 - 2014-05-12 22:32 - 00000000 ____D C:\Users\Nazia\AppData\Roaming\uTorrent
2016-11-22 12:38 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 12:43 - 2010-04-24 21:19 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 12:43 - 2010-04-24 21:19 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 13:17 - 2010-03-09 11:43 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-13 06:58 - 2012-05-26 13:38 - 00000000 ____D C:\Users\Nazia\gym songs
2016-11-13 06:54 - 2014-07-04 21:06 - 00000000 ____D C:\Users\Nazia\Desktop\alter
2016-11-13 06:53 - 2011-11-30 19:23 - 00000000 ____D C:\Users\Nazia\Downloads\Badri Narayanan's Resume_files
2016-11-13 03:06 - 2010-05-09 16:35 - 00000000 ____D C:\Users\Nazia\Documents\Software
2016-11-13 03:06 - 2010-05-08 21:05 - 00000000 ____D C:\Users\Nazia\Documents\nazia on 8th may 2010
2016-11-13 03:06 - 2010-05-08 20:09 - 00000000 ____D C:\Users\Nazia\Documents\complete pen drive backup on 8th may 2010
2016-11-13 03:06 - 2010-04-11 19:44 - 00000000 ____D C:\Users\Nazia\Documents\pen drive backup of last day
2016-11-13 03:05 - 2014-06-25 19:20 - 00000000 ____D C:\Users\Nazia\Desktop\iphone 4 downgrading
2016-11-13 03:05 - 2012-07-14 21:23 - 00000000 ____D C:\Users\Nazia\Softwares
2016-11-13 03:05 - 2012-07-08 20:56 - 00000000 ____D C:\Users\Nazia\Motorola Bluetooth Team Work
2016-11-13 03:05 - 2012-07-07 20:07 - 00000000 ____D C:\Users\Nazia\Downloads\jsppptandstruts2_0loginexample
2016-11-13 03:05 - 2012-02-23 07:45 - 00000000 ____D C:\Users\Nazia\Documents\from tabbu
2016-11-13 03:05 - 2012-02-05 11:56 - 00000000 ____D C:\Users\Nazia\Downloads\employeecrud
2016-11-13 03:05 - 2012-01-20 21:24 - 00000000 ____D C:\Users\Nazia\JAVA FASTRACK
2016-11-13 03:05 - 2011-12-09 23:50 - 00000000 ____D C:\Users\Nazia\Downloads\supermemo2004
2016-11-13 03:05 - 2011-01-16 10:45 - 00000000 ____D C:\Users\Nazia\Documents\JIRA Work
2016-11-13 03:05 - 2010-09-05 19:04 - 00000000 ____D C:\Users\Nazia\Documents\Interview related
2016-11-13 03:05 - 2010-09-05 19:03 - 00000000 ____D C:\Users\Nazia\Documents\Arshiya Matrimonial
2016-11-13 03:05 - 2010-09-05 19:02 - 00000000 ____D C:\Users\Nazia\Documents\Tax
2016-11-13 03:05 - 2010-09-05 18:52 - 00000000 ____D C:\Users\Nazia\Documents\Motorola
2016-11-13 03:05 - 2010-09-05 18:51 - 00000000 ____D C:\Users\Nazia\Documents\Integra Micro Software Services
2016-11-13 03:05 - 2010-04-28 22:56 - 00000000 ____D C:\Users\Nazia\Documents\PG
2016-11-13 03:05 - 2010-03-14 17:55 - 00000000 ____D C:\Projects
2016-11-13 03:04 - 2011-04-13 22:44 - 00000000 ____D C:\Users\Nazia\AppData\Roaming\Notepad++
2016-11-13 03:03 - 2012-07-22 19:35 - 00000000 ____D C:\Users\Nazia\AppData\Roaming\Babylon
2016-11-13 03:02 - 2011-09-02 16:22 - 00000000 ____D C:\Users\Nazia\Downloads\fwwoodsvellelegaldocuments
2016-11-13 03:02 - 2010-09-05 19:12 - 00000000 ____D C:\Users\Nazia\Documents\misc
2016-11-13 02:50 - 2010-03-21 17:37 - 00000000 ____D C:\Users\Nazia\Documents\New folder
2016-11-13 02:48 - 2012-09-13 19:55 - 00000000 ____D C:\Users\Nazia\Downloads\assalaamualaikumarshiyatabassumsprofile
2016-11-13 02:48 - 2012-09-11 11:03 - 00000000 ____D C:\Users\Nazia\Downloads\reeinvitationnoticeforthe112thsessionofchinaimpor
2016-11-13 02:48 - 2012-09-02 22:07 - 00000000 ____D C:\Users\Nazia\Downloads\travelinvitationrequestcantonfair20125thoct125
2016-11-13 02:48 - 2011-09-04 11:33 - 00000000 ____D C:\Users\Nazia\Documents\Easy Mop
2016-11-13 02:48 - 2011-01-02 15:40 - 00000000 ____D C:\Users\Nazia\ARSHIYA
2016-11-13 02:48 - 2010-08-29 19:32 - 00000000 ____D C:\Users\Nazia\Documents\Islamic
2016-11-13 02:47 - 2013-06-08 16:17 - 00000000 ____D C:\Users\Nazia\nikah namah sake
2016-11-13 02:44 - 2014-01-24 21:46 - 00000000 ____D C:\Users\Nazia\Desktop\major project
2016-11-13 02:39 - 2015-01-10 22:25 - 00000000 ____D C:\Users\Nazia\Downloads\10012015102135948_1420908695949_XXXPT1793X_ITRV
2016-11-13 02:39 - 2015-01-10 18:46 - 00000000 ____D C:\Users\Nazia\Downloads\12149
2016-11-13 02:39 - 2012-07-08 20:52 - 00000000 ____D C:\Users\Nazia\JAVA
2016-11-13 02:39 - 2012-07-08 20:47 - 00000000 ____D C:\Users\Nazia\Integra
2016-11-13 02:39 - 2010-12-16 22:59 - 00000000 ____D C:\Users\Nazia\resumes
2016-11-13 02:39 - 2010-11-14 12:51 - 00000000 ____D C:\Users\Nazia\Documents\PassportApplicationForm_Main_English_V1.0
2016-11-13 02:39 - 2010-05-08 21:40 - 00000000 ____D C:\Users\Nazia\Documents\Airtel
2016-11-13 02:38 - 2012-07-08 20:51 - 00000000 ____D C:\Users\Nazia\CARS
2016-11-13 02:38 - 2012-07-08 20:48 - 00000000 ____D C:\Users\Nazia\Motorola Jira Team Work
2016-11-13 02:38 - 2012-07-08 20:45 - 00000000 ____D C:\Users\Nazia\Health
2016-11-13 02:38 - 2012-07-08 20:43 - 00000000 ____D C:\Users\Nazia\PG
2016-11-13 02:38 - 2012-07-08 20:42 - 00000000 ____D C:\Users\Nazia\TAX
2016-11-13 02:38 - 2012-07-08 20:42 - 00000000 ____D C:\Users\Nazia\English WORDS
2016-11-13 02:38 - 2012-07-08 20:41 - 00000000 ____D C:\Users\Nazia\Pearl Daisy
2016-11-13 02:38 - 2012-07-08 20:39 - 00000000 ____D C:\Users\Nazia\ISLAM
2016-11-13 02:38 - 2011-11-10 21:42 - 00000000 ____D C:\Users\Nazia\Documents\Google Talk Received Files
2016-11-13 02:38 - 2010-09-05 19:06 - 00000000 ____D C:\Users\Nazia\Documents\Health
2016-11-09 23:58 - 2010-04-27 12:34 - 00000000 ____D C:\Users\Nazia\AppData\Local\CrashDumps
2016-11-03 00:50 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF
2016-10-28 22:27 - 2010-03-14 14:58 - 00000000 ____D C:\Users\Nazia\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2010-03-08 20:43 - 2010-03-08 20:43 - 0000000 _____ () C:\Users\Nazia\AppData\Local\AtStart.txt
2010-08-21 18:54 - 2014-06-28 09:50 - 0005120 _____ () C:\Users\Nazia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-08 20:43 - 2010-03-08 20:43 - 0000000 _____ () C:\Users\Nazia\AppData\Local\DSwitch.txt
2011-12-23 11:41 - 2011-12-23 11:41 - 0004096 ____H () C:\Users\Nazia\AppData\Local\keyfile3.drm
2010-03-08 20:43 - 2010-03-08 20:43 - 0000000 _____ () C:\Users\Nazia\AppData\Local\QSwitch.txt
2010-03-08 20:43 - 2016-11-23 00:04 - 0000454 _____ () C:\ProgramData\HPWALog.txt
2010-03-09 11:32 - 2010-03-09 11:32 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-12-01 03:15 - 2009-12-01 03:15 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-03-09 11:31 - 2010-03-09 11:31 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-12-01 03:11 - 2009-12-01 03:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-09 11:31 - 2010-03-09 11:31 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-03-09 11:31 - 2010-03-09 11:31 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-12-01 03:10 - 2009-12-01 03:11 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-12-01 03:12 - 2009-12-01 03:15 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-03-09 11:32 - 2010-03-09 11:32 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
Files to move or delete:
====================
C:\Users\Nazia\AppData\Local\Temp\utt84.tmp.exe
C:\Users\Nazia\agent.exe
C:\Users\Nazia\DRTCP021.exe
C:\Users\Nazia\launchAgent.bat
C:\Users\Nazia\launchDrTCP.bat
 
 
Some files in TEMP:
====================
C:\Users\Nazia\AppData\Local\Temp\9D81.exe
C:\Users\Nazia\AppData\Local\Temp\ac3filter_2_6_0b_lite.exe
C:\Users\Nazia\AppData\Local\Temp\bing_toolbar.exe
C:\Users\Nazia\AppData\Local\Temp\DScaler5008.exe
C:\Users\Nazia\AppData\Local\Temp\ffdshow_rev4500_20130106.exe
C:\Users\Nazia\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Nazia\AppData\Local\Temp\gabestmpegsplitter.1.5.3.3933.exe
C:\Users\Nazia\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Nazia\AppData\Local\Temp\HPQSi.exe
C:\Users\Nazia\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nazia\AppData\Local\Temp\LAVFilters-0.60.1.exe
C:\Users\Nazia\AppData\Local\Temp\MatroskaSplitter_1.13.138.14.exe
C:\Users\Nazia\AppData\Local\Temp\MSN447F.exe
C:\Users\Nazia\AppData\Local\Temp\NDP98CC.exe
C:\Users\Nazia\AppData\Local\Temp\nsx40D9.tmp.ConduitEngineEmbbed.exe
C:\Users\Nazia\AppData\Local\Temp\osavisplitter.1.5.3.3933_nt.exe
C:\Users\Nazia\AppData\Local\Temp\ose00001.exe
C:\Users\Nazia\AppData\Local\Temp\osflvsplitter.1.5.3.3933_nt.exe
C:\Users\Nazia\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Nazia\AppData\Local\Temp\setup.exe
C:\Users\Nazia\AppData\Local\Temp\Softonic-Eng7.exe
C:\Users\Nazia\AppData\Local\Temp\tbuTor.dll
C:\Users\Nazia\AppData\Local\Temp\utt75BE.tmp.exe
C:\Users\Nazia\AppData\Local\Temp\utt84.tmp.exe
C:\Users\Nazia\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Nazia\AppData\Local\Temp\Zynga.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-16 14:06
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Nazia (24-11-2016 03:02:27)
Running from C:\Users\Nazia\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2010-03-08 15:07:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1120201601-1948613142-3013039472-500 - Administrator - Disabled)
Guest (S-1-5-21-1120201601-1948613142-3013039472-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1120201601-1948613142-3013039472-1005 - Limited - Enabled)
Nazia (S-1-5-21-1120201601-1948613142-3013039472-1000 - Administrator - Enabled) => C:\Users\Nazia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.1.0 - )
µTorrent (HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Airtel NetXpert 3.0 (HKLM\...\Airtel NetXpert_is1) (Version: 3.0 - Bharti Airtel)
Anti-phishing Domain Advisor (HKLM\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atom (HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\atom) (Version: 1.10.0 - GitHub Inc.)
Audio File Cutter 3.40 (HKLM\...\Audio File Cutter_is1) (Version: - Naturpic Software)
Babylon toolbar on IE (HKLM\...\BabylonToolbar) (Version: - ) <==== ATTENTION
BabylonObjectInstaller (HKLM\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
blekko search bar (HKLM\...\blekkotb_031) (Version: 1.5.18.12 - Visicom Media Inc.) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.41 - Broadcom Corporation)
Cisco Systems VPN Client 5.0.01.0600 (HKLM\...\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}) (Version: 5.0.1 - Cisco Systems, Inc.)
Compiled Driver Disk (Samsung) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811206}_is1) (Version: 1.0.8.1 - COMPELSON Labs)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
DigitalPersona Personal 4.10 (HKLM\...\{B002889A-F359-4F2A-9113-10B0A438AD70}) (Version: 4.10.3787 - DigitalPersona, Inc.)
Driver Talent (HKLM\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.45.142 - OSToto Co., Ltd.)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
DVD Menu Pack for HP MediaSmart Video (HKLM\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\284D9B4A58796481EC5A61D01DCC5E654761629C) (Version: 2.7.4.0 - ENE)
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
ffdshow v1.3.4500 [2013-01-06] (HKLM\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FrameShots Video Screen Capture (HKLM\...\FrameShots) (Version: - EOF Productions)
Free Video Cutter (HKLM\...\{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1) (Version: - FreeVideoCutter.com)
Gabest MPEG Splitter (remove only) (HKLM\...\Gabest MPEG Splitter) (Version: - )
GameHouse Games (HKLM\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3509 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5C3E7880-7F8B-4A06-A3C3-95509F092161}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{06F22256-8A8D-4F3F-B22C-6E07313D0FD1}) (Version: 4.2.6.13 - Hewlett-Packard)
HP Update (HKLM\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0154 (HKLM\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6249.0 - IDT)
Image Cut 1.51 (HKLM\...\Image Cut_is1) (Version: 1.51 - XVEL Software)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{1B6C0E95-182C-48E0-9C4B-4F916308249C}) (Version: 11.0.0.163 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java™ SE Development Kit 6 Update 32 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160320}) (Version: 1.6.0.320 - Oracle)
JIRA 5.0.4 (HKLM\...\3069-1244-9928-3021) (Version: 5.0.4 - Atlassian)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (Version: 2.5.2215 - CyberLink Corp.) Hidden
LAV Filters 0.60.1 (HKLM\...\lavfilters_is1) (Version: 0.60.1 - Hendrik Leppkes)
LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Web Search (MyWebFace) (HKLM\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
MySQL Server 5.5 (HKLM\...\{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}) (Version: 5.5.20 - Oracle Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 17.6.0.32 - Symantec Corporation)
Norton Internet Security (Version: 17.0.0.136 - Symantec Corporation) Hidden
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version: - )
OpenSource Flash Video Splitter (remove only) (HKLM\...\OpenSource Flash Video Splitter) (Version: - )
Oracle Database 11g Express Edition (HKLM\...\InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}) (Version: 11.2.0 - Oracle Corporation)
Oracle Database 11g Express Edition (Version: 11.2.0 - Oracle Corporation) Hidden
Pi (HKLM\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.6 - Tradelab Software)
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (Version: 7.0.3420 - CyberLink Corp.) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Recovery Manager (Version: 5.5.2214 - CyberLink Corp.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skype Web Plugin (HKLM\...\{0A95D1F2-BF33-43E7-A32B-E8089182EAE7}) (Version: 7.23.0.54 - Skype Technologies S.A.)
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Softonic-Eng7 Toolbar (HKLM\...\Softonic-Eng7 Toolbar) (Version: 5.7.1.1 - Softonic-Eng7) <==== ATTENTION
SoftStylus (HKLM\...\{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}) (Version: 2.2.112.0 - Motorola)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
The Talking Moose XP! (HKLM\...\{06E4FB75-C6F2-4D91-95D5-087A898D3E75}) (Version: 5.0.0.0 - Lambert Productions)
UseNeXT (HKLM\...\UseNeXT_is1) (Version: - Tangysoft Ltd.)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 3.53 - NCH Software)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wondershare MobileTrans ( Version 7.6.1 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.6.1 - Wondershare)
Zynga Toolbar (HKLM\...\Zynga Toolbar) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Nazia\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\mswinsck.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Nazia\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{49ACECA8-A1DF-467E-8FED-CCC810B1434E}\localserver32 -> C:\Users\Nazia\AppData\Local\SkypePlugin\7.23.0.54\GatewayVersion.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Nazia\AppData\Local\SkypePlugin\7.23.0.54\EdgeBrokerPS.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{7E3A041F-59E4-45ED-85BB-0DC57685CC7B}\InprocServer32 -> C:\Users\Nazia\AppData\Local\SkypePlugin\7.23.0.54\GatewayActiveX.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Nazia\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files\TextPad 5\System\shellext32.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Nazia\AppData\Local\SkypePlugin\7.23.0.54\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Nazia\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{F6DA9A4E-A402-41BB-8B55-E30CABCF002F}\localserver32 -> C:\Users\Nazia\AppData\Local\SkypePlugin\PluginHost.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1120201601-1948613142-3013039472-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EC36F1-E234-423F-B5C7-AB6018F67251} - System32\Tasks\DVDAgent => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {05BF6423-D2F5-4D5F-A0BC-E17229DF95CD} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-17] (Hewlett-Packard)
Task: {0D3E23BA-FBE3-4562-B52F-C6E0B3E1762F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {1BA37816-D2C9-41CE-AA93-E32DEEE2BF55} - System32\Tasks\CapSchedInst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-07] (CL)
Task: {34C80E4D-1C74-45F3-8F3E-C86652D3DA67} - System32\Tasks\Symantec\Symantec Error Processor 17.6.0.32 => C:\Program Files\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-27] (Symantec Corporation)
Task: {4E39A436-CF59-47A5-BC7B-CC1F7E6C6348} - System32\Tasks\{5871519C-47C1-4804-BA3D-C79DE0800326} => pcalua.exe -a "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Nazia\Desktop -c "C:\Program Files\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Nazia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\21VXIYEH\gameInitializer[1].rgi"
Task: {64B78D57-5DBC-4F55-A8F2-D4115179EADE} - System32\Tasks\CapSvcInst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-07] (CL)
Task: {6992B8B8-C5F1-4AC1-B88F-BB56CFD3D47D} - System32\Tasks\CapUninst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-07] (CL)
Task: {7C0EA806-0B87-4636-9E4A-0773C58EB551} - System32\Tasks\{8176F44F-8665-46AE-836F-038D1DFC1D8E} => pcalua.exe -a C:\Users\Nazia\Desktop\SQL200~1\x86\setup\msetup.exe -d C:\Users\Nazia\Desktop\SQL200~1 -c -c -q C:\USERS\NAZIA\DESKTOP\SQL200~1\x86\setup\Sqlservr.dbd
Task: {A194B306-D072-468F-9D8E-DBDDBA272E18} - System32\Tasks\{05692841-7226-4EE8-92B4-D37906FF548D} => pcalua.exe -a C:\Users\Nazia\Desktop\GameHouse-Installer_am-supertexttwist_gamehouse_.exe -d C:\Users\Nazia\Desktop
Task: {BA40E323-CB63-4DB6-8DAC-F50948D7109C} - System32\Tasks\{109446BF-D126-4D39-9E58-420664FFFF06} => pcalua.exe -a C:\Users\Nazia\Downloads\chromeinstall-8u25.exe -d C:\Users\Nazia\Downloads
Task: {BDEFAF24-5D0F-4F38-AE78-7DEB7E50BF19} - System32\Tasks\Symantec\Symantec Error Analyzer 17.6.0.32 => C:\Program Files\Norton Internet Security\Engine\17.6.0.32\SymErr.exe [2010-03-27] (Symantec Corporation)
Task: {C0FA1FA6-343E-44DC-B357-1AD1B859B639} - System32\Tasks\CLMLSvc => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-06] (CyberLink)
Task: {C5535EA9-9F05-4FCA-A92C-E7A829BC0F5C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {DE19CCA2-024D-4865-8521-525A2012839B} - System32\Tasks\TVAgent => c:\Program Files\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-07] (CyberLink Corp.)
Task: {DE5A9D53-E572-4A00-9972-38ABD97FF995} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-10-17] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nazia\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\Nazia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JIRA\Start JIRA Service [8989].lnk -> C:\Program Files\Atlassian\JIRA\start_service.bat ()
Shortcut: C:\Users\Nazia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JIRA\Stop JIRA Service [8989].lnk -> C:\Program Files\Atlassian\JIRA\stop_service.bat ()
Shortcut: C:\Users\Nazia\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\Users\Nazia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop

==================== Loaded Modules (Whitelisted) ==============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-25 23:25 - 2009-08-25 23:25 - 00567864 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2009-09-05 02:13 - 2009-09-05 02:13 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2016-06-05 00:33 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-06-05 00:33 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2009-08-21 02:05 - 2009-08-21 02:05 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-08-21 02:05 - 2009-08-21 02:05 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-08-21 02:05 - 2009-08-21 02:05 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-30 04:55 - 2009-09-30 04:55 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2007-07-16 09:28 - 2007-07-16 09:28 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2016-06-05 01:25 - 2016-07-28 14:21 - 00172200 _____ () c:\program files\ostotosoft\drivertalent\ldrvsvc.dll
2016-06-05 01:25 - 2016-05-19 07:32 - 00186640 _____ () c:\program files\ostotosoft\drivertalent\CrashCatch.dll
2016-06-05 01:25 - 2016-05-19 07:32 - 00254824 _____ () c:\program files\ostotosoft\drivertalent\updater\checkupdate.dll
2016-06-05 01:25 - 2016-07-28 14:21 - 00174760 _____ () c:\program files\ostotosoft\drivertalent\substat.dll
2016-06-05 01:25 - 2016-05-19 07:32 - 00103776 _____ () c:\program files\ostotosoft\drivertalent\dstudp.dll
2016-06-05 01:25 - 2016-05-19 07:32 - 00117088 _____ () c:\program files\ostotosoft\drivertalent\udp.dll
2011-12-16 22:20 - 2011-12-16 22:20 - 08176640 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2009-10-06 12:38 - 2009-10-06 12:38 - 00931112 ____N () c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-12-01 03:15 - 2009-07-07 00:50 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2009-07-02 05:14 - 2009-07-02 05:14 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2011-02-09 06:26 - 2011-02-09 06:26 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2009-02-28 02:26 - 2009-02-28 02:26 - 00016768 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2016-11-15 12:43 - 2016-11-09 01:59 - 01819240 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 12:43 - 2016-11-09 01:59 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-09 16:24 - 2016-11-09 16:24 - 17772736 _____ () C:\Users\Nazia\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AA857467 [103]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1120201601-1948613142-3013039472-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nazia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 125.22.47.125 - 125.22.47.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5760300F-FFB9-4CDF-B66E-7C891DA09E6F}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{D056ACAB-9CC6-4EA6-8416-151EB498FABB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{870D5335-025F-4942-9F0F-3430D7B331AC}] => (Allow) svchost.exe
FirewallRules: [{15C4DC71-AB61-4FE5-9E70-FE2C844E1A5C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E68546A1-139C-45AF-BB3C-70B81280FF9D}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{EE849571-F7ED-45DC-ADAA-CC3A01388572}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{2319DCDF-07C8-48DE-B602-2109C15BA632}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{59621BA9-4A24-4658-9B93-8D5739BB6966}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{5B1B3E2C-E711-496A-B909-560FD1EC2BC4}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{177C0BCB-FA83-4B7B-B5CB-5067A9B15B79}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{85D97C5B-1D54-464A-8BDC-DAB04AEAF941}] => (Allow) c:\Program Files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{2984DD51-9545-44CF-9DDA-4C67C47FE3AD}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{92DD0134-6D4B-45BF-8C71-65B983359256}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{6F0C86BC-5DAE-4113-ABCD-11AFEE3A4862}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{41750A51-7187-455B-B18F-1514EC594950}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{E5B5FB52-67D1-4ADD-B6C8-31FC7CBC041F}] => (Allow) c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{BAB49B2F-88C1-4183-AEE8-E9EB59CF08CD}] => (Allow) c:\Program Files\Hewlett-Packard\Media\Live TV\QP.exe
FirewallRules: [{9FC16183-846A-4A71-8CE3-07D07B0298A9}] => (Allow) c:\Program Files\Hewlett-Packard\Media\Live TV\QPService.exe
FirewallRules: [TCP Query User{D2574D80-949A-4C21-9764-01954747A807}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F118BA64-42F2-4B0B-8BD7-D514E50BA63D}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{697D1867-DE93-4905-AC3B-FC737EF66AB2}C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe] => (Allow) C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe
FirewallRules: [UDP Query User{88557AF9-7A38-4CBD-A248-09F2184DC14E}C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe] => (Allow) C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe
FirewallRules: [TCP Query User{EF282BEC-26DA-42D5-9152-72B7C8F23752}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{2AD50299-FFC2-40EB-9E34-8A92408E5FC8}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{2C1F9AF1-B8EF-4C14-949E-0F1DBE06463B}C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe] => (Allow) C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe
FirewallRules: [UDP Query User{43A844EC-454A-4152-8300-E81AE64A3618}C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe] => (Allow) C:\projects\eclipse-jee-indigo-sr1-win32\eclipse\eclipse.exe
FirewallRules: [TCP Query User{1A6DE85C-B9CC-4D19-AC1D-A903A3648228}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{5C2B0BDB-CA7A-4743-8C09-9E432B5C47B0}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{CC8FB5B5-0E2F-4386-99ED-E8EC97CB8713}C:\program files\torrentsearch\easydownload.exe] => (Allow) C:\program files\torrentsearch\easydownload.exe
FirewallRules: [UDP Query User{DE1ECB4E-375D-48B9-A161-901A18CE099C}C:\program files\torrentsearch\easydownload.exe] => (Allow) C:\program files\torrentsearch\easydownload.exe
FirewallRules: [TCP Query User{DCCB3EF4-0F24-4340-843E-289514CE45F8}C:\users\nazia\downloads\atlassian-jira-5.0.4-x32.exe] => (Allow) C:\users\nazia\downloads\atlassian-jira-5.0.4-x32.exe
FirewallRules: [UDP Query User{5567A968-A195-4808-AD70-F6D035D6A94A}C:\users\nazia\downloads\atlassian-jira-5.0.4-x32.exe] => (Allow) C:\users\nazia\downloads\atlassian-jira-5.0.4-x32.exe
FirewallRules: [{570CAD74-14E3-4525-9AFF-10DB6BB5FA0C}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{EB200657-C7FF-451A-8CB0-76EED79FACBF}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{C08CD138-066D-4819-BA29-37D6156FCFFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{489FFC91-F665-4456-A1A5-F8851B02584C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD85B347-8491-4FB3-897A-F70E8C104B4B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BC7DD9AB-2929-45C4-B61C-313DD9909E45}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B5E53477-94BC-4AFE-A9A8-077595FF14C1}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{F0B9FA7B-A3A6-4237-B7CA-7A2D09AF8B59}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{95964BBE-FEA2-4298-97B0-30C69D44D336}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{95A86B61-6502-411A-BA46-874FD0FDD158}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2D3EF79A-9095-4BC9-84BE-D3B875CE5883}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AD149717-5F59-4E38-827E-616CE4B54394}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BCBD1B82-8587-4BF7-9A5B-EBF8E7DC1A83}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-11-2016 14:14:19 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2016 02:20:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092

Error: (11/24/2016 02:20:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1092

Error: (11/24/2016 02:20:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2016 04:29:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9594

Error: (11/23/2016 04:29:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9594

Error: (11/23/2016 04:29:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2016 04:29:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

Error: (11/23/2016 04:29:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5320

Error: (11/23/2016 04:29:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2016 04:29:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2668


System errors:
=============
Error: (11/23/2016 04:50:56 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/23/2016 04:50:56 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/23/2016 01:28:01 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/23/2016 01:28:01 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/22/2016 12:39:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OracleServiceXE service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/22/2016 12:39:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the OracleServiceXE service to connect.

Error: (11/22/2016 12:38:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:34:02 on ‎22-‎11-‎2016 was unexpected.

Error: (11/21/2016 11:53:10 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/21/2016 11:53:10 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "00269ED29D4A" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (11/20/2016 04:29:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the OracleXETNSListener service to connect.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 55%
Total physical RAM: 3062.87 MB
Available physical RAM: 1363.13 MB
Total Virtual: 6124.02 MB
Available Virtual: 2919.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:453.69 GB) (Free:292.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:11.78 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 491F9DA0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 27 November 2016 - 03:59 PM.


BC AdBot (Login to Remove)

 


#2 nazia

nazia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 24 November 2016 - 03:17 PM

Also, I see a README html file in all folders that says:

 

CERBER RANSOMWARE Instructions

Can't you find the necessary files?
Is the content of your files not readable?

It is normal because the files' names and the data in your files have been encrypted by "Cerber Ransomware".

It means your files are NOT damaged! Your files are modified only. This modification is reversible.
From now it is not possible to use your files until they will be decrypted.

The only way to decrypt your files safely is to buy the special decryption software "Cerber Decryptor".

Any attempts to restore your files with the third-party software will be fatal for your files!

You can proceed with purchasing of the decryption software at your personal page:

Please wait...http://ahuqfrqk54v3vnzj.1kvftk.top/D206-7429-DDDB-008F-3C3Bhttp://ahuqfrqk54v3vnzj.lw19ft.top/D206-7429-DDDB-008F-3C3Bhttp://ahuqfrqk54v3vnzj.onion.to/D206-7429-DDDB-008F-3C3B

If this page cannot be opened  click here  to generate a new address to your personal page.

At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.

Also at this page you will be able to restore any one file for free to be sure "Cerber Decryptor" will help you.

If your personal page is not available for a long period there is another way to open your personal page - installation and use of Tor Browser:

  1. run your Internet browser (if you do not know what it is run the Internet Explorer);
  2. enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER;
  3. wait for the site loading;
  4. on the site you will be offered to download Tor Browser; download and run it, follow the installation instructions, wait until the installation is completed;
  5. run Tor Browser;
  6. connect with the button "Connect" (if you use the English version);
  7. a normal Internet browser window will be opened after the initialization;
  8. type or copy the address
    http://ahuqfrqk54v3vnzj.onion/D206-7429-DDDB-008F-3C3B
    in this browser address bar;
  9. press ENTER;
  10. the site should be loaded; if for some reason the site is not loading wait for a moment and try again.

If you have any problems during installation or use of Tor Browser, please, visit https://www.youtube.com and type request in the search bar "Install Tor Browser Windows" and you will find a lot of training videos about Tor Browser installation and use.

Additional information:

You will find the instructions ("*.hta") for restoring your files in any folder with your encrypted files.

The instructions ("*.hta") in the folders with your encrypted files are not viruses, the instructions ("*.hta") will help you to decrypt your files.

Remember the worst situation already happened and now the future of your files depends on your determination and speed of your actions.



#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 26 November 2016 - 12:59 PM

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.

Please allow me some time to review your logs and I will be back with instructions.

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 29 November 2016 - 04:26 PM

Hello nazia,

Before cleaning the machine, we can try and see if it is possible to recover some files using shadow copies. Ransomware are known to erase shadow copies to prevent recovery, but in some cases the malware failed to do it and the files can be restored.

We will use a software called Shadow Explorer, which can be downloaded here.

Recover files using Shadow Explorer
  • Launch Shadow Explorer.
  • Select the appropriate drive in the leftmost drop-down menu.
  • Select the restoration date from the right drop-down menu. A list of files and folders with shadow copies available will be displayed.
  • Right-click on the file/folder you want to restore, then select Export.
  • Select a location to save the new file, then press OK.
Detailed instructions can be found here.

If Shadow Explorer could not find any file, then I am afraid there is no other way to restore the files without paying the ransom. You can save the files to a secure location and wait for a possible solution in the future, but this can take a long time.

I can help you clean your machine if you wish however - please let me know what you would like to do.

#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 02 December 2016 - 05:30 PM

Hello there,

Are you still with me?

#6 nazia

nazia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 03 December 2016 - 02:52 AM

Hi

I tried Shadow explorer, but its not showing the date prior to infection but after.

Please advise.

 

Thanks

Nazia



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 03 December 2016 - 12:25 PM

It appears that the ransomware has erased the shadow copies. Currently there is no other way to restore them except by paying the ransom - most experts advise victims to not pay since it fuels criminal activities, but I understand the necessity of paying if those files are important.

Do you still need help with cleaning the machine?

#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 07 December 2016 - 10:10 AM

Are you still with me?

#9 nazia

nazia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 07 December 2016 - 10:49 AM

Yes, I am.

How do i clean my system, can you please advise.



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 09 December 2016 - 05:19 PM

Hello nazia,

As you have decided to clean the machine, please take note of the instructions below.

:step1: Peer-to-peer software

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

===

:step2: AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
===

:step3: Uninstalling Programs

Click the Start orb on the taskbar, and then click the Control Panel button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove:

Java 8 Update 25
Java DB 10.6.2.1
Java 6 Update 32
Java SE Development Kit 6 Update 32
Acrobat.com


Additional instructions can be found here if needed.

If you run into any issues, please let me know.

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:07 AM

Posted 13 December 2016 - 06:51 AM

Are you still with me?

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:07 AM

Posted 16 December 2016 - 02:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users