Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
- Ran by Mohammed (administrator) on MOHAMMED-PC on 18-05-2015 23:21:48
- Running from C:\Users\Mohammed\Desktop
- Loaded Profiles: Mohammed (Available profiles: Mohammed)
- Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
- Internet Explorer Version 9 (Default browser: IE)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
- (Microsoft Corporation) C:\Windows\System32\wlanext.exe
- (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
- (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
- (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
- (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
- (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- (HP) C:\Windows\System32\HPSIsvc.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
- (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
- () C:\Windows\SysWOW64\DBSer_ABC.exe
- (Tendyron Corporation) C:\Windows\SysWOW64\DBMon_ABC.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
- (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
- (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
- (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
- (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
- (Intel Corporation) C:\Windows\System32\hkcmd.exe
- (Intel Corporation) C:\Windows\System32\igfxpers.exe
- (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
- (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
- (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
- (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
- (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
- (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
- (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
- (Tendyron Corporation) C:\Windows\SysWOW64\DBSvr_ABC.exe
- (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
- () C:\Program Files (x86)\AVG Secure Search\vprot.exe
- (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
- () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
- (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
- (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
- (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
- (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
- (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
- (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
- (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
- (Intel Corporation) C:\Windows\System32\igfxext.exe
- (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
- () C:\Users\Mohammed\funshion\mobileinfo\tfadb.exe
- (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
- (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
- (Funshion Online Technologies Ltd.) C:\Funshion\Funshion Online\3.0.1.23\FunshionService.exe
- (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
- (ALPS) C:\Program Files\Apoint\Apvfb.exe
- (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
- (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
- (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
- (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
- (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
- (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
- (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
- (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
- (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
- (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- ==================== Registry (Whitelisted) ==================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-01] (Realtek Semiconductor)
- HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-01] (Realtek Semiconductor)
- HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-06-01] (Alps Electric Co., Ltd.)
- HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
- HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
- HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
- HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
- HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
- HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
- HKLM-x32\...\Run: [DBSvr_ABC.exe] => DBSvr_ABC.exe
- HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
- HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-14] ()
- HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
- HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
- HKLM-x32\...\Run: [] => [X]
- HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
- HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
- HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
- HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
- Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
- HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
- HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [AdobeBridge] => [X]
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [Funshion] => C:\Funshion\Funshion Online\3.0.1.23\Funshion.exe [3639120 2014-08-07] (风行在线技术有限公司)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [ujkbvnr] => rundll32 "C:\Users\Mohammed\AppData\Local\ujkbvnr.dll",ujkbvnr <===== ATTENTION
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [jkieora] => rundll32 "C:\Users\Mohammed\AppData\Local\jkieora.dll",jkieora <===== ATTENTION
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [uTorrent] => C:\Users\Mohammed\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-13] (BitTorrent Inc.)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe [927920 2015-04-15] (Adobe Systems Incorporated)
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Policies\Explorer: [NoFolderOptions] 0
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {1737e631-9fbd-11e1-873c-544249fa630b} - D:\AutoRun.exe {845311CD-9D87-4C26-884B-0219F5CCFC16} PCW_CHN_CM_U810_V1.0.0B09
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {246e4408-f226-11e0-8c01-544249fa630b} - D:\ABCInstall.exe
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {7d505985-764b-11e4-a44f-544249fa630b} - D:\HiSuiteDownLoader.exe
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {bb100c8b-d8ef-11e1-9468-544249fa630b} - D:\Autorun.exe
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {c72c929f-874f-11e3-868a-544249fa630b} - D:\AutoRun.exe
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
- HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
- AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File Not Found
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-14]
- ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-09-06]
- ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-14]
- ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
- Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-18]
- ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
- Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-18]
- ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
- Startup: C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Internet Security 2015 (a) Crk Update V4.rar.lnk [2015-05-14]
- ShortcutTarget: Kaspersky Internet Security 2015 (a) Crk Update V4.rar.lnk -> C:\ProgramData\{faf99f45-be2a-4ca6-faf9-99f45be27d16}\Kaspersky Internet Security 2015 (a) Crk Update V4.rar.exe (No File)
- Startup: C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-03-20]
- ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
- ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Lisan.dll [2015-04-25] (tools )
- CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
- HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
- HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
- HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
- URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
- URLSearchHook: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
- SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
- SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
- SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
- SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {2DE3AE49-0967-49E2-9EDF-4E6CCC8CBA8F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={ECF0C027-FBC2-4F12-A399-EFE6FAD68169}&mid=3d536a6e751c4b0291d83766e19ccb95-b2b32fc67ad6ec344c73b0a6c7574fc3dda01d17&lang=en&ds=hk011&pr=sa&d=2012-06-28 07:31:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
- SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-14] (Kaspersky Lab ZAO)
- BHO: bestadblocker -> {779463FC-13FD-47AA-A94C-4380CCCA9942} -> C:\Program Files (x86)\bestadblocker\Vq4LeIyIBbjvxA.x64.dll [2015-05-14] ()
- BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO: PriceMinus -> {C30A7C4A-FA38-4E5A-983E-96D16ECE8C1D} -> C:\Program Files (x86)\PriceMinus\daUoz4pzxMRebd.x64.dll [2015-05-14] ()
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-18] (Sun Microsystems, Inc.)
- BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
- BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
- BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-17] (RealPlayer)
- BHO-x32: No Name -> {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} -> No File
- BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
- BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
- BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-14] (Kaspersky Lab ZAO)
- BHO-x32: bestadblocker -> {779463FC-13FD-47AA-A94C-4380CCCA9942} -> C:\Program Files (x86)\bestadblocker\Vq4LeIyIBbjvxA.dll [2015-05-14] ()
- BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
- BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO-x32: PriceMinus -> {C30A7C4A-FA38-4E5A-983E-96D16ECE8C1D} -> C:\Program Files (x86)\PriceMinus\daUoz4pzxMRebd.dll [2015-05-14] ()
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-18] (Sun Microsystems, Inc.)
- BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
- BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
- Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
- Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
- Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
- Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
- Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
- Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
- Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
- Winsock: Catalog9 01 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
- Winsock: Catalog9 02 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
- Winsock: Catalog9 03 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
- Winsock: Catalog9 15 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
- Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
- Tcpip\..\Interfaces\{E87A7E97-F964-4C99-9896-E42B2ECE0710}: [NameServer] 8.8.8.8
- FireFox:
- ========
- FF ProfilePath: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default
- FF DefaultSearchEngine: WebSearch
- FF Homepage: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
- FF Keyword.URL: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86&l=1&q=
- FF Homepage: hxxp://www.hao123.com
- FF Homepage: hxxp://www.hao123.com
- FF SelectedSearchEngine: WebSearch
- FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
- FF SearchEngineOrder.1: WebSearch
- FF SearchEngineOrder.1,S: WebSearch
- FF DefaultSearchEngine,S: WebSearch
- FF SelectedSearchEngine,S: WebSearch
- FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86&l=1&q=
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
- FF Plugin: @microsoft.com/GENUINE -> disabled No File
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-10] ( Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
- FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Trademanager\nptrademanager.dll [2014-12-30] ( )
- FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Trademanager\npwangwang.dll [2014-12-30] ( )
- FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
- FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
- FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Mohammed\funshion\funshiontools\npFunshion.dll [2014-07-30] ( )
- FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
- FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14] ()
- FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14] ()
- FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14] ()
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-10] ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
- FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
- FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
- FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2012-06-08] (Tencent)
- FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
- FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
- FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-17] (RealNetworks, Inc.)
- FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-17] (RealNetworks, Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
- FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Trademanager\npAliSSOLogin.dll [2013-03-27] (Alibaba software (Shanghai) Corporation.)
- FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/nptrademanager;version=1.0 -> C:\Trademanager\nptrademanager.dll [2014-12-30] ( )
- FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Trademanager\npwangwang.dll [2014-12-30] ( )
- FF user.js: detected! => C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\user.js [2013-08-13]
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2013-03-27] ( )
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2013-03-27] ( )
- FF SearchPlugin: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\searchplugins\babylon.xml [2013-08-09]
- FF SearchPlugin: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\searchplugins\WebSearch.xml [2015-05-14]
- FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2015-05-14]
- FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-14]
- FF Extension: No Name - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ffxtlbr@babylon.com [2013-08-09]
- FF Extension: Delta Toolbar - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ffxtlbr@delta.com [2013-08-09]
- FF Extension: WebCake - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\plugin@getwebcake.com [2013-08-09]
- FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-10-01]
- FF Extension: Funshion Player Extension - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9} [2013-08-06]
- FF Extension: FT Downloader - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ftd@ftd.com.xpi [2013-06-26]
- FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909
- FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 [2015-05-14]
- FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
- FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-06]
- FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
- FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-17]
- FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
- FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14]
- FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
- FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14]
- FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-14]
- FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
- FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-14]
- FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
- FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14]
- FF HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
- FF Extension: No Name - C:\ProgramData\AVG Secure Search\12.2.5.32 [Not Found]
- Chrome:
- =======
- CHR dev: Chrome dev build detected! <======= ATTENTION
- CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86"
- CHR Profile: C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (YouTube) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
- CHR Extension: (Translate This) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohaeepgdechbpphaodjkjghdeajomaa [2015-05-14]
- CHR Extension: (Google Search) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
- CHR Extension: (Kaspersky Protection) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-14]
- CHR Extension: (Web Cake) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2014-10-06]
- CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-10-06]
- CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
- CHR Extension: (Google Wallet) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
- CHR Extension: (Gmail) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
- CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
- CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
- CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Web Cake\WebCakeLayers.crx [2013-08-09]
- CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-17]
- CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Mohammed\AppData\Local\Temp\ccex.crx [Not Found]
- ==================== Services (Whitelisted) =================
- (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
- S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
- R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
- R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
- S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
- R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
- R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
- R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
- R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
- R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
- S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
- R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
- S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
- S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
- S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
- S2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
- R2 OnKey Service of DB USB KEY for ABC; C:\Windows\SysWOW64\DBSer_ABC.exe [54528 2011-09-20] ()
- S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
- R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
- S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
- R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
- R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-09] (Sony Corporation) [File not signed]
- R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
- R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel(R) Corporation) [File not signed]
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
- S2 FunshionSvr; C:\Users\Mohammed\funshion\funshiontools\FunshionSvr.dll [X]
- ==================== Drivers (Whitelisted) ====================
- (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
- R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
- R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
- R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
- R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
- R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
- R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
- R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
- R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
- S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-08] ()
- R2 IRNPF; C:\iResearch\Common\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
- R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
- R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-05-14] (Kaspersky Lab ZAO)
- R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
- R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-05-14] (Kaspersky Lab ZAO)
- R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
- R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
- R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
- R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
- R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
- R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
- S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
- S3 massfilter; system32\drivers\massfilter.sys [X]
- U2 MSSQL$DDNI; No ImagePath
- S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
- S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
- S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
- S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
- ==================== One Month Created Files and Folders ========
- (If an entry is included in the fixlist, the file\folder will be moved.)
- 2015-05-18 22:56 - 2015-05-18 23:22 - 00043892 _____ () C:\Users\Mohammed\Desktop\FRST.txt
- 2015-05-18 22:54 - 2015-05-18 23:21 - 00000000 ____D () C:\FRST
- 2015-05-18 22:47 - 2015-05-18 22:49 - 02107392 _____ (Farbar) C:\Users\Mohammed\Desktop\FRST64.exe
- 2015-05-15 13:31 - 2015-05-15 13:31 - 00028160 _____ () C:\Users\Mohammed\Downloads\Mohammed Hammoud- Tanzania May , 2014 (4).XLS
- 2015-05-15 13:11 - 2015-05-15 14:50 - 00009714 _____ () C:\Users\Mohammed\Documents\Upcoming Expenses Prjoection May 15.xlsx
- 2015-05-14 22:52 - 2015-05-14 22:53 - 01557923 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST-UPDATED JUL25.xlsx
- 2015-05-14 22:46 - 2015-05-14 22:46 - 00814009 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST.zip
- 2015-05-14 22:38 - 2015-05-14 22:39 - 00821665 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST 2015 - 副本 (1).xlsx
- 2015-05-14 19:54 - 2015-05-14 19:54 - 00001265 _____ () C:\Users\Mohammed\Desktop\美女直播.lnk
- 2015-05-14 19:54 - 2015-05-14 19:54 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\XiuRes
- 2015-05-14 17:25 - 2015-05-14 17:25 - 01224149 _____ () C:\Users\Mohammed\Downloads\YW003 shipping list updated MAY-11 (1).xlsx
- 2015-05-14 12:46 - 2015-05-14 12:46 - 00813815 _____ () C:\Users\Mohammed\Documents\YW003 SHIPPING LIST UPDATED OCT-18 - 副本.xlsx
- 2015-05-14 12:12 - 2015-05-14 22:59 - 00000000 ____D () C:\Users\Mohammed\Documents\Recovery for USB Docs
- 2015-05-14 11:02 - 2015-05-14 11:35 - 00000000 ____D () C:\Users\Mohammed\Documents\China USB
- 2015-05-14 09:07 - 2015-05-14 09:07 - 00060149 _____ () C:\Users\Mohammed\Downloads\SAIL sand paper quotation.xlsx
- 2015-05-14 01:12 - 2015-05-14 01:12 - 00000000 ____D () C:\Users\Mohammed\Downloads\Kaspersky Internet Security 2015 x86x64 crack and patch [FILETIE.COM]
- 2015-05-14 01:10 - 2015-05-14 13:54 - 00458597 _____ () C:\Users\Mohammed\Downloads\Kaspersky Internet Security 2015 x86x64 crack and patch [FILETIE.COM].rar
- 2015-05-14 00:59 - 2015-05-14 13:54 - 00000000 ____D () C:\Users\Mohammed\Downloads\Kaspersky Reset Trial 4.0.0.22 Final
- 2015-05-14 00:58 - 2015-05-14 00:59 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\WinZip
- 2015-05-14 00:58 - 2015-05-14 00:58 - 00002287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
- 2015-05-14 00:58 - 2015-05-14 00:58 - 00002281 _____ () C:\Users\Public\Desktop\WinZip.lnk
- 2015-05-14 00:58 - 2015-05-14 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
- 2015-05-14 00:44 - 2015-05-14 00:44 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\Mohammed\Downloads\winzip19-new (1).exe
- 2015-05-14 00:40 - 2015-05-14 00:40 - 00000000 ____D () C:\ProgramData\UniqueId
- 2015-05-14 00:39 - 2015-05-14 00:40 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\Mohammed\Downloads\winzip19-new.exe
- 2015-05-14 00:37 - 2015-05-14 13:54 - 00018201 _____ () C:\Users\Mohammed\Downloads\Kaspersky Reset Trial 4.0.0.22 Final.rar
- 2015-05-14 00:33 - 2015-05-14 00:33 - 00000000 ____D () C:\Program Files (x86)\RelayDouble
- 2015-05-14 00:32 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\Translate This
- 2015-05-14 00:31 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\PriceMinus
- 2015-05-14 00:31 - 2015-05-14 12:58 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
- 2015-05-14 00:30 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\PricceMMiinus
- 2015-05-14 00:30 - 2015-05-14 00:32 - 00000000 ____D () C:\ProgramData\2769249804042623684
- 2015-05-14 00:29 - 2015-05-14 10:31 - 00000000 ____D () C:\ProgramData\akdepjkckjnnlcghikeogahblahoggjn
- 2015-05-14 00:25 - 2015-05-14 14:36 - 00000000 ____D () C:\ProgramData\{faf99f45-be2a-4ca6-faf9-99f45be27d16}
- 2015-05-14 00:24 - 2015-05-14 16:38 - 00000000 ____D () C:\ProgramData\{de72bef4-fd70-63f9-de72-2bef4fd7fbd3}
- 2015-05-14 00:24 - 2015-05-14 00:24 - 00000428 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
- 2015-05-14 00:19 - 2015-05-14 01:15 - 00002334 _____ () C:\Users\Mohammed\Desktop\Safe Money.lnk
- 2015-05-14 00:18 - 2015-05-14 00:18 - 00001188 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
- 2015-05-14 00:18 - 2015-05-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
- 2015-05-14 00:18 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
- 2015-05-14 00:17 - 2015-05-18 21:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
- 2015-05-14 00:17 - 2015-05-14 01:54 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
- 2015-05-14 00:17 - 2015-05-14 01:54 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
- 2015-05-14 00:17 - 2015-05-14 00:17 - 00000000 ____D () C:\Windows\ELAMBKUP
- 2015-05-14 00:17 - 2015-05-14 00:17 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
- 2015-05-14 00:17 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
- 2015-05-14 00:10 - 2015-05-14 00:10 - 00738454 _____ () C:\Windows\PFRO.log
- 2015-05-13 23:13 - 2015-05-13 23:45 - 169730880 _____ (Kaspersky Lab) C:\Users\Mohammed\Downloads\kis15.0.0.463en_6024.exe
- 2015-05-13 23:01 - 2015-05-13 23:01 - 00000857 _____ () C:\Users\Mohammed\Desktop\µTorrent.lnk
- 2015-05-13 23:01 - 2015-05-13 23:01 - 00000837 _____ () C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
- 2015-05-13 22:02 - 2015-05-13 22:02 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\AVG2015
- 2015-05-13 22:01 - 2015-05-13 22:01 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
- 2015-05-13 22:01 - 2015-05-13 22:01 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\TuneUp Software
- 2015-05-13 22:01 - 2015-05-13 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
- 2015-05-13 21:59 - 2015-05-13 22:03 - 00000000 ____D () C:\ProgramData\AVG2015
- 2015-05-13 21:59 - 2015-05-13 21:59 - 00000000 ___HD () C:\$AVG
- 2015-05-13 21:59 - 2015-05-13 21:59 - 00000000 ____D () C:\Program Files (x86)\AVG
- 2015-05-13 21:10 - 2015-05-18 23:21 - 00000000 ____D () C:\ProgramData\MFAData
- 2015-05-13 21:10 - 2015-05-13 22:28 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Avg2015
- 2015-05-13 21:10 - 2015-05-13 21:10 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\MFAData
- 2015-05-13 21:08 - 2015-05-13 21:09 - 04635400 _____ (AVG Technologies) C:\Users\Mohammed\Downloads\avg_avct_stb_all_2015_5577_ppc-avc-welcomecmp5.exe
- 2015-05-11 12:36 - 2015-05-11 12:37 - 01224149 _____ () C:\Users\Mohammed\Downloads\YW003 shipping list updated MAY-11.xlsx
- 2015-05-11 10:36 - 2015-05-11 10:36 - 00021504 _____ () C:\Users\Mohammed\Downloads\QUOTATION FOR SH- DAR ES SALAAM-YW003 .xls
- 2015-05-01 11:48 - 2015-05-04 21:35 - 00030784 _____ () C:\Users\Mohammed\Documents\Stock List.xlsx
- 2015-04-29 06:46 - 2015-04-29 06:46 - 00023040 _____ () C:\Users\Mohammed\AppData\Roaming\...And Justice for All. (1979) BRRip 720p x264 AAC-Ameet6233.mp4
- 2015-04-29 06:46 - 2015-04-29 06:46 - 00000199 _____ () C:\Users\Mohammed\AppData\Roaming\g2tqhjhewq211sg
- 2015-04-26 22:32 - 2015-04-26 22:34 - 01200237 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-25.xlsx
- 2015-04-25 10:39 - 2015-04-25 10:40 - 01193828 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-24 (1).xlsx
- 2015-04-24 13:00 - 2015-04-25 11:29 - 01227970 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-24.xlsx
- 2015-04-22 09:43 - 2015-04-22 10:39 - 01209683 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-22.xlsx
- ==================== One Month Modified Files and Folders =======
- (If an entry is included in the fixlist, the file\folder will be moved.)
- 2015-05-18 23:20 - 2014-01-04 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2015-05-18 23:08 - 2011-04-08 12:08 - 00002928 _____ () C:\Users\Mohammed\funshion.ini
- 2015-05-18 22:57 - 2010-12-03 00:40 - 01507671 _____ () C:\Windows\WindowsUpdate.log
- 2015-05-18 22:38 - 2011-08-08 06:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-05-18 22:06 - 2013-10-30 11:08 - 00000000 ____D () C:\Users\Public\Fundata
- 2015-05-18 21:22 - 2009-07-14 07:45 - 00013888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2015-05-18 21:22 - 2009-07-14 07:45 - 00013888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2015-05-18 21:07 - 2014-07-04 05:21 - 00000000 ____D () C:\Users\Public\FunAcce
- 2015-05-15 15:38 - 2013-03-04 02:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1865304e035b.job
- 2015-05-15 10:40 - 2014-10-06 09:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
- 2015-05-15 10:17 - 2015-04-11 09:16 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\GreenKuwo
- 2015-05-15 10:17 - 2014-11-14 21:02 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\Zoo
- 2015-05-15 10:15 - 2012-03-11 14:46 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\uTorrent
- 2015-05-15 10:04 - 2011-04-17 00:33 - 00000000 ____D () C:\Users\Mohammed\funshion
- 2015-05-15 10:04 - 2010-11-18 09:58 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
- 2015-05-15 10:03 - 2015-01-10 23:48 - 00012034 _____ () C:\Windows\setupact.log
- 2015-05-15 10:03 - 2013-03-05 01:42 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job
- 2015-05-15 10:03 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2015-05-14 19:07 - 2009-07-14 08:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2015-05-14 14:03 - 2012-06-28 02:31 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
- 2015-05-14 13:53 - 2014-11-15 03:47 - 00010095 _____ () C:\Users\Mohammed\Desktop\Kaspersky Internet Security 2015 (a) Crk Update V4.rar
- 2015-05-14 13:53 - 2014-11-15 03:47 - 00010095 _____ () C:\Users\Mohammed\Desktop\Kaspersky Internet Security 2015 (a) Crk Update V4(2).rar
- 2015-05-14 13:42 - 2015-03-20 12:11 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
- 2015-05-14 09:10 - 2013-07-11 04:20 - 00000000 ____D () C:\Users\Mohammed\Documents\Add-in Express
- 2015-05-14 01:13 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
- 2015-05-14 01:13 - 2014-03-10 10:48 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
- 2015-05-14 01:13 - 2013-10-01 13:03 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Hewlett-Packard
- 2015-05-14 01:13 - 2011-04-15 08:42 - 00000000 ____D () C:\ProgramData\Skype
- 2015-05-14 00:58 - 2015-03-20 12:24 - 00000000 ____D () C:\ProgramData\WinZip
- 2015-05-14 00:57 - 2011-11-15 13:02 - 00000000 ____D () C:\Program Files\WinZip
- 2015-05-14 00:10 - 2010-11-18 10:59 - 00000000 ____D () C:\ProgramData\Norton
- 2015-05-13 23:59 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\migwiz
- 2015-05-13 20:39 - 2015-01-10 23:49 - 00015827 _____ () C:\Windows\AutoKMS.log
- 2015-05-13 15:27 - 2013-10-17 16:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
- 2015-05-09 12:47 - 2011-04-17 01:47 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\CrashDumps
- 2015-05-05 10:02 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
- 2015-05-01 17:05 - 2014-01-06 12:03 - 00000000 ____D () C:\Trademanager
- 2015-04-30 17:15 - 2011-08-30 12:09 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\CutePDF Writer
- 2015-04-30 10:57 - 2014-01-06 12:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
- 2015-04-28 09:45 - 2009-07-14 08:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
- 2015-04-20 21:38 - 2015-04-17 12:47 - 01452789 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-17.xlsx
- ==================== Files in the root of some directories =======
- 2015-04-29 06:46 - 2015-04-29 06:46 - 0023040 _____ () C:\Users\Mohammed\AppData\Roaming\...And Justice for All. (1979) BRRip 720p x264 AAC-Ameet6233.mp4
- 2015-04-26 18:21 - 2015-04-26 18:21 - 0023040 _____ () C:\Users\Mohammed\AppData\Roaming\08. Bloody Palms.mp3
- 2011-11-24 14:44 - 2014-12-09 20:02 - 0000911 _____ () C:\Users\Mohammed\AppData\Roaming\coreavc.ini
- 2015-04-29 06:46 - 2015-04-29 06:46 - 0000199 _____ () C:\Users\Mohammed\AppData\Roaming\g2tqhjhewq211sg
- 2012-07-17 00:08 - 2012-07-17 00:08 - 0007605 _____ () C:\Users\Mohammed\AppData\Local\Resmon.ResmonCfg
- 2012-09-06 03:21 - 2012-09-06 03:37 - 0000836 _____ () C:\ProgramData\hpzinstall.log
- Files to move or delete:
- ====================
- C:\Users\Mohammed\com_securenetasia_p11wrapper3_cbs.bochk.com.dll
- Some content of TEMP:
- ====================
- C:\Users\Mohammed\AppData\Local\Temp\u2n5dwdt.dll
- C:\Users\Mohammed\AppData\Local\Temp\uttC3A9.tmp.exe
- ==================== Bamital & volsnap Check =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\System32\winlogon.exe => File is digitally signed
- C:\Windows\System32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\System32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\System32\services.exe => File is digitally signed
- C:\Windows\System32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\System32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\System32\rpcss.dll => File is digitally signed
- C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-02-04 19:42
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement