API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 18th, 2015
516
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 56.62 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
  2. Ran by Mohammed (administrator) on MOHAMMED-PC on 18-05-2015 23:21:48
  3. Running from C:\Users\Mohammed\Desktop
  4. Loaded Profiles: Mohammed (Available profiles: Mohammed)
  5. Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
  6. Internet Explorer Version 9 (Default browser: IE)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
  15. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
  16. (Microsoft Corporation) C:\Windows\System32\wlanext.exe
  17. (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  18. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
  19. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
  20. (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
  21. (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
  22. (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
  23. (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
  24. (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
  25. (HP) C:\Windows\System32\HPSIsvc.exe
  26. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  27. (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
  28. () C:\Windows\SysWOW64\DBSer_ABC.exe
  29. (Tendyron Corporation) C:\Windows\SysWOW64\DBMon_ABC.exe
  30. (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
  31. (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
  32. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
  33. (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
  34. (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
  35. (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
  36. (Intel Corporation) C:\Windows\System32\hkcmd.exe
  37. (Intel Corporation) C:\Windows\System32\igfxpers.exe
  38. (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
  39. (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
  40. (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
  41. (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
  42. (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  43. (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
  44. (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
  45. (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
  46. (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
  47. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
  48. (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
  49. (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
  50. (Tendyron Corporation) C:\Windows\SysWOW64\DBSvr_ABC.exe
  51. (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
  52. () C:\Program Files (x86)\AVG Secure Search\vprot.exe
  53. (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
  54. () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
  55. (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
  56. (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
  57. (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
  58. (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
  59. (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
  60. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
  61. (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
  62. (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
  63. (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
  64. (Intel Corporation) C:\Windows\System32\igfxext.exe
  65. (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
  66. () C:\Users\Mohammed\funshion\mobileinfo\tfadb.exe
  67. (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
  68. (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
  69. (Funshion Online Technologies Ltd.) C:\Funshion\Funshion Online\3.0.1.23\FunshionService.exe
  70. (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
  71. (ALPS) C:\Program Files\Apoint\Apvfb.exe
  72. (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
  73. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
  74. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
  75. (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
  76. (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
  77. (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
  78. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  79. (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
  80. (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
  81. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  82. (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
  83. (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
  84. (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
  85. (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
  86. (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
  87. (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
  88. (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
  89. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  90. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  91. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  92. (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
  93. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  94. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  95.  
  96.  
  97. ==================== Registry (Whitelisted) ==================
  98.  
  99. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  100.  
  101. HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-06-01] (Realtek Semiconductor)
  102. HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-06-01] (Realtek Semiconductor)
  103. HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-06-01] (Alps Electric Co., Ltd.)
  104. HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
  105. HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1931024 2010-07-20] (Intel(R) Corporation)
  106. HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
  107. HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
  108. HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-06-01] (Sony Corporation)
  109. HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
  110. HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
  111. HKLM-x32\...\Run: [DBSvr_ABC.exe] => DBSvr_ABC.exe
  112. HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
  113. HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  114. HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
  115. HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-14] ()
  116. HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
  117. HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
  118. HKLM-x32\...\Run: [] => [X]
  119. HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
  120. HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
  121. HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
  122. HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
  123. HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
  124. Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
  125. HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
  126. HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
  127. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [AdobeBridge] => [X]
  128. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [Funshion] => C:\Funshion\Funshion Online\3.0.1.23\Funshion.exe [3639120 2014-08-07] (风行在线技术有限公司)
  129. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
  130. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
  131. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
  132. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [ujkbvnr] => rundll32 "C:\Users\Mohammed\AppData\Local\ujkbvnr.dll",ujkbvnr <===== ATTENTION
  133. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [jkieora] => rundll32 "C:\Users\Mohammed\AppData\Local\jkieora.dll",jkieora <===== ATTENTION
  134. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Run: [uTorrent] => C:\Users\Mohammed\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-13] (BitTorrent Inc.)
  135. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe [927920 2015-04-15] (Adobe Systems Incorporated)
  136. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Policies\Explorer: [NoFolderOptions] 0
  137. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {1737e631-9fbd-11e1-873c-544249fa630b} - D:\AutoRun.exe {845311CD-9D87-4C26-884B-0219F5CCFC16} PCW_CHN_CM_U810_V1.0.0B09
  138. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {246e4408-f226-11e0-8c01-544249fa630b} - D:\ABCInstall.exe
  139. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {7d505985-764b-11e4-a44f-544249fa630b} - D:\HiSuiteDownLoader.exe
  140. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {bb100c8b-d8ef-11e1-9468-544249fa630b} - D:\Autorun.exe
  141. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\MountPoints2: {c72c929f-874f-11e3-868a-544249fa630b} - D:\AutoRun.exe
  142. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
  143. HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
  144. AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll" File Not Found
  145. Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-05-14]
  146. ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
  147. Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-09-06]
  148. ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
  149. Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-05-14]
  150. ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
  151. Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-18]
  152. ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
  153. Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-18]
  154. ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
  155. Startup: C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Internet Security 2015 (a) Crk Update V4.rar.lnk [2015-05-14]
  156. ShortcutTarget: Kaspersky Internet Security 2015 (a) Crk Update V4.rar.lnk -> C:\ProgramData\{faf99f45-be2a-4ca6-faf9-99f45be27d16}\Kaspersky Internet Security 2015 (a) Crk Update V4.rar.exe (No File)
  157. Startup: C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2015-03-20]
  158. ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
  159. ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Lisan.dll [2015-04-25] (tools )
  160. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  161.  
  162. ==================== Internet (Whitelisted) ====================
  163.  
  164. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  165.  
  166. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  167. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
  168. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
  169. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.8.0.14
  170. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  171. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
  172. HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
  173. URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
  174. URLSearchHook: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
  175. SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
  176. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
  177. SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  178. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
  179. SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  180. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
  181. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  182. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  183. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
  184. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {2DE3AE49-0967-49E2-9EDF-4E6CCC8CBA8F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
  185. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={ECF0C027-FBC2-4F12-A399-EFE6FAD68169}&mid=3d536a6e751c4b0291d83766e19ccb95-b2b32fc67ad6ec344c73b0a6c7574fc3dda01d17&lang=en&ds=hk011&pr=sa&d=2012-06-28 07:31:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
  186. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=19
  187. SearchScopes: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  188. BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
  189. BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-14] (Kaspersky Lab ZAO)
  190. BHO: bestadblocker -> {779463FC-13FD-47AA-A94C-4380CCCA9942} -> C:\Program Files (x86)\bestadblocker\Vq4LeIyIBbjvxA.x64.dll [2015-05-14] ()
  191. BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
  192. BHO: PriceMinus -> {C30A7C4A-FA38-4E5A-983E-96D16ECE8C1D} -> C:\Program Files (x86)\PriceMinus\daUoz4pzxMRebd.x64.dll [2015-05-14] ()
  193. BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-18] (Sun Microsystems, Inc.)
  194. BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
  195. BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
  196. BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
  197. BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-17] (RealPlayer)
  198. BHO-x32: No Name -> {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} -> No File
  199. BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
  200. BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
  201. BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
  202. BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-05-14] (Kaspersky Lab ZAO)
  203. BHO-x32: bestadblocker -> {779463FC-13FD-47AA-A94C-4380CCCA9942} -> C:\Program Files (x86)\bestadblocker\Vq4LeIyIBbjvxA.dll [2015-05-14] ()
  204. BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
  205. BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
  206. BHO-x32: PriceMinus -> {C30A7C4A-FA38-4E5A-983E-96D16ECE8C1D} -> C:\Program Files (x86)\PriceMinus\daUoz4pzxMRebd.dll [2015-05-14] ()
  207. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-11-18] (Sun Microsystems, Inc.)
  208. BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
  209. BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
  210. Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll [2011-05-09] (Conduit Ltd.)
  211. Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
  212. Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
  213. Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
  214. Toolbar: HKU\S-1-5-21-1028758991-2829011193-4192793255-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
  215. Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
  216. Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
  217. Winsock: Catalog9 01 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
  218. Winsock: Catalog9 02 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
  219. Winsock: Catalog9 03 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
  220. Winsock: Catalog9 15 C:\Users\Public\FunAcce\FunAcce.dll [187728 2014-07-05] (Funshion Online Technologies Ltd.)
  221. Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
  222. Tcpip\..\Interfaces\{E87A7E97-F964-4C99-9896-E42B2ECE0710}: [NameServer] 8.8.8.8
  223.  
  224. FireFox:
  225. ========
  226. FF ProfilePath: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default
  227. FF DefaultSearchEngine: WebSearch
  228. FF Homepage: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86
  229. FF Keyword.URL: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86&l=1&q=
  230. FF Homepage: hxxp://www.hao123.com
  231. FF Homepage: hxxp://www.hao123.com
  232. FF SelectedSearchEngine: WebSearch
  233. FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=F05B002315777B65&affID=119776&tt=070813_wt3&tsp=4969
  234. FF SearchEngineOrder.1: WebSearch
  235. FF SearchEngineOrder.1,S: WebSearch
  236. FF DefaultSearchEngine,S: WebSearch
  237. FF SelectedSearchEngine,S: WebSearch
  238. FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86&l=1&q=
  239. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
  240. FF Plugin: @microsoft.com/GENUINE -> disabled No File
  241. FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-10] ( Microsoft Corporation)
  242. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
  243. FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Trademanager\nptrademanager.dll [2014-12-30] ( )
  244. FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Trademanager\npwangwang.dll [2014-12-30] ( )
  245. FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
  246. FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
  247. FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Mohammed\funshion\funshiontools\npFunshion.dll [2014-07-30] ( )
  248. FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
  249. FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14] ()
  250. FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14] ()
  251. FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14] ()
  252. FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  253. FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-10] ( Microsoft Corporation)
  254. FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
  255. FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
  256. FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
  257. FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2012-06-08] (Tencent)
  258. FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
  259. FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
  260. FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-17] (RealNetworks, Inc.)
  261. FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-17] (RealNetworks, Inc.)
  262. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
  263. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
  264. FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
  265. FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Trademanager\npAliSSOLogin.dll [2013-03-27] (Alibaba software (Shanghai) Corporation.)
  266. FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/nptrademanager;version=1.0 -> C:\Trademanager\nptrademanager.dll [2014-12-30] ( )
  267. FF Plugin HKU\S-1-5-21-1028758991-2829011193-4192793255-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Trademanager\npwangwang.dll [2014-12-30] ( )
  268. FF user.js: detected! => C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\user.js [2013-08-13]
  269. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
  270. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
  271. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
  272. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
  273. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
  274. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
  275. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2013-03-27] ( )
  276. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2013-03-27] ( )
  277. FF SearchPlugin: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\searchplugins\babylon.xml [2013-08-09]
  278. FF SearchPlugin: C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\searchplugins\WebSearch.xml [2015-05-14]
  279. FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2015-05-14]
  280. FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-14]
  281. FF Extension: No Name - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ffxtlbr@babylon.com [2013-08-09]
  282. FF Extension: Delta Toolbar - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ffxtlbr@delta.com [2013-08-09]
  283. FF Extension: WebCake - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\plugin@getwebcake.com [2013-08-09]
  284. FF Extension: uTorrentControl2 Community Toolbar - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012-10-01]
  285. FF Extension: Funshion Player Extension - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9} [2013-08-06]
  286. FF Extension: FT Downloader - C:\Users\Mohammed\AppData\Roaming\Mozilla\Firefox\Profiles\i6kjioej.default\Extensions\ftd@ftd.com.xpi [2013-06-26]
  287. FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909
  288. FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 [2015-05-14]
  289. FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
  290. FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-06]
  291. FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
  292. FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-17]
  293. FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
  294. FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-05-14]
  295. FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
  296. FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-05-14]
  297. FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
  298. FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-05-14]
  299. FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
  300. FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-05-14]
  301. FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
  302. FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-05-14]
  303. FF HKU\S-1-5-21-1028758991-2829011193-4192793255-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
  304. FF Extension: No Name - C:\ProgramData\AVG Secure Search\12.2.5.32 [Not Found]
  305.  
  306. Chrome:
  307. =======
  308. CHR dev: Chrome dev build detected! <======= ATTENTION
  309. CHR StartupUrls: Default -> "hxxp://websearch.goodforsearch.info/?pid=24429&r=2015/05/13&hid=8219739977188022948&lg=EN&cc=TZ&unqvl=86"
  310. CHR Profile: C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default
  311. CHR Extension: (YouTube) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
  312. CHR Extension: (Translate This) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohaeepgdechbpphaodjkjghdeajomaa [2015-05-14]
  313. CHR Extension: (Google Search) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
  314. CHR Extension: (Kaspersky Protection) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-14]
  315. CHR Extension: (Web Cake) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2014-10-06]
  316. CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-10-06]
  317. CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
  318. CHR Extension: (Google Wallet) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
  319. CHR Extension: (Gmail) - C:\Users\Mohammed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]
  320. CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
  321. CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
  322. CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Web Cake\WebCakeLayers.crx [2013-08-09]
  323. CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-17]
  324. CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
  325. CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
  326. CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Mohammed\AppData\Local\Temp\ccex.crx [Not Found]
  327.  
  328. ==================== Services (Whitelisted) =================
  329.  
  330. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  331.  
  332. S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
  333. R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
  334. R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
  335. S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
  336. R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
  337. R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
  338. R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
  339. R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
  340. R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
  341. S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
  342. R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
  343. S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
  344. S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
  345. S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
  346. S2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
  347. R2 OnKey Service of DB USB KEY for ABC; C:\Windows\SysWOW64\DBSer_ABC.exe [54528 2011-09-20] ()
  348. S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
  349. R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
  350. S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
  351. R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
  352. R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-09] (Sony Corporation) [File not signed]
  353. R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
  354. R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel(R) Corporation) [File not signed]
  355. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
  356. S2 FunshionSvr; C:\Users\Mohammed\funshion\funshiontools\FunshionSvr.dll [X]
  357.  
  358. ==================== Drivers (Whitelisted) ====================
  359.  
  360. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  361.  
  362. R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
  363. R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
  364. R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
  365. R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
  366. R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
  367. R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
  368. R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
  369. R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
  370. S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-08] ()
  371. R2 IRNPF; C:\iResearch\Common\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
  372. R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
  373. R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-05-14] (Kaspersky Lab ZAO)
  374. R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
  375. R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-05-14] (Kaspersky Lab ZAO)
  376. R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
  377. R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
  378. R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
  379. R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
  380. R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
  381. R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
  382. S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
  383. S3 massfilter; system32\drivers\massfilter.sys [X]
  384. U2 MSSQL$DDNI; No ImagePath
  385. S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
  386. S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
  387. S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
  388. S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
  389.  
  390. ==================== NetSvcs (Whitelisted) ===================
  391.  
  392. (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
  393.  
  394.  
  395. ==================== One Month Created Files and Folders ========
  396.  
  397. (If an entry is included in the fixlist, the file\folder will be moved.)
  398.  
  399. 2015-05-18 22:56 - 2015-05-18 23:22 - 00043892 _____ () C:\Users\Mohammed\Desktop\FRST.txt
  400. 2015-05-18 22:54 - 2015-05-18 23:21 - 00000000 ____D () C:\FRST
  401. 2015-05-18 22:47 - 2015-05-18 22:49 - 02107392 _____ (Farbar) C:\Users\Mohammed\Desktop\FRST64.exe
  402. 2015-05-15 13:31 - 2015-05-15 13:31 - 00028160 _____ () C:\Users\Mohammed\Downloads\Mohammed Hammoud- Tanzania May , 2014 (4).XLS
  403. 2015-05-15 13:11 - 2015-05-15 14:50 - 00009714 _____ () C:\Users\Mohammed\Documents\Upcoming Expenses Prjoection May 15.xlsx
  404. 2015-05-14 22:52 - 2015-05-14 22:53 - 01557923 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST-UPDATED JUL25.xlsx
  405. 2015-05-14 22:46 - 2015-05-14 22:46 - 00814009 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST.zip
  406. 2015-05-14 22:38 - 2015-05-14 22:39 - 00821665 _____ () C:\Users\Mohammed\Downloads\YW003 SHIPPING LIST 2015 - 副本 (1).xlsx
  407. 2015-05-14 19:54 - 2015-05-14 19:54 - 00001265 _____ () C:\Users\Mohammed\Desktop\美女直播.lnk
  408. 2015-05-14 19:54 - 2015-05-14 19:54 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\XiuRes
  409. 2015-05-14 17:25 - 2015-05-14 17:25 - 01224149 _____ () C:\Users\Mohammed\Downloads\YW003 shipping list updated MAY-11 (1).xlsx
  410. 2015-05-14 12:46 - 2015-05-14 12:46 - 00813815 _____ () C:\Users\Mohammed\Documents\YW003 SHIPPING LIST UPDATED OCT-18 - 副本.xlsx
  411. 2015-05-14 12:12 - 2015-05-14 22:59 - 00000000 ____D () C:\Users\Mohammed\Documents\Recovery for USB Docs
  412. 2015-05-14 11:02 - 2015-05-14 11:35 - 00000000 ____D () C:\Users\Mohammed\Documents\China USB
  413. 2015-05-14 09:07 - 2015-05-14 09:07 - 00060149 _____ () C:\Users\Mohammed\Downloads\SAIL sand paper quotation.xlsx
  414. 2015-05-14 01:12 - 2015-05-14 01:12 - 00000000 ____D () C:\Users\Mohammed\Downloads\Kaspersky Internet Security 2015 x86x64 crack and patch [FILETIE.COM]
  415. 2015-05-14 01:10 - 2015-05-14 13:54 - 00458597 _____ () C:\Users\Mohammed\Downloads\Kaspersky Internet Security 2015 x86x64 crack and patch [FILETIE.COM].rar
  416. 2015-05-14 00:59 - 2015-05-14 13:54 - 00000000 ____D () C:\Users\Mohammed\Downloads\Kaspersky Reset Trial 4.0.0.22 Final
  417. 2015-05-14 00:58 - 2015-05-14 00:59 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\WinZip
  418. 2015-05-14 00:58 - 2015-05-14 00:58 - 00002287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
  419. 2015-05-14 00:58 - 2015-05-14 00:58 - 00002281 _____ () C:\Users\Public\Desktop\WinZip.lnk
  420. 2015-05-14 00:58 - 2015-05-14 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
  421. 2015-05-14 00:44 - 2015-05-14 00:44 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\Mohammed\Downloads\winzip19-new (1).exe
  422. 2015-05-14 00:40 - 2015-05-14 00:40 - 00000000 ____D () C:\ProgramData\UniqueId
  423. 2015-05-14 00:39 - 2015-05-14 00:40 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\Mohammed\Downloads\winzip19-new.exe
  424. 2015-05-14 00:37 - 2015-05-14 13:54 - 00018201 _____ () C:\Users\Mohammed\Downloads\Kaspersky Reset Trial 4.0.0.22 Final.rar
  425. 2015-05-14 00:33 - 2015-05-14 00:33 - 00000000 ____D () C:\Program Files (x86)\RelayDouble
  426. 2015-05-14 00:32 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\Translate This
  427. 2015-05-14 00:31 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\PriceMinus
  428. 2015-05-14 00:31 - 2015-05-14 12:58 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
  429. 2015-05-14 00:30 - 2015-05-14 13:43 - 00000000 ____D () C:\Program Files (x86)\PricceMMiinus
  430. 2015-05-14 00:30 - 2015-05-14 00:32 - 00000000 ____D () C:\ProgramData\2769249804042623684
  431. 2015-05-14 00:29 - 2015-05-14 10:31 - 00000000 ____D () C:\ProgramData\akdepjkckjnnlcghikeogahblahoggjn
  432. 2015-05-14 00:25 - 2015-05-14 14:36 - 00000000 ____D () C:\ProgramData\{faf99f45-be2a-4ca6-faf9-99f45be27d16}
  433. 2015-05-14 00:24 - 2015-05-14 16:38 - 00000000 ____D () C:\ProgramData\{de72bef4-fd70-63f9-de72-2bef4fd7fbd3}
  434. 2015-05-14 00:24 - 2015-05-14 00:24 - 00000428 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
  435. 2015-05-14 00:19 - 2015-05-14 01:15 - 00002334 _____ () C:\Users\Mohammed\Desktop\Safe Money.lnk
  436. 2015-05-14 00:18 - 2015-05-14 00:18 - 00001188 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
  437. 2015-05-14 00:18 - 2015-05-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
  438. 2015-05-14 00:18 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
  439. 2015-05-14 00:17 - 2015-05-18 21:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
  440. 2015-05-14 00:17 - 2015-05-14 01:54 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
  441. 2015-05-14 00:17 - 2015-05-14 01:54 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
  442. 2015-05-14 00:17 - 2015-05-14 00:17 - 00000000 ____D () C:\Windows\ELAMBKUP
  443. 2015-05-14 00:17 - 2015-05-14 00:17 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
  444. 2015-05-14 00:17 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
  445. 2015-05-14 00:10 - 2015-05-14 00:10 - 00738454 _____ () C:\Windows\PFRO.log
  446. 2015-05-13 23:13 - 2015-05-13 23:45 - 169730880 _____ (Kaspersky Lab) C:\Users\Mohammed\Downloads\kis15.0.0.463en_6024.exe
  447. 2015-05-13 23:01 - 2015-05-13 23:01 - 00000857 _____ () C:\Users\Mohammed\Desktop\µTorrent.lnk
  448. 2015-05-13 23:01 - 2015-05-13 23:01 - 00000837 _____ () C:\Users\Mohammed\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
  449. 2015-05-13 22:02 - 2015-05-13 22:02 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\AVG2015
  450. 2015-05-13 22:01 - 2015-05-13 22:01 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
  451. 2015-05-13 22:01 - 2015-05-13 22:01 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\TuneUp Software
  452. 2015-05-13 22:01 - 2015-05-13 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
  453. 2015-05-13 21:59 - 2015-05-13 22:03 - 00000000 ____D () C:\ProgramData\AVG2015
  454. 2015-05-13 21:59 - 2015-05-13 21:59 - 00000000 ___HD () C:\$AVG
  455. 2015-05-13 21:59 - 2015-05-13 21:59 - 00000000 ____D () C:\Program Files (x86)\AVG
  456. 2015-05-13 21:10 - 2015-05-18 23:21 - 00000000 ____D () C:\ProgramData\MFAData
  457. 2015-05-13 21:10 - 2015-05-13 22:28 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Avg2015
  458. 2015-05-13 21:10 - 2015-05-13 21:10 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\MFAData
  459. 2015-05-13 21:08 - 2015-05-13 21:09 - 04635400 _____ (AVG Technologies) C:\Users\Mohammed\Downloads\avg_avct_stb_all_2015_5577_ppc-avc-welcomecmp5.exe
  460. 2015-05-11 12:36 - 2015-05-11 12:37 - 01224149 _____ () C:\Users\Mohammed\Downloads\YW003 shipping list updated MAY-11.xlsx
  461. 2015-05-11 10:36 - 2015-05-11 10:36 - 00021504 _____ () C:\Users\Mohammed\Downloads\QUOTATION FOR SH- DAR ES SALAAM-YW003 .xls
  462. 2015-05-01 11:48 - 2015-05-04 21:35 - 00030784 _____ () C:\Users\Mohammed\Documents\Stock List.xlsx
  463. 2015-04-29 06:46 - 2015-04-29 06:46 - 00023040 _____ () C:\Users\Mohammed\AppData\Roaming\...And Justice for All. (1979) BRRip 720p x264 AAC-Ameet6233.mp4
  464. 2015-04-29 06:46 - 2015-04-29 06:46 - 00000199 _____ () C:\Users\Mohammed\AppData\Roaming\g2tqhjhewq211sg
  465. 2015-04-26 22:32 - 2015-04-26 22:34 - 01200237 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-25.xlsx
  466. 2015-04-25 10:39 - 2015-04-25 10:40 - 01193828 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-24 (1).xlsx
  467. 2015-04-24 13:00 - 2015-04-25 11:29 - 01227970 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-24.xlsx
  468. 2015-04-22 09:43 - 2015-04-22 10:39 - 01209683 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-22.xlsx
  469.  
  470. ==================== One Month Modified Files and Folders =======
  471.  
  472. (If an entry is included in the fixlist, the file\folder will be moved.)
  473.  
  474. 2015-05-18 23:20 - 2014-01-04 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
  475. 2015-05-18 23:08 - 2011-04-08 12:08 - 00002928 _____ () C:\Users\Mohammed\funshion.ini
  476. 2015-05-18 22:57 - 2010-12-03 00:40 - 01507671 _____ () C:\Windows\WindowsUpdate.log
  477. 2015-05-18 22:38 - 2011-08-08 06:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  478. 2015-05-18 22:06 - 2013-10-30 11:08 - 00000000 ____D () C:\Users\Public\Fundata
  479. 2015-05-18 21:22 - 2009-07-14 07:45 - 00013888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  480. 2015-05-18 21:22 - 2009-07-14 07:45 - 00013888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  481. 2015-05-18 21:07 - 2014-07-04 05:21 - 00000000 ____D () C:\Users\Public\FunAcce
  482. 2015-05-15 15:38 - 2013-03-04 02:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce1865304e035b.job
  483. 2015-05-15 10:40 - 2014-10-06 09:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
  484. 2015-05-15 10:17 - 2015-04-11 09:16 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\GreenKuwo
  485. 2015-05-15 10:17 - 2014-11-14 21:02 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\Zoo
  486. 2015-05-15 10:15 - 2012-03-11 14:46 - 00000000 ____D () C:\Users\Mohammed\AppData\Roaming\uTorrent
  487. 2015-05-15 10:04 - 2011-04-17 00:33 - 00000000 ____D () C:\Users\Mohammed\funshion
  488. 2015-05-15 10:04 - 2010-11-18 09:58 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
  489. 2015-05-15 10:03 - 2015-01-10 23:48 - 00012034 _____ () C:\Windows\setupact.log
  490. 2015-05-15 10:03 - 2013-03-05 01:42 - 00000206 _____ () C:\Windows\Tasks\AutoKMS.job
  491. 2015-05-15 10:03 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
  492. 2015-05-14 19:07 - 2009-07-14 08:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
  493. 2015-05-14 14:03 - 2012-06-28 02:31 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
  494. 2015-05-14 13:53 - 2014-11-15 03:47 - 00010095 _____ () C:\Users\Mohammed\Desktop\Kaspersky Internet Security 2015 (a) Crk Update V4.rar
  495. 2015-05-14 13:53 - 2014-11-15 03:47 - 00010095 _____ () C:\Users\Mohammed\Desktop\Kaspersky Internet Security 2015 (a) Crk Update V4(2).rar
  496. 2015-05-14 13:42 - 2015-03-20 12:11 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
  497. 2015-05-14 09:10 - 2013-07-11 04:20 - 00000000 ____D () C:\Users\Mohammed\Documents\Add-in Express
  498. 2015-05-14 01:13 - 2014-09-23 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
  499. 2015-05-14 01:13 - 2014-03-10 10:48 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
  500. 2015-05-14 01:13 - 2013-10-01 13:03 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\Hewlett-Packard
  501. 2015-05-14 01:13 - 2011-04-15 08:42 - 00000000 ____D () C:\ProgramData\Skype
  502. 2015-05-14 00:58 - 2015-03-20 12:24 - 00000000 ____D () C:\ProgramData\WinZip
  503. 2015-05-14 00:57 - 2011-11-15 13:02 - 00000000 ____D () C:\Program Files\WinZip
  504. 2015-05-14 00:10 - 2010-11-18 10:59 - 00000000 ____D () C:\ProgramData\Norton
  505. 2015-05-13 23:59 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\migwiz
  506. 2015-05-13 20:39 - 2015-01-10 23:49 - 00015827 _____ () C:\Windows\AutoKMS.log
  507. 2015-05-13 15:27 - 2013-10-17 16:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
  508. 2015-05-09 12:47 - 2011-04-17 01:47 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\CrashDumps
  509. 2015-05-05 10:02 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
  510. 2015-05-01 17:05 - 2014-01-06 12:03 - 00000000 ____D () C:\Trademanager
  511. 2015-04-30 17:15 - 2011-08-30 12:09 - 00000000 ____D () C:\Users\Mohammed\AppData\Local\CutePDF Writer
  512. 2015-04-30 10:57 - 2014-01-06 12:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
  513. 2015-04-28 09:45 - 2009-07-14 08:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
  514. 2015-04-20 21:38 - 2015-04-17 12:47 - 01452789 _____ () C:\Users\Mohammed\Downloads\YW003 Mar 2015 Order -updated APR-17.xlsx
  515.  
  516. ==================== Files in the root of some directories =======
  517.  
  518. 2015-04-29 06:46 - 2015-04-29 06:46 - 0023040 _____ () C:\Users\Mohammed\AppData\Roaming\...And Justice for All. (1979) BRRip 720p x264 AAC-Ameet6233.mp4
  519. 2015-04-26 18:21 - 2015-04-26 18:21 - 0023040 _____ () C:\Users\Mohammed\AppData\Roaming\08. Bloody Palms.mp3
  520. 2011-11-24 14:44 - 2014-12-09 20:02 - 0000911 _____ () C:\Users\Mohammed\AppData\Roaming\coreavc.ini
  521. 2015-04-29 06:46 - 2015-04-29 06:46 - 0000199 _____ () C:\Users\Mohammed\AppData\Roaming\g2tqhjhewq211sg
  522. 2012-07-17 00:08 - 2012-07-17 00:08 - 0007605 _____ () C:\Users\Mohammed\AppData\Local\Resmon.ResmonCfg
  523. 2012-09-06 03:21 - 2012-09-06 03:37 - 0000836 _____ () C:\ProgramData\hpzinstall.log
  524.  
  525. Files to move or delete:
  526. ====================
  527. C:\Users\Mohammed\com_securenetasia_p11wrapper3_cbs.bochk.com.dll
  528.  
  529.  
  530. Some content of TEMP:
  531. ====================
  532. C:\Users\Mohammed\AppData\Local\Temp\u2n5dwdt.dll
  533. C:\Users\Mohammed\AppData\Local\Temp\uttC3A9.tmp.exe
  534.  
  535.  
  536. ==================== Bamital & volsnap Check =================
  537.  
  538. (There is no automatic fix for files that do not pass verification.)
  539.  
  540. C:\Windows\System32\winlogon.exe => File is digitally signed
  541. C:\Windows\System32\wininit.exe => File is digitally signed
  542. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  543. C:\Windows\explorer.exe => File is digitally signed
  544. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  545. C:\Windows\System32\svchost.exe => File is digitally signed
  546. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  547. C:\Windows\System32\services.exe => File is digitally signed
  548. C:\Windows\System32\User32.dll => File is digitally signed
  549. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  550. C:\Windows\System32\userinit.exe => File is digitally signed
  551. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  552. C:\Windows\System32\rpcss.dll => File is digitally signed
  553. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
  554.  
  555.  
  556. LastRegBack: 2015-02-04 19:42
  557.  
  558. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!