Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Someone might spying on my Mozilla Firefox [Closed]

Started by surendra23 , Dec 12 2014 05:13 AM
spyware mozilla firefox virus hacking

  • This topic is locked This topic is locked

#1
surendra23
Posted 12 December 2014 - 05:13 AM

surendra23

    New Member

  • Member
  • Pip
  • 5 posts

Hello,

 

I am in doubt, I think someone is spying on my online activity while browsing through Mozilla Firefox. I noticed a "weird sign" always attached to my current tab in Mozilla Firefox. Please have look on this screenshot:-

 

what-is-that_zps6129d36b.png

 

I don't know, what is that but it's looking something dangerous and making me worry a lot. However I scanned my PC through McAfee antivirus and It didn't found anything serious. I also uninstalled my previous Mozilla Firefox and installed new version but this problem is still there.

 

Extra Information

Mozilla Firefox Version: 34.0.5

Extensions:  HTML Validator 0.9.5.8, McAfee SiteAdvisor 3.7.1, RoboForm Toolbar, SEO Status PageRank/ Alexa Toolbar

 

Please help me..

Thank you so much for your kind support.

 

OTL created two text files, OTL.txt and Extras. txt. Both are posted bellow respectively.

 

OTL.txt

 

OTL logfile created on: 12-12-2014 15:46:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\window\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
3.89 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 27.90% Memory free
7.78 Gb Paging File | 4.49 Gb Available in Paging File | 57.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 61.27 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 96.10 Gb Free Space | 98.41% Space Free | Partition Type: NTFS
Drive E: | 270.45 Gb Total Space | 261.57 Gb Free Space | 96.72% Space Free | Partition Type: NTFS
Drive G: | 70.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WINDOW-PC | User Name: window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-12-12 15:44:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\window\Desktop\OTL.exe
PRC - [2014-12-09 15:51:29 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\mozilla firefox\firefox.exe
PRC - [2014-12-06 07:20:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-12-03 12:01:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-11-25 00:08:23 | 002,039,192 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014-11-25 00:08:23 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014-11-13 11:23:04 | 000,741,920 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014-11-03 11:05:36 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2014-10-30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014-10-17 19:35:46 | 000,451,072 | ---- | M] () -- C:\Program Files (x86)\MBlaze\MBlaze.exe
PRC - [2014-09-12 23:44:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014-09-12 23:44:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014-09-12 23:30:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014-08-04 10:21:14 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2014-07-14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014-07-14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014-04-04 11:29:28 | 002,000,896 | ---- | M] (iSkySoft) -- C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
PRC - [2013-12-11 10:57:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013-12-11 10:57:54 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013-10-17 15:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2013-05-21 12:58:30 | 000,656,976 | ---- | M] () -- C:\ProgramData\MBlaze\OnlineUpdate\ouc.exe
PRC - [2011-03-14 20:57:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009-07-14 06:44:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-02-23 18:35:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-12-09 15:51:28 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\mozjs.dll
MOD - [2014-12-06 07:20:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014-12-06 07:20:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014-12-06 07:20:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014-12-06 07:20:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014-11-03 11:05:36 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2014-10-17 19:35:46 | 000,451,072 | ---- | M] () -- C:\Program Files (x86)\MBlaze\MBlaze.exe
MOD - [2014-04-04 11:29:10 | 000,371,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
MOD - [2013-11-08 16:25:39 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\MBlaze\plugins\imageformats\qjpeg4.dll
MOD - [2013-11-08 16:25:38 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\MBlaze\plugins\imageformats\qmng4.dll
MOD - [2013-11-08 16:25:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MBlaze\plugins\imageformats\qico4.dll
MOD - [2013-11-08 16:25:37 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\MBlaze\plugins\imageformats\qgif4.dll
MOD - [2013-11-08 16:25:35 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\MBlaze\plugins\imageformats\qtiff4.dll
MOD - [2013-11-08 16:25:34 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\MBlaze\AddrBookPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,858,624 | ---- | M] () -- C:\Program Files (x86)\MBlaze\SMSUIPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,819,712 | ---- | M] () -- C:\Program Files (x86)\MBlaze\AddrBookUIPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,731,136 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DeviceAppPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,730,112 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DeviceSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,704,000 | ---- | M] () -- C:\Program Files (x86)\MBlaze\SmsAppPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,702,464 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NetInfoSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,672,768 | ---- | M] () -- C:\Program Files (x86)\MBlaze\AddrBookSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,646,144 | ---- | M] () -- C:\Program Files (x86)\MBlaze\AtCodec.dll
MOD - [2013-11-08 16:25:34 | 000,628,224 | ---- | M] () -- C:\Program Files (x86)\MBlaze\Common.dll
MOD - [2013-11-08 16:25:34 | 000,599,552 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DeviceMgrUIPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DialupUIPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,583,168 | ---- | M] () -- C:\Program Files (x86)\MBlaze\PluginContainer.dll
MOD - [2013-11-08 16:25:34 | 000,569,344 | ---- | M] () -- C:\Program Files (x86)\MBlaze\CallLogSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,536,064 | ---- | M] () -- C:\Program Files (x86)\MBlaze\core.dll
MOD - [2013-11-08 16:25:34 | 000,494,080 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NetInfoUIExPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,407,552 | ---- | M] () -- C:\Program Files (x86)\MBlaze\Proxy.dll
MOD - [2013-11-08 16:25:34 | 000,391,168 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NetConnectPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,377,856 | ---- | M] () -- C:\Program Files (x86)\MBlaze\MenuMgrPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\MBlaze\StatusBarMgrPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DiagnosisPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,288,768 | ---- | M] () -- C:\Program Files (x86)\MBlaze\sdk.dll
MOD - [2013-11-08 16:25:34 | 000,254,976 | ---- | M] () -- C:\Program Files (x86)\MBlaze\XFramePlugin.dll
MOD - [2013-11-08 16:25:34 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NetSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,236,032 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DialUpPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,220,160 | ---- | M] () -- C:\Program Files (x86)\MBlaze\ToolBarMgrPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,220,160 | ---- | M] () -- C:\Program Files (x86)\MBlaze\SmsSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NDISPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\MBlaze\XCodec.dll
MOD - [2013-11-08 16:25:34 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\MBlaze\CallAppPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\MBlaze\CallSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,168,960 | ---- | M] () -- C:\Program Files (x86)\MBlaze\ATR2SMgr.dll
MOD - [2013-11-08 16:25:34 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\MBlaze\OSDialup.dll
MOD - [2013-11-08 16:25:34 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NetConnectSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\MBlaze\Trace.dll
MOD - [2013-11-08 16:25:34 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\MBlaze\STKSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,155,136 | ---- | M] () -- C:\Program Files (x86)\MBlaze\DataServicePlugin.dll
MOD - [2013-11-08 16:25:34 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\MBlaze\USSDSrvPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\MBlaze\OSNDIS.dll
MOD - [2013-11-08 16:25:34 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\MBlaze\ConnectMgrUIPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\MBlaze\LayoutPlugin.dll
MOD - [2013-11-08 16:25:34 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\MBlaze\OSAdapt.dll
MOD - [2013-11-08 16:25:34 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NotifyServicePlugin.dll
MOD - [2013-11-08 16:25:34 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\MBlaze\OSPowerMgr.dll
MOD - [2013-11-08 16:25:34 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MBlaze\OSCall.dll
MOD - [2013-07-24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
MOD - [2013-05-21 14:14:08 | 001,114,112 | ---- | M] () -- C:\Program Files (x86)\MBlaze\NDISAPI.dll
MOD - [2013-05-21 14:14:08 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\MBlaze\Win7Support.dll
MOD - [2013-05-21 14:14:07 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\MBlaze\tdpcvoice.dll
MOD - [2013-05-21 12:50:30 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\MBlaze\LiveUpdateInterface.dll
MOD - [2012-10-31 15:03:34 | 009,562,624 | ---- | M] () -- C:\Program Files (x86)\MBlaze\QtGui4.dll
MOD - [2012-10-31 14:44:12 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\MBlaze\QtNetwork4.dll
MOD - [2012-10-31 14:41:48 | 000,398,336 | ---- | M] () -- C:\Program Files (x86)\MBlaze\QtXml4.dll
MOD - [2012-10-31 14:41:24 | 002,417,152 | ---- | M] () -- C:\Program Files (x86)\MBlaze\QtCore4.dll
MOD - [2009-06-23 08:12:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\MBlaze\libgcc_s_dw2-1.dll
MOD - [2009-01-11 00:02:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\MBlaze\mingwm10.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-09-04 04:09:02 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014-08-20 08:16:12 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014-06-20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014-06-20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014-04-25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013-08-27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013-08-27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013-07-18 04:17:38 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 07:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-12-10 17:42:38 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-12-09 15:51:29 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-12-03 12:01:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-11-25 00:08:23 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014-09-12 23:44:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014-08-04 10:21:14 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2014-07-14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014-07-14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-12-11 10:57:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013-12-11 10:57:54 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013-11-16 00:38:00 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-10-17 15:27:02 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2013-07-02 23:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013-06-21 03:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2013-05-21 12:58:30 | 000,656,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\MBlaze\UpdateDog\ouc.exe -- (MBlaze. RunOuc)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011-03-14 20:57:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2009-06-11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-08-20 08:06:14 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014-08-20 08:05:28 | 000,445,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014-06-20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014-06-20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014-06-20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014-06-20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014-06-20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014-06-20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014-01-10 14:02:50 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013-12-10 23:27:54 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013-11-08 16:25:05 | 000,455,680 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2013-11-08 16:25:05 | 000,109,568 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2013-11-08 16:25:05 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2013-11-08 16:25:04 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013-11-08 16:25:03 | 000,226,048 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013-10-29 17:36:26 | 004,195,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-10-17 15:27:02 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2013-09-18 15:09:40 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013-07-18 05:12:44 | 011,614,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013-07-18 03:50:36 | 000,578,048 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013-07-02 22:34:54 | 000,589,000 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-07-02 22:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013-07-02 22:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013-07-02 22:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013-07-02 22:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013-07-02 22:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013-07-02 22:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013-07-02 22:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013-06-24 22:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2013-06-19 02:52:36 | 000,872,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013-03-05 11:34:58 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-03-05 11:34:56 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-12-22 02:12:28 | 000,326,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-09-14 15:42:38 | 000,036,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2010-03-08 20:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009-07-14 07:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 07:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 07:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 05:39:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009-06-11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 06:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-in
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 A2 AF 00 33 9F CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {76037129-B57E-41C2-8FAE-E52992FA54C3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4903537D-FCDC-48E7-B49B-E086D0E29645}: "URL" = http://astromenda.co...r=704688432&ir=
IE - HKCU\..\SearchScopes\{5C8FD4AD-7FCD-4B95-AA9F-51A54CB47F99}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{76037129-B57E-41C2-8FAE-E52992FA54C3}: "URL" = https://in.search.ya...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://in.search.yah...h?fr=mkg030&p="
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.co.in"
FF - prefs.js..extensions.enabledAddons: seostatus%40rubyweb:1.5.9
FF - prefs.js..extensions.enabledAddons: %7B3b56bcc7-54e5-44a2-9b44-66c3ef58c13e%7D:0.9.5.8
FF - prefs.js..extensions.enabledAddons: %7B5546F97E-11A5-46b0-9082-32AD74AAA920%7D:0.76
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "https://in.search.ya...26D20140801&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-07-07 16:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\iSkysoft\Video Converter Ultimate\[email protected]\ [2014-07-10 11:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-20 11:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\mozilla firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\mozilla firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-07-07 16:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\mozilla firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\mozilla firefox\plugins
 
[2014-07-07 10:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\window\AppData\Roaming\Mozilla\Extensions
[2014-12-04 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions
[2014-07-07 16:23:21 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2014-07-07 16:23:14 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2014-11-05 19:47:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014-07-07 10:56:05 | 000,000,000 | ---D | M] (prIcechOpp) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-07-07 10:56:05 | 000,000,000 | ---D | M] (pariicaecHop) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-07-07 17:34:42 | 000,207,020 | ---- | M] () (No name found) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-11-25 11:51:33 | 000,566,021 | ---- | M] () (No name found) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-11-05 11:18:55 | 000,002,533 | ---- | M] () -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\ask-search.xml
[2014-08-27 18:38:49 | 000,002,831 | ---- | M] () -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\Astromenda.xml
[2014-12-09 15:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014-12-09 15:51:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014-11-20 11:39:16 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgckmkcfahjkplmcjmgahnmlibkcnffe\3.9\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmpimgdaelepllnhijkadfmehdpmijp\3.9\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfipdgenfgpoakdfnndhkgjnnopnlohn\0.2_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomnoaehhnmbolpapbjeopogjfefdpnl\5.1.0_0\
CHR - Extension: No name found = C:\Users\window\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014-11-12 12:52:03 | 000,000,891 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ppricechop) - {56FE701F-B777-00AC-405C-9B60DBCB066B} - C:\Program Files (x86)\ppricechop\6hljrX.x64.dll File not found
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {2320DB42-0B34-473D-412C-4E7A7C6C600C} - No CLSID value found.
O2 - BHO: (no name) - {56FE701F-B777-00AC-405C-9B60DBCB066B} - No CLSID value found.
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (iSkysoft Video Converter Ultimate 5.1.0) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\window\AppData\Local\Apps\2.0\59EL0GWR.H20\YOPXMTLB.GWO\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E92CA12A-0162-42A2-99F5-59DB05E1232F}: NameServer = 10.228.1.114 10.228.1.116
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-11-08 08:26:01 | 000,148,320 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2013-11-08 08:26:01 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\Shell - "" = AutoRun
O33 - MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\Shell - "" = AutoRun
O33 - MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\Shell - "" = AutoRun
O33 - MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\Shell - "" = AutoRun
O33 - MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\Shell - "" = AutoRun
O33 - MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\Shell - "" = AutoRun
O33 - MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\Shell - "" = AutoRun
O33 - MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-12-12 15:44:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\window\Desktop\OTL.exe
[2014-12-12 12:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014-12-12 11:27:34 | 000,000,000 | R--D | C] -- C:\Users\window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014-12-09 15:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mozilla firefox
[2014-11-26 17:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014-11-19 15:48:17 | 000,000,000 | ---D | C] -- C:\Users\window\AppData\Roaming\(2C-8A-72-F4-1E-2A)
[2014-11-16 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\window\Desktop\LOGO
[2014-11-13 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader
[2014-11-13 20:49:19 | 000,000,000 | ---D | C] -- C:\Users\window\AppData\Local\UmmyVideoDownloader
 
========== Files - Modified Within 30 Days ==========
 
[2014-12-12 15:44:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\window\Desktop\OTL.exe
[2014-12-12 15:42:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-12-12 15:28:43 | 000,072,606 | ---- | M] () -- C:\Users\window\Desktop\what-is-that.png
[2014-12-12 14:57:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-12-12 11:33:25 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-12-12 11:33:25 | 000,665,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-12-12 11:33:25 | 000,125,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-12-12 11:32:19 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-12-12 11:32:19 | 000,012,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-12-12 11:27:27 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014-12-12 11:27:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-12-12 11:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-12-12 11:26:54 | 3133,427,712 | -HS- | M] () -- C:\hiberfil.sys
[2014-12-08 18:08:04 | 000,040,795 | ---- | M] () -- C:\Users\window\Desktop\iOS 8 vs Google Android Lollipop.jpg
[2014-12-07 11:26:11 | 000,092,002 | ---- | M] () -- C:\Users\window\Desktop\Photo0016.jpg
[2014-12-07 11:25:26 | 000,118,585 | ---- | M] () -- C:\Users\window\Desktop\Photo0015.jpg
[2014-12-05 18:47:54 | 000,016,626 | ---- | M] () -- C:\Users\window\Desktop\ndim-logo.jpg
[2014-11-26 17:08:02 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-11-20 17:52:43 | 000,009,311 | ---- | M] () -- C:\Users\window\Desktop\images (1).jpg
 
========== Files Created - No Company Name ==========
 
[2014-12-12 15:28:43 | 000,072,606 | ---- | C] () -- C:\Users\window\Desktop\what-is-that.png
[2014-12-08 18:08:04 | 000,040,795 | ---- | C] () -- C:\Users\window\Desktop\iOS 8 vs Google Android Lollipop.jpg
[2014-12-07 20:09:43 | 000,118,585 | ---- | C] () -- C:\Users\window\Desktop\Photo0015.jpg
[2014-12-07 20:09:43 | 000,092,002 | ---- | C] () -- C:\Users\window\Desktop\Photo0016.jpg
[2014-12-05 18:47:54 | 000,016,626 | ---- | C] () -- C:\Users\window\Desktop\ndim-logo.jpg
[2014-11-26 17:08:02 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-11-26 17:08:01 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-11-20 17:52:43 | 000,009,311 | ---- | C] () -- C:\Users\window\Desktop\images (1).jpg
[2014-07-10 11:53:28 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014-07-10 11:53:28 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014-07-07 14:58:39 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2014-07-07 14:45:14 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014-07-07 14:45:14 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014-07-07 14:45:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2014-07-06 23:16:28 | 000,000,542 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-07-06 23:03:58 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-11-25 11:35:34 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013-11-25 11:35:34 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-11-25 11:35:33 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013-08-27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 07:11:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 06:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-11-19 15:48:17 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\(2C-8A-72-F4-1E-2A)
[2014-10-11 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\deskPDF
[2014-10-22 20:22:44 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\deskPDF Editor
[2014-10-17 19:28:35 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\DMCache
[2014-10-29 15:40:22 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\HTC
[2014-10-29 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\PCDr
[2014-09-17 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\TeamViewer
[2014-07-10 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\window\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 
Extras.txt
 

OTL Extras logfile created on: 12-12-2014 15:46:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\window\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
3.89 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 27.90% Memory free
7.78 Gb Paging File | 4.49 Gb Available in Paging File | 57.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 61.27 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 96.10 Gb Free Space | 98.41% Space Free | Partition Type: NTFS
Drive E: | 270.45 Gb Total Space | 261.57 Gb Free Space | 96.72% Space Free | Partition Type: NTFS
Drive G: | 70.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WINDOW-PC | User Name: window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042210FB-FAE1-467C-B99F-FACFFDED3FB7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{20964EC3-B7C1-43B0-84A3-D0F379A723E1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{47F827A9-FAF7-43F1-A8BF-E4638DCEBC77}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{600F819B-BFBA-4632-8D36-29BF99BC4C3A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65029AA9-9D57-452F-8795-638D4304BE8C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{93A1A438-CEE9-4540-B2FE-4B0B2BDA1BC4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5F267C2-8780-4583-B609-41D1663C48F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{CF5E5605-9EAB-47B7-878F-7DDB27407619}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB404634-CB49-4EFC-B02E-3D41A5C5764D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6811305-0587-491B-88BD-7C135A280EE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C04E337-4C1A-48FC-9706-838892D88177}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{282024C1-B67C-4A8C-BE0A-8218E36336A7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{28965113-0DE5-4BFB-B04D-A3C5A053F2CF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{2B17325D-5852-4068-912D-5DEE69E03EB6}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{3CE87381-71E7-436D-84D5-F21703D9563E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{50B11C03-1D94-4D46-92C2-4484DE8CF324}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{54CDA9B0-465D-45B0-9DFB-39D6AD4E1C93}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{62473A1A-218E-4244-A6E9-7C8C1A83DD94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{643809DD-299B-4413-A33D-A62585B4CF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{80FA85EA-A3FD-496E-AA2E-82C0500E0EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{860289C6-EE7D-4AAA-9171-2F0DD6C71A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{91C5CE5E-06F4-4629-94DA-6FEAEDE8E319}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9795E81B-C661-47B0-97A4-1632D6AE6A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{A71B0B96-91ED-4D3D-8CEF-360AE1E923E9}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{AB3B3416-5CBA-4E33-A8D1-22F866E149B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B9E5B42C-F469-4BE6-9059-CEF0DDCC2AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{C72FB78B-239A-46C3-B8A8-E2BB7EBA9FD9}" = protocol=58 | dir=in | [email protected],-148 | 
"{C73B0745-61FA-4D5A-B6DB-BA3D168F589B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{CD818A35-88B1-4F8F-A913-EE3F57874213}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D9DB2A68-66B2-481B-B580-6B2FD31F5467}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{4855987A-C2CD-4DA7-9746-B3CA12352FC1}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
"UDP Query User{C4A83AFD-0EA8-4BB8-A8AE-3D26BB151EA4}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89AA9A4A-06E7-DE10-4624-39D805136211}" = AMD Accelerated Video Transcoding
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5277A-5B7E-AD24-3FDB-E67BB5C2C5C5}" = AMD Catalyst Install Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EAC5D0-A304-BEAD-85DF-B9F231233E87}" = ccc-utility64
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"DFFC4013304EDB1027D2BAEBE06DF2A4BD2608D3" = Windows Driver Package - Dell Inc (DellRbtn) HIDClass  (07/31/2012 1.4)
"PC-Doctor for Windows" = My Dell
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VLC media player 2.1.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{112039C1-5FD5-CC25-4EFA-8AA13462F7A7}" = CCC Help Korean
"{1E496A68-4943-424E-829D-5C3C85B7B8F2}" = Realtek USB Card Reader
"{231D0C79-98A6-4693-A366-36DE7D7346EC}" = HTC Sync Manager
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{24F46D10-DA43-CFD7-B141-474A954DCA4B}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3CBBA524-C981-0A25-E4FF-84A5CA4A7438}" = CCC Help Dutch
"{3CC8334B-BC92-E7C8-E9F9-95A42073C384}" = CCC Help Danish
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4F524A2D-5350-4500-76A7-A758B70C1500}" = Search App by Ask
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{567AB107-4A81-F89A-11B0-BC2B26B21557}" = CCC Help Finnish
"{5C156DF1-A4AA-8DE6-4254-10AD7ECAF190}" = Catalyst Control Center Localization All
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{667EB94F-B0C8-D39D-B803-097630BA2B88}" = CCC Help Russian
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}" = OEM Application Profile
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855C5C0A-69E8-A1E3-5A85-8C524DE97577}" = CCC Help French
"{8E910C4A-9BC9-44A2-9EEA-6C5743C854FD}" = CCC Help Swedish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90BEBF71-5641-898C-8C2B-201965E935F2}" = PX Profile Update
"{9406F075-94E3-3ADE-9247-9125F67F7193}" = CCC Help German
"{9AEF25CF-6F43-41FB-9DDD-9BFA15EE81FD}" = StarToken-NG
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{B004EFCE-C56E-0C2A-638F-97518E6CAD51}" = CCC Help Portuguese
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2F75643-ACC3-DF4C-DCB8-D742C1B9C317}" = CCC Help Japanese
"{BCD956D1-8E37-6535-B2D6-A32FBA441F24}" = CCC Help English
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C812F4CE-881C-57E8-3718-5FFDF40F33C6}" = CCC Help Chinese Traditional
"{CF90D406-0EC5-FF92-45FA-E44248105C51}" = CCC Help Chinese Standard
"{D2BA8D2F-4DB8-35E3-5E8C-817A56B01705}" = CCC Help Italian
"{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1" = UmmyVideoDownloader 1.2.0.6
"{E141DC1C-ADC4-D917-50BB-628DA0A74FC5}" = CCC Help Norwegian
"{E6868D93-C782-2F1F-F4CB-607209308BBC}" = Catalyst Control Center Profiles Mobile
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}" = Google+ Auto Backup
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8F0A13C-8989-7702-937F-29F63E548160}" = Catalyst Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AI RoboForm" = RoboForm 7-9-8-5 (All Users)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashFXP 4" = FlashFXP 4
"Google Chrome" = Google Chrome
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 5.1.3.0)
"MBlaze" = MBlaze
"Mozilla Firefox 34.0.5 (x86 en-US)" = Mozilla Firefox 34.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee AntiVirus
"MTS Entertainment_is1" = MTS Entertainment version 1.0
"MTS Games_is1" = MTS Games version 1.0
"MTS PC SAFE" = MTS PC SAFE 1.0
"Picasa 3" = Picasa 3
"Tata Photon+" = Tata Photon+
"TeamViewer 9" = TeamViewer 9
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"73f463568823ebbe" = Dell System Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14-11-2014 04:08:57 | Computer Name = window-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 17-11-2014 07:38:39 | Computer Name = window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 34.0.0.5430,
 time stamp: 0x546590d4  Faulting module name: mozalloc.dll, version: 34.0.0.5430,
 time stamp: 0x546589d4  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting
 process id: 0x1944  Faulting application start time: 0x01d002552966246e  Faulting application
 path: C:\program files (x86)\mozilla firefox\plugin-container.exe  Faulting module
 path: C:\program files (x86)\mozilla firefox\mozalloc.dll  Report Id: 45e6981c-6e4e-11e4-9645-806fc1bcca89
 
Error - 25-11-2014 10:13:26 | Computer Name = window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: StarToken-NG.exe, version: 0.0.0.0, time
 stamp: 0x53731483  Faulting module name: StarToken-NG.exe, version: 0.0.0.0, time
 stamp: 0x53731483  Exception code: 0xc0000005  Fault offset: 0x004ae6b7  Faulting process
 id: 0xd94  Faulting application start time: 0x01d008b909ddeaf6  Faulting application
 path: C:\StarToken-NG\StarToken-NG.exe  Faulting module path: C:\StarToken-NG\StarToken-NG.exe
Report
 Id: 38c37944-74ad-11e4-9424-fa4a7fb5ab8f
 
Error - 27-11-2014 01:37:48 | Computer Name = window-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 28-11-2014 06:48:57 | Computer Name = window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 3.8.703.0, time 
stamp: 0x51f7deae  Faulting module name: saupkeep.dll_unloaded, version: 0.0.0.0, 
time stamp: 0x5464da7e  Exception code: 0xc0000005  Fault offset: 0x000007fef6032286
Faulting
 process id: 0xa24  Faulting application start time: 0x01d00ae6273c11db  Faulting application
 path: C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe  Faulting
 module path: saupkeep.dll  Report Id: 270d95a0-76ec-11e4-939c-cc264492ba8e
 
Error - 30-11-2014 14:46:26 | Computer Name = window-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 04-12-2014 06:06:18 | Computer Name = window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 3.8.703.0, time 
stamp: 0x51f7deae  Faulting module name: ntdll.dll, version: 6.1.7600.16385, time 
stamp: 0x4a5be02b  Exception code: 0xc0000374  Fault offset: 0x00000000000c6cd2  Faulting
 process id: 0x984  Faulting application start time: 0x01d00fa61e923c4e  Faulting application
 path: C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe  Faulting
 module path: C:\Windows\SYSTEM32\ntdll.dll  Report Id: 30341cc6-7b9d-11e4-b2ac-f371661154a9
 
Error - 07-12-2014 08:58:15 | Computer Name = window-PC | Source = SkypeUpdate | ID = 200
Description = File C:\Windows\TEMP\SKYCB5F.tmp has invalid signature.
 
Error - 08-12-2014 07:28:35 | Computer Name = window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: StarToken-NG.exe, version: 0.0.0.0, time
 stamp: 0x53731483  Faulting module name: StarToken-NG.exe, version: 0.0.0.0, time
 stamp: 0x53731483  Exception code: 0xc0000005  Fault offset: 0x004ae6b7  Faulting process
 id: 0x364  Faulting application start time: 0x01d012d9b21b38bc  Faulting application
 path: C:\StarToken-NG\StarToken-NG.exe  Faulting module path: C:\StarToken-NG\StarToken-NG.exe
Report
 Id: 58b197d8-7ecd-11e4-9307-f9699956678d
 
Error - 12-12-2014 02:01:34 | Computer Name = window-PC | Source = MsiInstaller | ID = 1024
Description = 
 
 
< End of report >
 

 


  • 0

Advertisements

#2
ruggie_uk
Posted 12 December 2014 - 10:04 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Greetings surendra23 and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.
  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.
stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

I am currently reviewing your logs and will be responding once I have analysed them all.
  • 0

#3
surendra23
Posted 12 December 2014 - 11:49 AM

surendra23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hello Ruggie,

 

I saved all the details you have mentioned above and have a close eye on all the instructions provided by you.

please analyse my computer details and Mozilla Firefox problem and let me know if there is any serious issue exist.

 

Thanks a lot for your support.


  • 0

#4
ruggie_uk
Posted 12 December 2014 - 03:50 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, ok lets get started :)

Step 1

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.

  • IPTInstaller
  • Search App by Ask

Step 2

OTL fix

Ensure OTL is located on your desktop. If it is not, then please download from http://oldtimer.geekstogo.com/OTL.exe and save it to your desktop.

If you are using Windows Vista/7/8 then right click it and select Run As Administrator. If you are using XP then please double click on OTL.exe to start it.

Copy the text in the following box (do not include the word Quote). To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.




:OTL
PRC - [2014-11-25 00:08:23 | 002,039,192 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014-11-25 00:08:23 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
IE - HKCU\..\SearchScopes\{4903537D-FCDC-48E7-B49B-E086D0E29645}: "URL" = http://astromenda.co...r=704688432&ir=
SRV - [2014-11-25 00:08:23 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
IE - HKCU\..\SearchScopes\{4903537D-FCDC-48E7-B49B-E086D0E29645}: "URL" = http://astromenda.co...r=704688432&ir=
[2014-07-07 10:56:05 | 000,000,000 | ---D | M] (prIcechOpp) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-07-07 10:56:05 | 000,000,000 | ---D | M] (pariicaecHop) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-11-25 11:51:33 | 000,566,021 | ---- | M] () (No name found) -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]
[2014-11-05 11:18:55 | 000,002,533 | ---- | M] () -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\ask-search.xml
[2014-08-27 18:38:49 | 000,002,831 | ---- | M] () -- C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\Astromenda.xml
O2:64bit: - BHO: (ppricechop) - {56FE701F-B777-00AC-405C-9B60DBCB066B} - C:\Program Files (x86)\ppricechop\6hljrX.x64.dll File not found
O2 - BHO: (no name) - {2320DB42-0B34-473D-412C-4E7A7C6C600C} - No CLSID value found.
O2 - BHO: (no name) - {56FE701F-B777-00AC-405C-9B60DBCB066B} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O32 - AutoRun File - [2013-11-08 08:26:01 | 000,148,320 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2013-11-08 08:26:01 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\Shell - "" = AutoRun
O33 - MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\Shell - "" = AutoRun
O33 - MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\Shell - "" = AutoRun
O33 - MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\Shell - "" = AutoRun
O33 - MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\Shell - "" = AutoRun
O33 - MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\Shell - "" = AutoRun
O33 - MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\Shell - "" = AutoRun
O33 - MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\Shell - "" = AutoRun
O33 - MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\Shell - "" = AutoRun
O33 - MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\Shell - "" = AutoRun
O33 - MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2013-11-08 08:26:01 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe


:Files
C:\Program Files (x86)\AskPartnerNetwork

:commands
[emptytemp]

Next, right click in the box named Custom Scans/Fixes and select paste.

otl-run-fix.jpg

This will insert the code into OTL.

Now click Run Fix

OTL will generate a report when it has finished. Please paste the contents of this report in your next post.

Step 3

jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    shortcut.txt
    Addition.txt
    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • How did the Uninstalls go?
  • OTL Log
  • JRT log
  • FRST Log and addition

  • 0

#5
surendra23
Posted 13 December 2014 - 12:08 PM

surendra23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hello Rugie,

 

May I know what is the issue in my PC or Mozilla Firefox before following these above mentioned steps?

Please dont mind, I'm curious about to know what is happening here in my machine.

 

 

Thanks a lot


  • 0

#6
ruggie_uk
Posted 13 December 2014 - 12:32 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

At the moment I can see a few adware products installed that we are targetting initially.

The FRST scan that is also requested, looks in some different areas than OTL so we are following up with that to enable us to examine those and to clean areas that OTL can't.


  • 0

#7
surendra23
Posted 13 December 2014 - 01:03 PM

surendra23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hello

 

Thsnks, I successfully uninstalled the following:

  • IPTInstaller
  • Search App by Ask

after that I ran OTL and it ouccured a pop-up in last that says "The system require a reboot to finish removing files. Click Ok to reboot now".

should I click on "OK" button?


  • 0

#8
ruggie_uk
Posted 13 December 2014 - 01:04 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Yes please


  • 0

#9
surendra23
Posted 13 December 2014 - 01:26 PM

surendra23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Please have a look on this report generated by OTL

 

All processes killed
========== OTL ==========
No active process named TBNotifier.exe was found!
No active process named apnmcp.exe was found!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4903537D-FCDC-48E7-B49B-E086D0E29645}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4903537D-FCDC-48E7-B49B-E086D0E29645}\ not found.
Error: No service named APNMCP was found to stop!
Service\Driver key APNMCP not found.
File C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4903537D-FCDC-48E7-B49B-E086D0E29645}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4903537D-FCDC-48E7-B49B-E086D0E29645}\ not found.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]\content folder moved successfully.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected] folder moved successfully.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected]\content folder moved successfully.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected] folder moved successfully.
File C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\extensions\[email protected] not found.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\ask-search.xml moved successfully.
C:\Users\window\AppData\Roaming\Mozilla\Firefox\Profiles\x726cs0k.default\searchplugins\Astromenda.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56FE701F-B777-00AC-405C-9B60DBCB066B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FE701F-B777-00AC-405C-9B60DBCB066B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2320DB42-0B34-473D-412C-4E7A7C6C600C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2320DB42-0B34-473D-412C-4E7A7C6C600C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56FE701F-B777-00AC-405C-9B60DBCB066B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FE701F-B777-00AC-405C-9B60DBCB066B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon not found.
File C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe not found.
File G:\AutoRun.exe not found.
File G:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291643c4-05a1-11e4-bfbf-d45a3b744ef4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d58cc8-1ef6-11e4-9388-485ab6b00614}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f13ed-5605-11e4-8c6d-b7e6b9935059}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f13f9-5605-11e4-8c6d-b7e6b9935059}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f140a-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{568f140a-5605-11e4-8c6d-b7e6b9935059}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{568f140a-5605-11e4-8c6d-b7e6b9935059}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c58742c-05a5-11e4-a66b-fa60b52143b4}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7008a96b-5819-11e4-864b-916732ed5eac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7008a96b-5819-11e4-864b-916732ed5eac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7008a96b-5819-11e4-864b-916732ed5eac}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c2deb-56d4-11e4-92b7-cf64787965bf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c2deb-56d4-11e4-92b7-cf64787965bf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c2deb-56d4-11e4-92b7-cf64787965bf}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad36fe7-0668-11e4-8174-485ab6b00614}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad36fe7-0668-11e4-8174-485ab6b00614}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad36fe7-0668-11e4-8174-485ab6b00614}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5b9fee9-1f16-11e4-bc0d-485ab6b00613}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cedc3874-0532-11e4-9e7f-feb7cfc1cdf4}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da116361-1fd1-11e4-9bb9-485ab6b00614}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da116361-1fd1-11e4-9bb9-485ab6b00614}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da116361-1fd1-11e4-9bb9-485ab6b00614}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e962e171-0533-11e4-831b-d3d9ec3f14f7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2b04948-1efd-11e4-88e6-485ab6b00613}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2b04948-1efd-11e4-88e6-485ab6b00613}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2b04948-1efd-11e4-88e6-485ab6b00613}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\Program Files (x86)\AskPartnerNetwork not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
 
User: Public
 
User: window
->Temp folder emptied: 629707516 bytes
->Temporary Internet Files folder emptied: 78766057 bytes
->Java cache emptied: 30068 bytes
->FireFox cache emptied: 35989855 bytes
->Google Chrome cache emptied: 414097892 bytes
->Flash cache emptied: 540 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1508125626 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52141 bytes
RecycleBin emptied: 630191855 bytes
 
Total Files Cleaned = 3,144.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12142014_002350

Files\Folders moved on Reboot...
File\Folder H:\AutoRun.exe not found!
C:\Users\window\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\window\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{68D01049-57B4-40BE-AF67-D974C5750EC8}.tmp moved successfully.
C:\Users\window\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A182856A-04A2-4164-AF2F-ED4C52449D4B}.tmp moved successfully.
C:\Users\window\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F8F44DF8-E76D-4677-9A19-6C5D49B5DE05}.tmp moved successfully.
C:\Users\window\AppData\Local\Mozilla\Firefox\Profiles\x726cs0k.default\startupCache\startupCache.4.little moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

I'll follow Remainig steps tommorrow by 5 PM (India)


  • 0

#10
ruggie_uk
Posted 16 December 2014 - 05:35 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, are you still with me here?


  • 0

#11
Essexboy
Posted 19 December 2014 - 06:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: spyware, mozilla firefox, virus, hacking

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP