Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

None of the antivirus I have will run [Closed] [Solved]

antivirus

  • This topic is locked This topic is locked

#16
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

I'd like to keep microsoft security essentials as my antivirus.
my pc is running quite better now. i can see that it has improved as it used to hang alot.


  • 0

Advertisements


#17
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

The one scan I was told to do in the first place?


  • 0

#18
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

The one I was told to do in the first step?


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your current FRST is old so download and run a fresh copy :)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#20
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Hira (administrator) on SHAHEEN (15-11-2015 11:01:24)
Running from C:\Users\Hira\Desktop
Loaded Profiles: Hira (Available Profiles: Hira)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Hira\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe
(Microsoft Corporation) C:\4c0ea8cda801274c8c689fc3e3\Setup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-08-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [GoogleChromeAutoLaunch_573D951FA2441EB4B12B8D7E7B18CF80] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [Viber] => "C:\Users\Hira\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [Dropbox Update] => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\snPFEDNNTEgsMAB').CuXaTa)));
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\CurrentVersion\Windows: [Load] C:\ProgramData\msoeius.exe <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-29] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-11-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk [2015-06-09]
ShortcutTarget: x.lnk -> C:\Users\Hira\AppData\Roaming\obhqajsqay.exe (Kareo)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{935F54B5-C66B-4435-84AE-D8395077531B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaio-online.sony.com/
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fistart.webssearches.com%2F%3Ftype%3Dhp%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX&OSP=http%3A%2F%2Fistart.webssearches.com%2Fweb%2F%3Ftype%3Dds%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {14CFBBBB-B7F9-4772-914A-7E01770EBB15} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {F9CA08BA-76E6-413E-BB00-3BE479931E6A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-29] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-02-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-29] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://67.228.0.220:801/vjocx-en-black.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-07-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-29] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX","hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Autumn) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\alibnodcalenogbpgdihbfccibcagloo [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (Avast Online Security) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-08]
CHR Extension: (Cyx) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2015-06-25]
CHR Extension: (Pixlr Touch Up) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-09]
CHR Extension: (Skype Click to Call) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-15]
CHR Extension: (Pocket) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-25]
CHR Extension: (Save to Pocket) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-08]
CHR Extension: (Picasa) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-10-19]
CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hira\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-10]
CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-27] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-27] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-05] (Intel Corporation) [File not signed]
S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [139264 2009-08-05] (Intel® Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-08-01] (REDC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-09-07] (Oracle Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-06-07] (ZTEMT Incorporated)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 11:01 - 2015-11-15 11:09 - 00030455 _____ C:\Users\Hira\Desktop\FRST.txt
2015-11-15 10:59 - 2015-11-15 11:00 - 02198528 _____ (Farbar) C:\Users\Hira\Desktop\FRST64.exe
2015-11-15 10:53 - 2015-11-15 10:57 - 00000000 ____D C:\4c0ea8cda801274c8c689fc3e3
2015-11-15 10:40 - 2015-11-15 10:43 - 00000000 ____D C:\9aa90462ef807dd0c6b3c2
2015-11-14 20:58 - 2015-11-14 20:58 - 00002128 _____ C:\Users\Hira\Documents\dndyf.txt
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 01415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 01415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 01415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 01415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 01415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 01415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 01415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-13 00:21 - 2015-11-11 08:50 - 00302760 _____ C:\Users\Hira\Desktop\GPE THIRD yr LECture.pptm
2015-11-09 23:23 - 2015-11-09 23:23 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-09 23:08 - 2015-11-09 23:08 - 01415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 01415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 01415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 01415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 01415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 01415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 01415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 01415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-11-06 13:59 - 2015-11-06 14:01 - 00028824 _____ C:\Users\Hira\Desktop\GWXWebWindows.exe
2015-10-20 20:54 - 2015-11-14 19:58 - 00000000 ____D C:\Users\Hira\Desktop\pharma
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 11:09 - 2010-01-17 06:17 - 01770752 _____ C:\Windows\WindowsUpdate.log
2015-11-15 11:08 - 2009-11-21 17:19 - 00840808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-15 11:08 - 2009-07-14 10:13 - 00840808 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 11:01 - 2015-06-29 02:41 - 00000000 ____D C:\FRST
2015-11-15 10:56 - 2014-04-27 15:39 - 00000000 ___RD C:\Users\Hira\Dropbox
2015-11-15 10:56 - 2009-07-14 09:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:56 - 2009-07-14 09:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 10:55 - 2014-04-14 19:50 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Dropbox
2015-11-15 10:51 - 2014-02-10 19:49 - 00000000 ___RD C:\Users\Hira\Google Drive
2015-11-15 10:50 - 2011-07-19 17:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 10:50 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 10:49 - 2012-11-02 13:05 - 00148734 _____ C:\Windows\setupact.log
2015-11-15 10:42 - 2010-01-17 20:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003UA.job
2015-11-14 22:15 - 2015-06-25 15:00 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA.job
2015-11-14 21:21 - 2013-07-30 23:05 - 00000000 ____D C:\Users\Hira\AppData\Local\CRE
2015-11-14 21:21 - 2010-06-27 19:54 - 00000000 ____D C:\Windows\SysWOW64\nagasoft
2015-11-14 20:50 - 2013-02-07 22:20 - 00000000 ____D C:\hira shaheen
2015-11-14 20:38 - 2011-07-19 17:06 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-14 20:38 - 2011-07-19 17:06 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-14 20:38 - 2011-07-19 17:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 20:01 - 2013-02-21 13:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ACCECB94-2A9C-4B25-AAC0-B51AAADF63D3}
2015-11-14 19:45 - 2013-02-07 18:38 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Skype
2015-11-09 23:21 - 2015-06-25 15:00 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core.job
2015-11-09 23:10 - 2015-06-25 15:00 - 00003882 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA
2015-11-09 23:10 - 2015-06-25 15:00 - 00003486 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core
2015-11-09 22:42 - 2010-01-17 20:04 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003Core.job
2015-11-06 14:26 - 2011-03-07 23:56 - 00002127 _____ C:\Windows\epplauncher.mif
 
==================== Files in the root of some directories =======
 
2015-11-14 19:47 - 2015-11-14 19:47 - 1415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 1415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 1415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 1415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 1415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 1415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 1415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 1415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 1415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 1415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 1415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 1415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 1415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 1415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 1415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 1415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 1415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 1415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 1415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 1415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-09 23:08 - 2015-11-09 23:08 - 1415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 1415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 1415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 1415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 1415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 1415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 1415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 1415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-06-09 21:00 - 2015-06-09 21:01 - 88502272 __RSH (Kareo) C:\Users\Hira\AppData\Roaming\obhqajsqay.exe
2013-08-09 18:28 - 2013-08-09 18:28 - 0024333 _____ () C:\Users\Hira\AppData\Roaming\UserTile.png
2013-02-28 21:10 - 2013-02-28 21:10 - 0007605 _____ () C:\Users\Hira\AppData\Local\Resmon.ResmonCfg
2011-03-07 17:01 - 2010-11-20 17:17 - 91063680 ___SH () C:\ProgramData\msoeius.exe
2009-11-21 17:00 - 2009-11-21 17:00 - 0000112 _____ () C:\ProgramData\wrWin.ini
 
Files to move or delete:
====================
C:\ProgramData\msoeius.exe
 
 
Some files in TEMP:
====================
C:\Users\Hira\AppData\Local\Temp\cdo3000914085.dll
C:\Users\Hira\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7v997.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-27 00:05
 
==================== End of FRST.txt ============================

  • 0

#21
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Hira (2015-11-15 11:12:40)
Running from C:\Users\Hira\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-17 01:13:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2566174151-1872494669-349303958-500 - Administrator - Disabled)
Guest (S-1-5-21-2566174151-1872494669-349303958-501 - Limited - Enabled)
Hira (S-1-5-21-2566174151-1872494669-349303958-1011 - Administrator - Enabled) => C:\Users\Hira
HomeGroupUser$ (S-1-5-21-2566174151-1872494669-349303958-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.390 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{A4BC24CB-F8C7-27FB-41D5-47A405031A41}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{D952C4F9-2488-3723-84BE-1BFA907DCAC9}) (Version: 3.13.2.11592 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.17 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 4.5.3 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.5.3 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Driver Kit 7.1.0.7600 (HKLM-x32\...\KitSetup Registration {B4285279-1846-49B4-B8FD-B9EAF0FF17DA}:{68656B6B-555E-5459-5E5D-6363635E5F61}) (Version: 7.1.0.7600 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.0.0.07300 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.4.0.16010 - Sony Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.13270 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.0.07280 - Sony Corporation) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.16210 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.5.0.06261 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.13120 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.0.0.06120 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.01.06290 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.0.0.07010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.0.1.10190 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}) (Version: 3.0.0.14130 - Sony Corporation)
VAIO Movie Story 1.5 Upgrade (x32 Version: 1.5.01.05120 - Sony Corporation) Hidden
VAIO Original Function Settings (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.4.0.19040 - Sony Corporation)
VAIO Presentation Support (HKLM-x32\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 2.0.0.05270 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.1.2.4 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.1.2.4 - Sony Corporation) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.5.1.09220 - Sony Corporation)
VAIO Update Merge Module x64 (Version: 5.5.19220 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Driver Frameworks Update Packages (HKLM-x32\...\{42267A4D-9BDD-4B06-9FB7-2A7D7D5D6D6F}) (Version: 8.0.0.0 - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2566174151-1872494669-349303958-1011_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2015-11-14 21:21 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {249CAB1C-13D1-46C3-85B7-315466EBDB60} - System32\Tasks\{D56EC534-2865-4AA1-AFB1-DA90584DA4F4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe"
Task: {268AD680-DFBD-4813-8030-45178F71AC41} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update Common\ShellExeProxy.exe [2011-09-23] (Sony Corporation)
Task: {2995CE44-8E13-4F01-8630-B0733FA3190F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {30388A69-9473-4FD2-9190-4741CACD5077} - System32\Tasks\{D04A111B-93EA-48A9-B8B9-CCB893C32198} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {4A266FD7-38F5-4E2C-8215-F54CC7824E36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-29] (Avast Software s.r.o.)
Task: {67E16353-E118-425C-9C02-B42F73FAB02E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {7781FDAA-6E38-4394-B7F3-81FC43625AFD} - System32\Tasks\{343E75AD-D7F0-40D9-9028-C92B7BF89CF9} => pcalua.exe -a C:\Users\adnan-shaheen\Documents\Downloads\winsdk_web.exe -d C:\Users\adnan-shaheen\Documents\Downloads
Task: {9C922DD2-4C7D-4495-B17E-B7047A45DE69} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-10-20] (Sony Corporation)
Task: {9E9A99EB-6430-47D4-B9AA-1E0074FC2ACB} - System32\Tasks\{D31DC6BB-806B-4684-B162-2B7EBF81532A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio Team System 2008 Team Suite - ENU\setup.exe"
Task: {CFF3A7C7-1351-4344-944F-F23AF83E2F37} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2011-09-23] (Sony Corporation)
Task: {D412350C-8EF7-40EB-917E-B2F101A6212C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003UA => C:\Users\adnan-shaheen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D636A93F-D7D3-49D6-8D8E-89DEA9293CE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003Core => C:\Users\adnan-shaheen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E6687EE4-EB25-44B1-884F-3888430C61DB} - System32\Tasks\{441FE279-A2F4-43CB-833D-FCC5FB2AF4CF} => pcalua.exe -a "D:\Software\Office 2007\setup.exe" -d "D:\Software\Office 2007"
Task: {F0132B9E-59C4-4649-8B9F-E6F8562EF992} - System32\Tasks\{0CB662A4-7627-48E1-8869-7541A3096174} => C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe [2007-11-07] (Microsoft Corporation)
Task: {F4DF224B-B88E-4D6B-A723-D49055D79006} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {F50F60BF-2B20-4303-BF89-1E679C403CD0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {F5B119BE-BDE4-4B6A-A6B8-91BE83A40BB2} - System32\Tasks\SONY\Prepare Your VAIO\Prepare Your VAIO => C:\Program Files (x86)\Sony\Prepare Your VAIO\PYV.exe [2009-07-08] (Sony Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core.job => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA.job => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003Core.job => C:\Users\adnan-shaheen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003UA.job => C:\Users\adnan-shaheen\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-02-25 21:22 - 2008-06-20 01:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-25 15:05 - 2015-06-20 10:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-25 15:05 - 2015-06-20 10:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-29 01:42 - 2015-06-29 01:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-29 01:42 - 2015-06-29 01:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-29 01:42 - 2015-06-29 01:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-15 10:52 - 2015-11-15 10:52 - 00071168 _____ () c:\users\hira\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu7v997.dll
2015-11-09 23:23 - 2015-09-24 04:07 - 00012800 _____ () C:\Users\Hira\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 02:45 - 2015-09-24 04:07 - 00779776 _____ () C:\Users\Hira\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-09 23:23 - 2015-09-24 04:07 - 00056320 _____ () C:\Users\Hira\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-09 23:23 - 2015-09-24 04:07 - 00012288 _____ () C:\Users\Hira\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-11-15 10:50 - 2015-11-15 10:50 - 00098816 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32api.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00110080 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\pywintypes27.dll
2015-11-15 10:50 - 2015-11-15 10:50 - 00364544 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\pythoncom27.dll
2015-11-15 10:50 - 2015-11-15 10:50 - 00045568 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_socket.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 01161216 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_ssl.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00320512 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32com.shell.shell.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00713216 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_hashlib.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 01175040 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._core_.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00805888 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._gdi_.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00811008 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._windows_.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 01062400 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._controls_.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00735232 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._misc_.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00682496 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\pysqlite2._sqlite.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00087552 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_ctypes.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00119808 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32file.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00108544 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32security.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00007168 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\hashobjs_ext.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00026624 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\usb_ext.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00167936 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32gui.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00018432 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32event.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00128512 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_elementtree.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00127488 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\pyexpat.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00013824 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\common.time34.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00036864 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_psutil_windows.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00038912 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32inet.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00011264 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32crypt.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00070656 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._html2.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00027136 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_multiprocessing.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00020480 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\_yappi.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00035840 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32process.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00686080 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\unicodedata.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00122368 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._wizard.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00024064 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32pipe.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00010240 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\select.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00025600 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32pdh.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00525640 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\windows._lib_cacheinvalidation.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00017408 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32profile.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00022528 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\win32ts.pyd
2015-11-15 10:50 - 2015-11-15 10:50 - 00078336 _____ () C:\Users\Hira\AppData\Local\Temp\_MEI31682\wx._animate.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AdobeActiveFileMonitor7.0 => 3
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VAIO Entertainment TV Device Arbitration Service => 3
MSCONFIG\Services: VAIO Event Service => 3
MSCONFIG\Services: VAIO Power Management => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: Vcsw => 3
MSCONFIG\Services: VMAuthdService => 3
MSCONFIG\Services: VMUSBArbService => 3
MSCONFIG\Services: VMwareHostd => 3
MSCONFIG\Services: VUAgent => 3
MSCONFIG\startupfolder: C:^Users^adnan-shaheen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/15/2015 10:52:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (11/15/2015 10:39:04 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (11/14/2015 09:21:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Hira\Desktop\FRST64.exe; Description = Restore Point Created by FRST; Error = 0x80070422).
 
Error: (11/14/2015 08:36:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001e1ac
Faulting process id: 0x1bf8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (11/14/2015 08:32:39 PM) (Source: MsiInstaller) (EventID: 1021) (User: shaheen)
Description: Product: Google Update Helper - Update '{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (11/14/2015 08:32:38 PM) (Source: MsiInstaller) (EventID: 1021) (User: shaheen)
Description: Product: Google Update Helper - Update '{1CAD0644-2CF1-4EA6-B512-0F59D9EAB13C}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (11/06/2015 02:26:36 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: shaheen)
Description: HRESULT:0x8004FF0A
Description:Security Essentials is still installed on your computer.. Security Essentials was not removed from your computer. It will continue to monitor your computer and help protect it from potential threats. Error code:0x8004FF0A.
 
Error: (06/29/2015 01:34:26 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Hira\AppData\Local\Temp\_av_iup.tm~a01336\New\instup.exe  /cookie:prt_cnet042015 /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\Hira\AppData\Local\Temp\_av_iup.tm~a01336; Description = avast! antivirus system restore point; Error = 0x80070422).
 
Error: (06/28/2015 03:02:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000004
Faulting module name: libavcodec_plugin.dll, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x40000015
Fault offset: 0x007bfdb4
Faulting process id: 0x1690
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (06/27/2015 11:39:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
 
 
System errors:
=============
Error: (11/15/2015 10:53:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/15/2015 10:50:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (11/15/2015 10:50:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error: 
%%2
 
Error: (11/15/2015 10:49:53 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (11/15/2015 10:49:53 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (11/15/2015 10:49:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:49:02 AM on ‎11/‎15/‎2015 was unexpected.
 
Error: (11/15/2015 10:39:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/15/2015 10:36:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (11/15/2015 10:36:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHProtect Service service failed to start due to the following error: 
%%2
 
Error: (11/15/2015 10:36:35 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
 
CodeIntegrity:
===================================
  Date: 2011-02-08 00:05:13.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-07 22:38:32.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-03 13:58:01.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-03 13:46:25.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-02-03 13:21:20.928
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-30 20:33:42.735
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-30 20:16:26.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-30 20:11:13.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-21 21:31:37.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-01-20 23:32:13.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_57\midas64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 89%
Total physical RAM: 4063.03 MB
Available physical RAM: 427.31 MB
Total Virtual: 8124.26 MB
Available Virtual: 4484.19 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:286 GB) (Free:165.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 57909E49)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your computer has been in use as you have new infections that only appeared in the wild a week or so ago. MSES does not yet detect them

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\snPFEDNNTEgsMAB').CuXaTa)));
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\CurrentVersion\Windows: [Load] C:\ProgramData\msoeius.exe <===== ATTENTION
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk [2015-06-09]
ShortcutTarget: x.lnk -> C:\Users\Hira\AppData\Roaming\obhqajsqay.exe (Kareo)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaio-online.sony.com/
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fistart.webssearches.com%2F%3Ftype%3Dhp%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX&OSP=http%3A%2F%2Fistart.webssearches.com%2Fweb%2F%3Ftype%3Dds%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX%26q%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {14CFBBBB-B7F9-4772-914A-7E01770EBB15} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {F9CA08BA-76E6-413E-BB00-3BE479931E6A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX","hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX"
CHR Extension: (Cyx) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2015-06-25]
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 01415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 01415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 01415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 01415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 01415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 01415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 01415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-09 23:08 - 2015-11-09 23:08 - 01415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 01415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 01415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 01415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 01415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 01415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 01415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 01415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-06-09 21:00 - 2015-06-09 21:01 - 88502272 __RSH (Kareo) C:\Users\Hira\AppData\Roaming\obhqajsqay.exe
2011-03-07 17:01 - 2010-11-20 17:17 - 91063680 ___SH () C:\ProgramData\msoeius.exe
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
Task: {249CAB1C-13D1-46C3-85B7-315466EBDB60} - System32\Tasks\{D56EC534-2865-4AA1-AFB1-DA90584DA4F4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe"
Task: {4A266FD7-38F5-4E2C-8215-F54CC7824E36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-29] (Avast Software s.r.o.)
Task: {7781FDAA-6E38-4394-B7F3-81FC43625AFD} - System32\Tasks\{343E75AD-D7F0-40D9-9028-C92B7BF89CF9} => pcalua.exe -a C:\Users\adnan-shaheen\Documents\Downloads\winsdk_web.exe -d C:\Users\adnan-shaheen\Documents\Downloads
C:\Program Files (x86)\MiuiTab
DeleteKey: HKCU\Software\Classes\snPFEDNNTEgsMAB
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#23
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Hira (administrator) on SHAHEEN (15-11-2015 17:33:38)
Running from C:\Users\Hira\Desktop
Loaded Profiles: Hira (Available Profiles: Hira)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Hira\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dropbox, Inc.) C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-08-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [GoogleChromeAutoLaunch_573D951FA2441EB4B12B8D7E7B18CF80] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [Viber] => "C:\Users\Hira\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [Dropbox Update] => C:\Users\Hira\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-25] (Dropbox, Inc.)
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\snPFEDNNTEgsMAB').CuXaTa)));
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\CurrentVersion\Windows: [Load] C:\ProgramData\msoeius.exe <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-29] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hira\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-11-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Hira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk [2015-06-09]
ShortcutTarget: x.lnk -> C:\Users\Hira\AppData\Roaming\obhqajsqay.exe (Kareo)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{935F54B5-C66B-4435-84AE-D8395077531B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaio-online.sony.com/
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fistart.webssearches.com%2F%3Ftype%3Dhp%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX&OSP=http%3A%2F%2Fistart.webssearches.com%2Fweb%2F%3Ftype%3Dds%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {14CFBBBB-B7F9-4772-914A-7E01770EBB15} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {F9CA08BA-76E6-413E-BB00-3BE479931E6A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-29] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-02-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-29] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://67.228.0.220:801/vjocx-en-black.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll [2015-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-07-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-29] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX","hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Autumn) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\alibnodcalenogbpgdihbfccibcagloo [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (Avast Online Security) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-08]
CHR Extension: (Cyx) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2015-06-25]
CHR Extension: (Pixlr Touch Up) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-09]
CHR Extension: (Skype Click to Call) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-15]
CHR Extension: (Pocket) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-25]
CHR Extension: (Save to Pocket) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-08]
CHR Extension: (Picasa) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-10-19]
CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hira\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-10]
CHR HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-27] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-27] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-24] (Realtek Semiconductor)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [845312 2010-08-11] (Sony Corporation) [File not signed]
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-27] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345632 2009-08-05] (Intel Corporation) [File not signed]
S3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [139264 2009-08-05] (Intel® Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-08-01] (REDC)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-09-07] (Oracle Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-06-07] (ZTEMT Incorporated)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 17:32 - 2015-11-15 17:32 - 00012275 _____ C:\Users\Hira\Desktop\fixlist.txt
2015-11-15 11:12 - 2015-11-15 11:14 - 00043275 _____ C:\Users\Hira\Desktop\Addition.txt
2015-11-15 11:01 - 2015-11-15 17:33 - 00030774 _____ C:\Users\Hira\Desktop\FRST.txt
2015-11-15 10:59 - 2015-11-15 11:00 - 02198528 _____ (Farbar) C:\Users\Hira\Desktop\FRST64.exe
2015-11-15 10:40 - 2015-11-15 10:43 - 00000000 ____D C:\9aa90462ef807dd0c6b3c2
2015-11-14 20:58 - 2015-11-14 20:58 - 00002128 _____ C:\Users\Hira\Documents\dndyf.txt
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 01415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 01415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 01415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 01415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 01415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 01415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 01415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-13 00:21 - 2015-11-11 08:50 - 00302760 _____ C:\Users\Hira\Desktop\GPE THIRD yr LECture.pptm
2015-11-09 23:23 - 2015-11-09 23:23 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-09 23:08 - 2015-11-09 23:08 - 01415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 01415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 01415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 01415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 01415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 01415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 01415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 01415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-11-06 13:59 - 2015-11-06 14:01 - 00028824 _____ C:\Users\Hira\Desktop\GWXWebWindows.exe
2015-10-20 20:54 - 2015-11-14 19:58 - 00000000 ____D C:\Users\Hira\Desktop\pharma
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 17:33 - 2015-06-29 02:41 - 00000000 ____D C:\FRST
2015-11-15 17:33 - 2009-07-14 09:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 17:33 - 2009-07-14 09:45 - 00013664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 17:31 - 2014-04-27 15:39 - 00000000 ___RD C:\Users\Hira\Dropbox
2015-11-15 17:31 - 2014-04-14 19:50 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Dropbox
2015-11-15 17:28 - 2014-02-10 19:49 - 00000000 ___RD C:\Users\Hira\Google Drive
2015-11-15 17:27 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 17:26 - 2012-11-02 13:05 - 00148790 _____ C:\Windows\setupact.log
2015-11-15 11:19 - 2010-01-17 06:17 - 01784961 _____ C:\Windows\WindowsUpdate.log
2015-11-15 11:18 - 2015-06-25 15:00 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA.job
2015-11-15 11:08 - 2009-11-21 17:19 - 00840808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-15 11:08 - 2009-07-14 10:13 - 00840808 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-15 10:50 - 2011-07-19 17:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 10:42 - 2010-01-17 20:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003UA.job
2015-11-14 21:21 - 2013-07-30 23:05 - 00000000 ____D C:\Users\Hira\AppData\Local\CRE
2015-11-14 21:21 - 2010-06-27 19:54 - 00000000 ____D C:\Windows\SysWOW64\nagasoft
2015-11-14 20:50 - 2013-02-07 22:20 - 00000000 ____D C:\hira shaheen
2015-11-14 20:38 - 2011-07-19 17:06 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-14 20:38 - 2011-07-19 17:06 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-14 20:38 - 2011-07-19 17:06 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 20:01 - 2013-02-21 13:49 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ACCECB94-2A9C-4B25-AAC0-B51AAADF63D3}
2015-11-14 19:45 - 2013-02-07 18:38 - 00000000 ____D C:\Users\Hira\AppData\Roaming\Skype
2015-11-09 23:21 - 2015-06-25 15:00 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core.job
2015-11-09 23:10 - 2015-06-25 15:00 - 00003882 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011UA
2015-11-09 23:10 - 2015-06-25 15:00 - 00003486 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1011Core
2015-11-09 22:42 - 2010-01-17 20:04 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2566174151-1872494669-349303958-1003Core.job
2015-11-06 14:26 - 2011-03-07 23:56 - 00002127 _____ C:\Windows\epplauncher.mif
 
==================== Files in the root of some directories =======
 
2015-11-14 19:47 - 2015-11-14 19:47 - 1415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 1415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 1415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 1415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 1415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 1415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 1415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 1415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 1415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 1415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 1415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 1415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 1415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 1415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 1415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 1415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 1415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 1415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 1415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 1415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-09 23:08 - 2015-11-09 23:08 - 1415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 1415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 1415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 1415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 1415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 1415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 1415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 1415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 1415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 1415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-06-09 21:00 - 2015-06-09 21:01 - 88502272 __RSH (Kareo) C:\Users\Hira\AppData\Roaming\obhqajsqay.exe
2013-08-09 18:28 - 2013-08-09 18:28 - 0024333 _____ () C:\Users\Hira\AppData\Roaming\UserTile.png
2013-02-28 21:10 - 2013-02-28 21:10 - 0007605 _____ () C:\Users\Hira\AppData\Local\Resmon.ResmonCfg
2011-03-07 17:01 - 2010-11-20 17:17 - 91063680 ___SH () C:\ProgramData\msoeius.exe
2009-11-21 17:00 - 2009-11-21 17:00 - 0000112 _____ () C:\ProgramData\wrWin.ini
 
Files to move or delete:
====================
C:\ProgramData\msoeius.exe
 
 
Some files in TEMP:
====================
C:\Users\Hira\AppData\Local\Temp\cdo3000914085.dll
C:\Users\Hira\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprzqcmu.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-27 00:05
 
==================== End of FRST.txt ============================

  • 0

#24
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# AdwCleaner v5.021 - Logfile created 15/11/2015 at 18:17:18
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Hira - SHAHEEN
# Running from : C:\Users\Hira\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : IHProtect Service
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\WindowsMangerProtect
[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\Users\Hira\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Hira\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Hira\AppData\LocalLow\Softonic
[-] Folder Deleted : C:\Users\Hira\AppData\Roaming\337Games
[-] Folder Deleted : C:\Users\Hira\AppData\Roaming\BabSolution
[-] Folder Deleted : C:\Users\Hira\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
[-] Folder Deleted : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
[-] File Deleted : C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
[-] File Deleted : C:\Users\Hira\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Hira\Desktop\Chrome App Launcher.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pixlr Touch Up.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Hira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Chrome App Launcher.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\5b0d7d1b16deb49
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\BABSOLUTION
[-] Key Deleted : HKCU\Software\BI
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\DataMngr
[-] Key Deleted : HKCU\Software\DataMngr_Toolbar
[-] Key Deleted : HKCU\Software\Delta
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\SupHpUISoft
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\UpToDown
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\DataMngr
[-] Key Deleted : HKLM\SOFTWARE\Delta
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\supWPM
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\LuckyTab
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpeedBit
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{14CFBBBB-B7F9-4772-914A-7E01770EBB15}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F9CA08BA-76E6-413E-BB00-3BE479931E6A}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://search.delta-homes.com/webfavicon.ico
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cflheckfmhopnialghigdlggahiomebp
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fhidhffpdlhleocklmjbncdngoobjdli
[-] [C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12322 bytes] ##########

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You did not run the fixlist you ran a scan again..  Unless you run the fixlist then nothing will get removed

Download this fixlist to your desktop
Attached File  fixlist.txt   11.99KB   142 downloads
Start FRST and press FIX only
On completion the system will reboot and a log will be generated, please post that log
  • 0

Advertisements


#26
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Hira (2015-11-15 18:32:45) Run:2
Running from C:\Users\Hira\Desktop
Loaded Profiles: Hira (Available Profiles: Hira)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\Run: [{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\snPFEDNNTEgsMAB').CuXaTa)));
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\...\CurrentVersion\Windows: [Load] C:\ProgramData\msoeius.exe <===== ATTENTION
Startup: C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk [2015-06-09]
ShortcutTarget: x.lnk -> C:\Users\Hira\AppData\Roaming\obhqajsqay.exe (Kareo)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaio-online.sony.com/
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX&q={searchTerms}
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fistart.webssearches.com%2F%3Ftype%3Dhp%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX&OSP=http%3A%2F%2Fistart.webssearches.com%2Fweb%2F%3Ftype%3Dds%26ts%3D1414855629%26from%3Dexp%26uid%3DHitachiXHTS545032B9SA00%5F091109PBP308Q6DMYK7MX%26q%3D%7BsearchTerms%7D
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {14CFBBBB-B7F9-4772-914A-7E01770EBB15} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2566174151-1872494669-349303958-1011 -> {F9CA08BA-76E6-413E-BB00-3BE479931E6A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
CHR HomePage: Default -> hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06982A8158EB0C65&affID=119776&tsp=4959
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1414855629&from=exp&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX","hxxp://www.delta-homes.com/?type=hp&ts=1434014202&z=c18e24f8188698070b8c784gez1cazbedg4zfo8eag&from=ient06110&uid=HitachiXHTS545032B9SA00_091109PBP308Q6DMYK7MX"
CHR Extension: (Cyx) - C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2015-06-25]
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\KOX64DMK.exe
2015-11-14 19:55 - 2015-11-14 19:55 - 01415680 _____ (wj32) C:\Program Files\7GPYW5EI.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\V42B9756.exe
2015-11-14 19:48 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\KZ8HFOXC.exe
2015-11-14 19:47 - 2015-11-14 19:48 - 01415680 _____ (wj32) C:\Program Files\GPY75ENR.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\IGPYW5EI.exe
2015-11-14 19:47 - 2015-11-14 19:47 - 01415680 _____ (wj32) C:\Program Files\09IRPY7M.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\KJC5YRK0.exe
2015-11-14 19:46 - 2015-11-14 19:46 - 01415680 _____ (wj32) C:\Program Files\DMKT2BKO.exe
2015-11-14 19:45 - 2015-11-14 19:45 - 01415680 _____ (wj32) C:\Program Files\CAJSKZ8N.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 01415680 _____ (wj32) C:\Program Files\VOHA3W0G.exe
2015-11-14 19:40 - 2015-11-14 19:40 - 01415680 _____ (wj32) C:\Program Files\S1Z8HKZ3.exe
2015-11-14 19:39 - 2015-11-14 19:39 - 01415680 _____ (wj32) C:\Program Files\9IR0Y7X1.exe
2015-11-14 19:38 - 2015-11-14 19:38 - 01415680 _____ (wj32) C:\Program Files\5HIJKWXI.exe
2015-11-14 19:35 - 2015-11-14 19:35 - 01415680 _____ (wj32) C:\Program Files\US1A8648.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\US1A8HKU.exe
2015-11-14 19:33 - 2015-11-14 19:33 - 01415680 _____ (wj32) C:\Program Files\789LMNO9.exe
2015-11-14 19:32 - 2015-11-14 19:32 - 01415680 _____ (wj32) C:\Program Files\IB4X4MO7.exe
2015-11-14 19:22 - 2015-11-14 19:22 - 01415680 _____ (wj32) C:\Program Files\MF81UNGT.exe
2015-11-09 23:08 - 2015-11-09 23:08 - 01415680 _____ (wj32) C:\Program Files\NLU31AJN.exe
2015-11-08 23:33 - 2015-11-08 23:33 - 01415680 _____ (wj32) C:\Program Files\1UNG92V8.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\PY7GENWB.exe
2015-11-08 23:32 - 2015-11-08 23:32 - 01415680 _____ (wj32) C:\Program Files\A3W0TMFS.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\D6Z3WPIY.exe
2015-11-08 23:31 - 2015-11-08 23:31 - 01415680 _____ (wj32) C:\Program Files\4XKJC5YB.exe
2015-11-08 23:30 - 2015-11-08 23:30 - 01415680 _____ (wj32) C:\Program Files\V4DMKTJN.exe
2015-11-08 23:29 - 2015-11-08 23:29 - 01415680 _____ (wj32) C:\Program Files\JHKZ86F8.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\NW53CLUY.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\KT2B9IXF.exe
2015-11-08 23:28 - 2015-11-08 23:28 - 01415680 _____ (wj32) C:\Program Files\81UNG927.exe
2015-11-08 23:27 - 2015-11-08 23:27 - 01415680 _____ (wj32) C:\Program Files\KJC5YRKX.exe
2015-11-08 23:24 - 2015-11-08 23:24 - 01415680 _____ (wj32) C:\Program Files\Z8HFOM9D.exe
2015-11-08 23:20 - 2015-11-08 23:20 - 01415680 _____ (wj32) C:\Program Files\DBKTR09D.exe
2015-11-08 23:09 - 2015-11-08 23:09 - 01415680 _____ (wj32) C:\Program Files\53CLJS15.exe
2015-06-09 21:00 - 2015-06-09 21:01 - 88502272 __RSH (Kareo) C:\Users\Hira\AppData\Roaming\obhqajsqay.exe
2011-03-07 17:01 - 2010-11-20 17:17 - 91063680 ___SH () C:\ProgramData\msoeius.exe
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-29] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-29] ()
Task: {249CAB1C-13D1-46C3-85B7-315466EBDB60} - System32\Tasks\{D56EC534-2865-4AA1-AFB1-DA90584DA4F4} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Common Files\microsoft shared\Help 9\dexplore.exe"
Task: {4A266FD7-38F5-4E2C-8215-F54CC7824E36} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-29] (Avast Software s.r.o.)
Task: {7781FDAA-6E38-4394-B7F3-81FC43625AFD} - System32\Tasks\{343E75AD-D7F0-40D9-9028-C92B7BF89CF9} => pcalua.exe -a C:\Users\adnan-shaheen\Documents\Downloads\winsdk_web.exe -d C:\Users\adnan-shaheen\Documents\Downloads
C:\Program Files (x86)\MiuiTab
DeleteKey: HKCU\Software\Classes\snPFEDNNTEgsMAB
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Windows\CurrentVersion\Run\\{CA453AEA-5AC6-4EA3-A6EA-919FABDCC212} => value removed successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully
C:\Users\Hira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.lnk => moved successfully
C:\Users\Hira\AppData\Roaming\obhqajsqay.exe => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14CFBBBB-B7F9-4772-914A-7E01770EBB15} => key not found. 
HKCR\CLSID\{14CFBBBB-B7F9-4772-914A-7E01770EBB15} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. 
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. 
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. 
HKU\S-1-5-21-2566174151-1872494669-349303958-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9CA08BA-76E6-413E-BB00-3BE479931E6A} => key not found. 
HKCR\CLSID\{F9CA08BA-76E6-413E-BB00-3BE479931E6A} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Hira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj => moved successfully
IHProtect Service => service not found.
C:\Program Files\KOX64DMK.exe => moved successfully
C:\Program Files\7GPYW5EI.exe => moved successfully
C:\Program Files\V42B9756.exe => moved successfully
C:\Program Files\KZ8HFOXC.exe => moved successfully
C:\Program Files\GPY75ENR.exe => moved successfully
C:\Program Files\IGPYW5EI.exe => moved successfully
C:\Program Files\09IRPY7M.exe => moved successfully
C:\Program Files\KJC5YRK0.exe => moved successfully
C:\Program Files\DMKT2BKO.exe => moved successfully
C:\Program Files\CAJSKZ8N.exe => moved successfully
C:\Program Files\VOHA3W0G.exe => moved successfully
C:\Program Files\S1Z8HKZ3.exe => moved successfully
C:\Program Files\9IR0Y7X1.exe => moved successfully
C:\Program Files\5HIJKWXI.exe => moved successfully
C:\Program Files\US1A8648.exe => moved successfully
C:\Program Files\US1A8HKU.exe => moved successfully
C:\Program Files\789LMNO9.exe => moved successfully
C:\Program Files\IB4X4MO7.exe => moved successfully
C:\Program Files\MF81UNGT.exe => moved successfully
C:\Program Files\NLU31AJN.exe => moved successfully
C:\Program Files\1UNG92V8.exe => moved successfully
C:\Program Files\PY7GENWB.exe => moved successfully
C:\Program Files\A3W0TMFS.exe => moved successfully
C:\Program Files\D6Z3WPIY.exe => moved successfully
C:\Program Files\4XKJC5YB.exe => moved successfully
C:\Program Files\V4DMKTJN.exe => moved successfully
C:\Program Files\JHKZ86F8.exe => moved successfully
C:\Program Files\NW53CLUY.exe => moved successfully
C:\Program Files\KT2B9IXF.exe => moved successfully
C:\Program Files\81UNG927.exe => moved successfully
C:\Program Files\KJC5YRKX.exe => moved successfully
C:\Program Files\Z8HFOM9D.exe => moved successfully
C:\Program Files\DBKTR09D.exe => moved successfully
C:\Program Files\53CLJS15.exe => moved successfully
"C:\Users\Hira\AppData\Roaming\obhqajsqay.exe" => not found.
Could not move "C:\ProgramData\msoeius.exe" => Scheduled to move on reboot.
aswHwid => Service stopped successfully.
aswHwid => service could not remove
                                                                                                                                                          
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-15 18:39:45)
 
==> ATTENTION: System is not rebooted.
C:\ProgramData\msoeius.exe => Is moved successfully
 
==== End of Fixlog 18:39:45 ====

  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did the computer reboot ?

How is the system behaving now ?
  • 0

#28
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

after I fixed it, it didn't reboot. the system appears to have improved slightly.


  • 0

#29
hs347

hs347

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

should I try to run the microsoft security essentials?


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes, if you have not rebooted then do so first
  • 0






Similar Topics


Also tagged with one or more of these keywords: antivirus

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP